Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Alert Popup ' You Have A Security Problem'


  • This topic is locked This topic is locked
12 replies to this topic

#1 Sca

Sca

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 17 September 2008 - 12:35 PM

Please Help -

I am getting the message ' you have a security alert'.

I have run Malwarebytes Anti Malware. Please see the HijackThis log belowa

Thanks in advance.

Regards,

sca

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:01:56 PM, on 9/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\MCUPDATE.EXE
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\HP Software Update\HPWuSchd2.exe
D:\HP UT\bin\hppusg.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\{759C1C2F-D455-4AE7-9B8D-236069EAD05A}\{80CD64AA-7406-4508-BFDF-2DFE7F1F8EF0}\AutoConnect.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\video88.cfg.exe
C:\PROGRA~1\PROVID~1\LIVESU~1\PROVID~1.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c.exe
D:\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
D:\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mayfairprojects.com/MIG-Intranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mayfairprojects.com/MIG-Intranet/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: mxlivemedia browser enhancer - {fe85ff3e-12c0-2aac-1572-bd2f3120e105} - C:\WINDOWS\system32\ygdugrvtkygs.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ACT_APL] "C:\Program Files\ACT\ACT for Windows\ACT_APL.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPUsageTracking] "D:\HP UT\bin\hppusg.exe" "D:\HP UT\"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AutoConnect] "C:\Documents and Settings\Administrator\Local Settings\Temp\{759C1C2F-D455-4AE7-9B8D-236069EAD05A}\{80CD64AA-7406-4508-BFDF-2DFE7F1F8EF0}\AutoConnect.exe" BCMALL
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [bwovwqpvjijoa] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\ygdugrvtkygs.dll" EntryPoint
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ProvideSupportOperatorConsole[default]] "C:\PROGRA~1\PROVID~1\LIVESU~1\PROVID~1.EXE" /profile default
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\video88.cfg.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/stream.ocx
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = workgroup
O17 - HKLM\Software\..\Telephony: DomainName = workgroup
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = workgroup
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = workgroup
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9873 bytes

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 AM

Posted 17 September 2008 - 05:24 PM

Hello Sca. I am PropagandaPanda (Panda or PP for short) and I will be helping you with your log.

I am still in training, so my responses to you must be checked by a coach.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of a few guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it may not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
First of all, please run this tool. It will give us a more in depth look at the state of your machine.
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Leave the File Age at 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
With Regards,
The Panda

#3 Sca

Sca
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 18 September 2008 - 07:09 AM

I have done as suggested. Please see the logs below.

Regards,

sca

OTViewIt logfile created on: 9/18/2008 1:03:40 PM - Run 2
OTViewIt by OldTimer - Version 1.0.5.0 Folder = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SPZO62YD
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.33 Mb Total Physical Memory | 343.40 Mb Available Physical Memory | 44.81% Memory free
1.83 Gb Paging File | 0.67 Gb Available in Paging File | 36.49% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 5.69 Gb Free Space | 38.87% Space Free | Partition Type: NTFS
Drive D: | 22.61 Gb Total Space | 14.33 Gb Free Space | 63.38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SATBIR
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
Files within: 30 Days

========== Processes - Non-Microsoft Only ==========

[12/11/2004 21:28:42 | 00,065,536 | ---- | M] () -- C:\WINDOWS\system32\wltrysvc.exe
[09/17/2008 19:00:08 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[09/17/2008 13:21:11 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[09/17/2008 13:21:27 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[05/26/2005 10:54:12 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\{759C1C2F-D455-4AE7-9B8D-236069EAD05A}\{80CD64AA-7406-4508-BFDF-2DFE7F1F8EF0}\AutoConnect.exe
[09/17/2008 13:21:21 | 01,235,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[09/24/2007 12:31:57 | 00,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
[09/18/2008 10:06:38 | 00,424,448 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SPZO62YD\OTViewIt[1].exe

========== (O23) Win32 Services - Non-Microsoft Only ==========

[09/17/2008 19:00:08 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[09/17/2008 13:21:11 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[12/11/2004 21:28:42 | 00,065,536 | ---- | M] () -- C:\WINDOWS\system32\wltrysvc.exe -- (wltrysvc [Auto | Running])

========== Driver Services - Non-Microsoft Only ==========

[09/17/2008 13:21:46 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[09/17/2008 13:21:45 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])


========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.google.co.uk
"Start Page"=http://www.mayfairprojects.com/MIG-Intranet/

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.co.uk
"Start Page"=http://www.mayfairprojects.com/MIG-Intranet/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"AutoSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.co.uk
"Start Page"=http://www.mayfairprojects.com/MIG-Intranet/

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Search]
"AutoSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{fe85ff3e-12c0-2aac-1572-bd2f3120e105} (HKLM) -- C:\WINDOWS\system32\ygdugrvtkygs.dll ( )

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"AutoConnect"="C:\Documents and Settings\Administrator\Local Settings\Temp\{759C1C2F-D455-4AE7-9B8D-236069EAD05A}\{80CD64AA-7406-4508-BFDF-2DFE7F1F8EF0}\AutoConnect.exe" BCMALL ()
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"bwovwqpvjijoa"=C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\ygdugrvtkygs.dll" EntryPoint ( )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Somefox"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\video88.cfg.exe File not found

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Somefox"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\video88.cfg.exe File not found

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}: http://dl.tvunetworks.com/TVUAx.cab -- CTVUAxCtrl Object
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab -- Java Plug-in 1.6.0_03
{A903E5AB-C67E-40FB-94F1-E1305982F6E0}: http://www.ooxtv.com/stream.ocx -- KooPlayer Control
{C5E28B9D-0A68-4B50-94E9-E8F6B4697514}: http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab -- NsvPlayX Control
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{552D6C19-0365-4A4D-B8AF-72CB33BC15A2} (Servers: | Description: Belkin 802.11g Network Adapter)
{8B7D099A-6D08-456A-89EA-29CEEDAB76EB} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[09/24/2007 10:55:26 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]



========== Files/Folders - Created Within 30 days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[08/31/2008 16:03:02 | 00,048,396 | ---- | C] () -- C:\WINDOWS\UninstVeetleTVPlayer.exe
[09/04/2008 15:46:29 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Business Models.xls
[09/11/2008 10:58:48 | 00,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\ygdugrvtkygs.dll
[09/15/2008 10:19:38 | 25,740,144 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\wmp11-windowsxp-x86-enu.exe
[09/15/2008 10:23:00 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[09/15/2008 10:25:21 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[09/15/2008 10:25:48 | 00,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[09/16/2008 11:16:57 | 00,134,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Birmingham to Bombay.doc
[09/17/2008 13:21:35 | 00,111,420 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[09/17/2008 13:21:35 | 00,211,986 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[09/17/2008 13:21:35 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[09/17/2008 13:21:35 | 27,406,678 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[09/17/2008 13:21:44 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[09/17/2008 13:21:46 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[09/17/2008 13:22:01 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[09/17/2008 15:00:24 | 00,071,826 | ---- | C] () -- C:\WINDOWS\System32\cpehrjgdoebzvpnb.exe
[09/17/2008 16:08:40 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\XoftSpySE.lnk
[09/17/2008 16:08:42 | 00,000,378 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE.job
[09/17/2008 16:08:44 | 00,000,464 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[09/17/2008 16:16:25 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[09/17/2008 16:16:26 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[09/17/2008 16:16:26 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[09/17/2008 17:55:28 | 00,185,065 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FixPolicies.exe
[09/17/2008 18:00:33 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[09/17/2008 18:00:58 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[09/17/2008 18:59:24 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[09/17/2008 18:59:25 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[09/18/2008 03:15:05 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

========== Files - Modified Within 30 days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[08/20/2008 19:06:39 | 00,073,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AvisBookingConfirmation.doc
[08/26/2008 13:28:14 | 16,208,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[08/31/2008 16:03:02 | 00,048,396 | ---- | M] () -- C:\WINDOWS\UninstVeetleTVPlayer.exe
[09/02/2008 14:16:33 | 00,001,734 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[09/02/2008 15:02:16 | 00,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ScheduledItems
[09/04/2008 15:46:31 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Business Models.xls
[09/10/2008 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[09/10/2008 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[09/11/2008 10:58:48 | 00,167,936 | ---- | M] ( ) -- C:\WINDOWS\System32\ygdugrvtkygs.dll
[09/15/2008 10:19:41 | 25,740,144 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\wmp11-windowsxp-x86-enu.exe
[09/15/2008 10:20:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[09/15/2008 10:23:00 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[09/15/2008 10:25:23 | 00,000,602 | ---- | M] () -- C:\WINDOWS\win.ini
[09/15/2008 10:29:05 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[09/15/2008 10:29:05 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[09/16/2008 08:55:48 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[09/16/2008 11:16:58 | 00,134,144 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Birmingham to Bombay.doc
[09/16/2008 23:15:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[09/17/2008 13:21:35 | 00,211,986 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[09/17/2008 13:21:35 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[09/17/2008 13:21:45 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[09/17/2008 13:21:46 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[09/17/2008 13:22:01 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[09/17/2008 13:26:01 | 00,111,420 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[09/17/2008 15:00:24 | 00,071,826 | ---- | M] () -- C:\WINDOWS\System32\cpehrjgdoebzvpnb.exe
[09/17/2008 16:08:40 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\XoftSpySE.lnk
[09/17/2008 16:08:44 | 00,000,378 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[09/17/2008 16:16:26 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[09/17/2008 17:10:29 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[09/17/2008 17:55:32 | 00,185,065 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FixPolicies.exe
[09/17/2008 18:00:39 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[09/17/2008 18:00:59 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[09/17/2008 18:59:24 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[09/17/2008 18:59:25 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[09/18/2008 03:15:13 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[09/18/2008 08:33:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[09/18/2008 08:33:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[09/18/2008 09:32:30 | 00,000,464 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[09/18/2008 12:35:22 | 27,406,678 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

< End of report >


OTViewIt Extras logfile created on: 9/18/2008 10:43:15 AM - Run Administrator
OTViewIt by OldTimer - Version 1.0.5.0 Folder = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SPZO62YD
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.33 Mb Total Physical Memory | 261.03 Mb Available Physical Memory | 34.06% Memory free
1.83 Gb Paging File | 0.72 Gb Available in Paging File | 39.52% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 5.71 Gb Free Space | 38.97% Space Free | Partition Type: NTFS
Drive D: | 22.61 Gb Total Space | 14.33 Gb Free Space | 63.38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SATBIR
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
Files within: 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- F:\Server-Backup\Software\Hp2820\setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in
[09/24/2007 12:31:57 | 00,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw
File not found -- C:\Documents and Settings\Administrator\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
File not found -- C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
File not found -- C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate
File not found -- C:\Program Files\PPMate\ppamnet.exe:*:Enabled:PPMate
[09/17/2008 13:21:20 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[09/17/2008 13:21:33 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])
msdaipp: [HKLM - No CLSID value]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}"=Security Update for CAPICOM (KB931906)
"{1030DCDC-2425-407d-BEE1-13558B837FCA}"=HP Color LaserJet 2820/2830/2840 2.0
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}"=InstantShare
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}"=TrayApp
"{2154375F-A35D-4CB5-A996-3466251F6B3B}"=hpp2800usg
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk"=Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}"=Unload
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{341E9A67-9E45-4CAE-9AAC-49AD3EBACA41}"=ACT!
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{52504CE6-E909-4113-B232-4AFEC6543A61}"=Broadcom 440x 10/100 Integrated Controller
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}"=CP_PLSBusinessFlyers
"{59073DF9-3D3D-4FFC-AF41-C2C268A1A31E}"=hppTooCool
"{5B09BD67-4C99-46A1-8161-B7208CE18121}"=QuickTime
"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}"=McAfee VirusScan Enterprise
"{606E5C0D-6039-42A7-988E-9D51DE773AFF}"=hppFonts
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}"=CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}"=PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}"=HP Software Update
"{688EC50D-0155-4490-8DBF-686CD3B2893F}"=hppScanTo
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}"=Destinations
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}"=BufferChm
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74E5E862-F1FF-412B-B824-9582ED7DE84A}"=hppSendFax
"{7959721D-8268-4565-9E0E-C41A9F4848A9}"=SigmaTel AC97 Audio Drivers
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}"=HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7D7F2CB5-F9A4-4E86-853D-1BADD936DDAD}"=hppscan2800
"{8043D1B8-81AE-4597-AAA8-1E1F49D6E4DF}"=hppManuals2800
"{80CD64AA-7406-4508-BFDF-2DFE7F1F8EF0}"=Belkin Wireless Utility
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}"=SkinsHP1
"{851D5410-0851-46F0-8836-74E0D8D20196}"=hppDustDevil
"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8B2EF64A-1D1F-4AD8-91BF-7B5F1BC36E00}"=hppFaxDrv
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}"=DocProc
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{1AFF2298-CC00-4A3B-866A-C62B8373794E}"=Security Update for 2007 Microsoft Office System (KB951596)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{4AD3A076-427C-491F-A5B7-7D1DE788A756}"=Update for Microsoft Office Outlook 2007 (KB952142)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{558B709B-821B-4FC5-90FC-9A8890641E77}"=Security Update for Microsoft Office PowerPoint 2007 (KB951338)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5F7F6FFF-395D-480E-8450-64F385D82C5F}"=Security Update for Microsoft Office system 2007 (KB954326)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6BAD036C-261F-4BEF-96CF-C20678D07A41}"=Security Update for Visio 2007 (KB947590)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7399DD71-8E24-4E60-B6A8-6CED89C0AC26}"=Security Update for Microsoft Office Excel 2007 (KB951546)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{797AE457-BA17-4BBC-B501-25FB3A0103C7}"=Security Update for 2007 Microsoft Office System (KB951944)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8F375E11-4FD6-4B89-9E2B-A76D48B51E00}"=Security Update for Microsoft Office system 2007 (KB951808)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{96CC215F-3F22-4E1E-A101-F0041934A456}"=Update for Outlook 2007 Junk Email Filter (kb956080)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A420F522-7395-4872-9882-C591B4B92278}"=Update for Office 2007 (KB946691)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{AD72BABE-C733-4FCF-9674-4314466191B9}"=Security Update for Microsoft Office Word 2007 (KB950113)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F1B2401C-B610-4BF2-AA1C-52C55827A8F4}"=Security Update for Microsoft Office OneNote 2007 (KB950130)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}"=Security Update for Microsoft Office Publisher 2007 (KB950114)
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}"=Google Earth
"{A28F43DA-258F-42EC-9C95-E6C9A7475670}"=hppIOFiles
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A00000000001}"=Adobe Reader 6.0.1
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{B911B811-BA3E-46D4-90F8-6F3338359651}"=Director
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}"=MarketResearch
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}"=MSXML 4.0 SP2 (KB936181)
"{C3E6DC57-473A-4424-9617-AF60BA8403C3}"=hppCLJ2800
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}"=WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}"=DocumentViewer
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}"=BBC iPlayer Download Manager
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}"=Dell ResourceCD
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}"=Scan
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AVG8Uninstall"=AVG Free 8.0
"BBC iPlayer Download Manager"=BBC iPlayer Download Manager
"BCM V.92 56K Modem"=BCM V.92 56K Modem
"CCleaner"=CCleaner (remove only)
"cpehrjgdoebzvpnb"=Browser Extension Tool Mxlivemedia
"ENTERPRISE"=Microsoft Office Enterprise 2007
"HijackThis"=HijackThis 2.0.2
"HP Photo & Imaging"=HP Image Zone 4.7
"HPExtendedCapabilities"=HP Extended Capabilities 4.7
"InstallShield_{341E9A67-9E45-4CAE-9AAC-49AD3EBACA41}"=ACT! 2006
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}"=Broadcom 440x 10/100 Integrated Controller
"KB893803v2"=Windows Installer 3.1 (KB893803)
"KB911564"=Security Update for Windows Media Player (KB911564)
"KB925398_WMP64"=Security Update for Windows Media Player 6.4 (KB925398)
"KB929399"=Hotfix for Windows Media Format 11 SDK (KB929399)
"KB931906"=Security Update for CAPICOM (KB931906)
"KB936782_WMP11"=Security Update for Windows Media Player 11 (KB936782)
"KB936782_WMP9"=Security Update for Windows Media Player 9 (KB936782)
"KB939683"=Hotfix for Windows Media Player 11 (KB939683)
"KB954154_WM11"=Security Update for Windows Media Player 11 (KB954154)
"Live Support Chat for Web Site_is1"=Live Support Chat for Web Site 4.3.0
"M928366"=Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"RealAlt_is1"=Real Alternative 1.7.5
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SopCast"=SopCast 2.0.4
"TV Player"=Veetle TV Player 0.9.6
"TVAnts 1.0"=TVAnts 1.0
"Veetle TV Player"=Veetle TV Player 0.9.6
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XoftSpySE"=XoftSpySE

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antispyware PRO XP 3.1"=Antispyware PRO XP

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antispyware PRO XP 3.1"=Antispyware PRO XP

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/2/2008 4:48:26 PM | Computer Name = SATBIR | Source = Application Error | ID = 1000
Description = Faulting application sopcast.exe, version 3.0.0.301, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/2/2008 4:49:00 PM | Computer Name = SATBIR | Source = Application Error | ID = 1000
Description = Faulting application sopcast.exe, version 3.0.0.301, faulting module
sopocx.ocx, version 3.0.0.301, fault address 0x000603bb.

Error - 4/2/2008 4:49:24 PM | Computer Name = SATBIR | Source = Application Error | ID = 1000
Description = Faulting application sopcast.exe, version 3.0.0.301, faulting module
sopocx.ocx, version 3.0.0.301, fault address 0x000603bb.

Error - 4/2/2008 4:52:32 PM | Computer Name = SATBIR | Source = Application Error | ID = 1000
Description = Faulting application sopcast.exe, version 3.0.0.301, faulting module
sopocx.ocx, version 3.0.0.301, fault address 0x000603bb.

Error - 4/2/2008 4:58:20 PM | Computer Name = SATBIR | Source = Application Error | ID = 1000
Description = Faulting application sopcast.exe, version 3.0.0.301, faulting module
sopocx.ocx, version 3.0.0.301, fault address 0x000603bb.

Error - 4/4/2008 8:06:14 AM | Computer Name = SATBIR | Source = Application Hang | ID = 1002
Description = Hanging application SopCast.exe, version 2.0.4.1126, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/13/2008 3:29:15 PM | Computer Name = SATBIR | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

Error - 4/14/2008 8:47:14 AM | Computer Name = SATBIR | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/23/2008 5:36:19 AM | Computer Name = SATBIR | Source = ESENT | ID = 489
Description = wuauclt (5660) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 4/23/2008 5:36:19 AM | Computer Name = SATBIR | Source = ESENT | ID = 455
Description = wuaueng.dll (5660) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ OSession Events ]
Error - 11/6/2007 3:44:48 AM | Computer Name = SATBIR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/22/2007 3:58:57 AM | Computer Name = SATBIR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 318
seconds with 120 seconds of active time. This session ended with a crash.

Error - 12/7/2007 1:11:41 AM | Computer Name = SATBIR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/18/2008 5:41:24 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/18/2008 5:41:26 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/18/2008 5:42:01 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/18/2008 5:42:03 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/18/2008 5:42:38 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/18/2008 5:42:40 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/18/2008 5:43:15 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/18/2008 5:43:17 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/18/2008 5:43:52 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/18/2008 5:43:54 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.


< End of report >

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 AM

Posted 19 September 2008 - 07:19 AM

Hello Sca. Sorry for the delay.

Install Recovery Console and Run ComboFix
Download Combofix from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System.

Posted Image
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Download the file and save it as it's originally named onto your desktop.
  • Close any open windows, including this one.
  • Drag the setup package onto ComboFix.exe and drop it.


    Posted Image
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click Yes to run the full ComboFix scan.

    Posted Image
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.




With Regards,
The Panda

#5 Sca

Sca
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 22 September 2008 - 05:54 AM

Hi PP,

Followed instructions as suggested. Please review log below.

ComboFix 08-09-20.05 - Administrator 2008-09-22 11:45:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.307 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\Guest\Application Data\Zango
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\1384391.sdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\1401982.sdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\1417751.sdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\151198.sdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\1535148.sdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\2291939.sdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\3730773.sdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\3893642.sdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\499863.sdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\600583.sdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\730457.sdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\819382.sdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000030581
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000046217
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000046991
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000047768
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000048356
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\10685
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\11082
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\11637
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\11997
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\12459
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13035
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13608
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\143044
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1458
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\146457
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15040
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\159328
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17025
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17040
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17656
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\180320
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18093
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\187147
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18906
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\193409
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19476
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\195461
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\198406
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\199345
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\2020
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\2021
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\223385
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22353
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\224717
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23022
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\233027
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\233034
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\237467
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\243256
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\24337
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\2478
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\251438
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\252276
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25466
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25708
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25869
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\260786
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26479
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26656
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27503
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\276864
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\281430
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\28316
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29509
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29536
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29547
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\307169
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\31262
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\31409
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32122
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32242
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32634
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32681
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32722
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32980
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33137
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33233
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\341124
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34123
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34186
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34326
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34374
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34530
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35006
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36079
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36313
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36834
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\38333
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\389560
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\398331
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\400701
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\40726
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41020
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41215
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41364
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41980
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41999
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\420256
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\422123
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\422154
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\427148
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\432053
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43384
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43719
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43803
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43979
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44228
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44271
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44911
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\45437
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\45495
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\455392
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\455563
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\455743
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\45642
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\459089
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\460010
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\471072
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\482360
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\487974
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\489917
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\507892
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51194
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\515123
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51666
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51824
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51931
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\519576
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\525034
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\527732
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\532492
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\53595
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\53883
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\539329
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\539565
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\54189
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\547568
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\552212
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\55725
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\55778
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\569859
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\579123
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\57942
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\57977
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\583049
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\585345
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\590941
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59844
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61779
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61837
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\625325
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6280
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6292
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\63036
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6368
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64412
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64495
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\650494
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\653431
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6558
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\65770
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6658
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67220
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67226
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67469
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\69263
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70449
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70773
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\715774
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72123
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72477
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73282
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\734071
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73514
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\737665
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\738022
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\738317
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\74033
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\743543
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\74398
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744382
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744608
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744869
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744935
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744998
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745088
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745170
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745202
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745328
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745428
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745733
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745992
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\747635
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748079
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748176
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748444
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748499
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748891
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\74926
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\749467
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\750893
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\751890
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\752499
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\752626
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753317
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753335
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753356
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753371
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\77468
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\77494
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79246
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79432
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79819
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\80163
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81093
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81830
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82292
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82667
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\83548
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\83706
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\84876
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85365
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85381
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85645
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\86266
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\86460
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87215
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87579
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87770
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\896
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90008
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90283
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90389
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90819
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93110
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93535
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93659
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93899
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93921
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\94430
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\94469
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95716
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95798
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95917
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\98060
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\98250
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\ustat\3712.dat
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\ustat\3713.dat
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\avatar.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\components.cdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\cursors.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\default.cdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\editblbuttons.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\icons2.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\progress.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\sdfmodifier.xml
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\avatar.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\btntrans.idx
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\btntrans1.dat
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\components.cdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\cursors.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\d_icons_weather.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\default.cdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_Mails.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\editblbuttons.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\icons2.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\ie_video.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\keywords.idx
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\layout.cdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\linkpathlegal.txt
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\progress.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\sdfmodifier.xml
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\top7.cdf
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\zango_btn.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.idx
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
C:\Documents and Settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip

.
((((((((((((((((((((((((( Files Created from 2008-08-22 to 2008-09-22 )))))))))))))))))))))))))))))))
.

2008-09-18 03:15 . 2008-09-18 03:15 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-09-17 18:59 . 2008-09-17 18:59 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-17 18:59 . 2008-09-17 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-17 18:57 . 2008-09-17 18:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-17 18:00 . 2008-09-17 18:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-17 16:16 . 2008-09-17 16:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-17 16:16 . 2008-09-17 16:16 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-09-17 16:16 . 2008-09-17 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-17 16:16 . 2008-09-17 16:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-17 16:16 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-17 16:16 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-17 16:08 . 2008-09-17 16:09 <DIR> d-------- C:\Program Files\XoftSpySE
2008-09-17 15:32 . 2008-09-17 15:32 28,163 --a------ C:\Documents and Settings\Administrator\base.dat
2008-09-17 15:00 . 2008-09-17 15:00 71,826 --a------ C:\WINDOWS\system32\cpehrjgdoebzvpnb.exe
2008-09-17 14:59 . 2008-09-17 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Software Licensors
2008-09-17 14:18 . 2008-09-17 14:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SecureExpertCleaner
2008-09-17 14:11 . 2008-09-21 14:05 <DIR> d-------- C:\My Downloads
2008-09-17 13:40 . 2008-09-21 13:34 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-17 13:22 . 2008-09-17 13:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-17 13:21 . 2008-09-21 13:30 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-17 13:21 . 2008-09-17 13:21 <DIR> d-------- C:\Program Files\AVG
2008-09-17 13:21 . 2008-09-17 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-17 13:21 . 2008-09-17 13:21 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-17 12:40 . 2008-09-19 23:48 <DIR> d-------- C:\quarantine
2008-09-17 12:35 . 2008-09-17 17:21 <DIR> d-------- C:\Program Files\SAV
2008-09-17 12:35 . 2008-09-17 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\jkrcvwbs
2008-09-15 10:25 . 2008-09-15 10:25 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-09-15 10:25 . 2004-08-04 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-15 10:22 . 2008-09-15 10:24 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-03 01:38 . 2008-09-03 02:10 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-31 16:03 . 2008-08-31 16:03 <DIR> d-------- C:\Program Files\Veetle
2008-08-31 16:03 . 2008-08-31 16:03 48,396 --a------ C:\WINDOWS\UninstVeetleTVPlayer.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 10:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-09-11 02:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-02 13:16 1,734 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 17:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-09-24 11:20 56 --sh--r C:\WINDOWS\system32\5ABF848465.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-01 68856]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2008-02-27 1032376]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"ProvideSupportOperatorConsole[default]"="C:\PROGRA~1\PROVID~1\LIVESU~1\PROVID~1.EXE" [2007-01-29 19:37 3858432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-27 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-10-27 118784]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-05 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ACT_APL"="C:\Program Files\ACT\ACT for Windows\ACT_APL.exe" [2005-09-14 20480]
"HP Software Update"="D:\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"HPUsageTracking"="D:\HP UT\bin\hppusg.exe" [2005-02-07 36864]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 286720]
"wltray.exe"="C:\WINDOWS\system32\wltray.exe" [2005-06-08 778318]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-17 1235736]
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 C:\WINDOWS\BCMSMMSG.exe]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - D:\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - D:\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-09-24 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-17 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-17 231704]
R2 MSSQL$ACT7;MSSQL$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [2003-05-31 7544916]
S3 SQLAgent$ACT7;SQLAgent$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE [2002-12-17 311872]

*Newly Created Service* - ENTDRV51
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AutoConnect - C:\Documents and Settings\Administrator\Local Settings\Temp\{759C1C2F-D455-4AE7-9B8D-236069EAD05A}\{80CD64AA-7406-4508-BFDF-2DFE7F1F8EF0}\AutoConnect.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.mayfairprojects.com/MIG-Intranet/
R0 -: HKCU-Main,Search Page = hxxp://www.google.co.uk
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://www.mayfairprojects.com/MIG-Intranet/
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 -: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll

O16 -: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://www.ooxtv.com/stream.ocx
C:\WINDOWS\Downloaded Program Files\stream.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 11:48:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-22 11:49:21
ComboFix-quarantined-files.txt 2008-09-22 10:49:17

Pre-Run: 5,355,569,152 bytes free
Post-Run: 5,627,002,880 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

580 --- E O F --- 2008-09-18 02:15:25


Many thanks,

sca.

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 AM

Posted 22 September 2008 - 04:25 PM

Hello Sca. Looks better.

Do you use any Mcafee programs? I see some evidence of them in your log. Note that you should not be running more than one antivirus program.

Run ComboFix with CFScript
We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:


    File::
    C:\WINDOWS\system32\cpehrjgdoebzvpnb.exe
    C:\WINDOWS\system32\5ABF848465.sys
    Folder::
    C:\Documents and Settings\All Users\Application Data\jkrcvwbs
    C:\Documents and Settings\Administrator\Application Data\SecureExpertCleaner

    DirLook::
    C:\WINDOWS\system32\drivers\UMDF

    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


Download and Run OTViewIt
If you still have your copy, use that one.
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.


Post back with:
-the ComboFIx log
-the Kaspersky log
-the OTViewIt

How is your computer running now?

With Regards,
The Panda

#7 Sca

Sca
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 23 September 2008 - 05:20 AM

Hi PP,

Yes I do have Mcafee on my system. I shall make sure that I have only 1 antivirus program running as suggested.

Ok, regarding the logs that you asked for, I will send you the 3 you requested in order followed by an Extras.txt file which was created after running the OTViewIt.exe program.

CombiFix Log

ComboFix 08-09-20.05 - Administrator 2008-09-23 6:54:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.301 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\5ABF848465.sys
C:\WINDOWS\system32\cpehrjgdoebzvpnb.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\SecureExpertCleaner
C:\Documents and Settings\Administrator\Application Data\SecureExpertCleaner\Logs\scns.log
C:\Documents and Settings\Administrator\Cookies\administrator@h[2].txt
C:\Documents and Settings\All Users\Application Data\jkrcvwbs
C:\WINDOWS\system32\5ABF848465.sys
C:\WINDOWS\system32\cpehrjgdoebzvpnb.exe

.
((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.

2008-09-18 03:15 . 2008-09-18 03:15 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-09-17 18:59 . 2008-09-17 18:59 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-17 18:59 . 2008-09-17 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-17 18:57 . 2008-09-17 18:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-17 18:00 . 2008-09-17 18:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-17 16:16 . 2008-09-17 16:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-17 16:16 . 2008-09-17 16:16 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-09-17 16:16 . 2008-09-17 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-17 16:16 . 2008-09-17 16:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-17 16:16 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-17 16:16 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-17 16:08 . 2008-09-17 16:09 <DIR> d-------- C:\Program Files\XoftSpySE
2008-09-17 15:32 . 2008-09-17 15:32 28,163 --a------ C:\Documents and Settings\Administrator\base.dat
2008-09-17 14:59 . 2008-09-17 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Software Licensors
2008-09-17 14:11 . 2008-09-21 14:05 <DIR> d-------- C:\My Downloads
2008-09-17 13:40 . 2008-09-21 13:34 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-17 13:22 . 2008-09-17 13:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-17 13:21 . 2008-09-21 13:30 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-17 13:21 . 2008-09-17 13:21 <DIR> d-------- C:\Program Files\AVG
2008-09-17 13:21 . 2008-09-17 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-17 13:21 . 2008-09-17 13:21 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-17 12:40 . 2008-09-19 23:48 <DIR> d-------- C:\quarantine
2008-09-17 12:35 . 2008-09-17 17:21 <DIR> d-------- C:\Program Files\SAV
2008-09-15 10:25 . 2008-09-15 10:25 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-09-15 10:25 . 2004-08-04 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-15 10:22 . 2008-09-15 10:24 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-03 01:38 . 2008-09-03 02:10 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-31 16:03 . 2008-08-31 16:03 <DIR> d-------- C:\Program Files\Veetle
2008-08-31 16:03 . 2008-08-31 16:03 48,396 --a------ C:\WINDOWS\UninstVeetleTVPlayer.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 05:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-09-11 02:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-02 13:16 1,734 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 17:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\drivers\UMDF ----

2008-09-15 10:23 0 --ah----- C:\WINDOWS\system32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
2006-10-18 21:47 671232 --------- C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-01 68856]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2008-02-27 1032376]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"ProvideSupportOperatorConsole[default]"="C:\PROGRA~1\PROVID~1\LIVESU~1\PROVID~1.EXE" [2007-01-29 19:37 3858432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-27 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-10-27 118784]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-05 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ACT_APL"="C:\Program Files\ACT\ACT for Windows\ACT_APL.exe" [2005-09-14 20480]
"HP Software Update"="D:\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"HPUsageTracking"="D:\HP UT\bin\hppusg.exe" [2005-02-07 36864]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 286720]
"wltray.exe"="C:\WINDOWS\system32\wltray.exe" [2005-06-08 778318]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-17 1235736]
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 C:\WINDOWS\BCMSMMSG.exe]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - D:\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - D:\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-09-24 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-17 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-17 231704]
R2 MSSQL$ACT7;MSSQL$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [2003-05-31 7544916]
S3 SQLAgent$ACT7;SQLAgent$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE [2002-12-17 311872]

*Newly Created Service* - CATCHME
*Newly Created Service* - ENTDRV51
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 06:56:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-23 6:57:56
ComboFix-quarantined-files.txt 2008-09-23 05:57:51

Pre-Run: 5,574,701,056 bytes free
Post-Run: 5,608,681,472 bytes free

151 --- E O F --- 2008-09-18 02:15:25


Kaspersky Log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, September 23, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, September 23, 2008 05:21:39
Records in database: 1250361
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 46878
Threat name: 2
Infected objects: 2
Suspicious objects: 2
Duration of the scan: 01:45:56


File name / Threat name / Threats count
D:\MAYFAIR INTERNATIONAL GROUP\DATA\Suraiya\Suraiya.pst\Outlook.pst Infected: Email-Worm.Win32.NetSky.q 1
D:\pst\Outlook.pst Suspicious: Exploit.HTML.Iframe.FileDownload 2
D:\pst\Outlook.pst Infected: Email-Worm.Win32.NetSky.q 1

The selected area was scanned.


OTViewIt

OTViewIt logfile created on: 9/23/2008 10:51:52 AM - Run 3
OTViewIt by OldTimer - Version 1.0.7.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.33 Mb Total Physical Memory | 505.44 Mb Available Physical Memory | 65.96% Memory free
2.39 Gb Paging File | 1.03 Gb Available in Paging File | 42.84% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 5.19 Gb Free Space | 35.46% Space Free | Partition Type: NTFS
Drive D: | 22.61 Gb Total Space | 14.33 Gb Free Space | 63.38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SATBIR
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Process Files Modified Within 30 Days ==========

[2004/12/11 21:28:42 | 00,065,536 | ---- | M] () -- C:\WINDOWS\system32\wltrysvc.exe
[2008/09/17 19:00:08 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/09/17 13:21:11 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/09/17 13:21:27 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/09/17 13:21:21 | 01,235,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2007/09/24 12:31:57 | 00,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
[2008/09/19 23:51:52 | 02,856,044 | ---- | M] () -- C:\Documents and Settings\Guest\Desktop\ComboFix.exe
[2008/09/19 23:51:52 | 02,856,044 | ---- | M] () -- C:\Documents and Settings\Guest\Desktop\ComboFix.exe
[2008/09/23 07:33:13 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\ScanningProcess.exe
[2008/09/23 10:51:18 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe

========== (O23) Win32 Service Files Modified Within 30 Days ==========

[2008/09/17 19:00:08 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/09/17 13:21:11 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2004/12/11 21:28:42 | 00,065,536 | ---- | M] () -- C:\WINDOWS\system32\wltrysvc.exe -- (wltrysvc [Auto | Running])

========== Driver Service Files Modified Within 30 Days ==========

[2008/09/17 13:21:46 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/09/17 13:21:45 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.mayfairprojects.com/MIG-Intranet/

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.co.uk
"Start Page"=http://www.mayfairprojects.com/MIG-Intranet/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.co.uk
"Start Page"=http://www.mayfairprojects.com/MIG-Intranet/

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-501\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-501\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-501\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Internet Explorer Policies ==========
[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel] - present
[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Control Panel] - present
[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Control Panel] - present

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
"NoDrives"=0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0



[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0


[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}: http://dl.tvunetworks.com/TVUAx.cab -- CTVUAxCtrl Object
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab -- Java Plug-in 1.6.0_03
{A903E5AB-C67E-40FB-94F1-E1305982F6E0}: http://www.ooxtv.com/stream.ocx -- KooPlayer Control
{C5E28B9D-0A68-4B50-94E9-E8F6B4697514}: http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab -- NsvPlayX Control
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{552D6C19-0365-4A4D-B8AF-72CB33BC15A2} (Servers: | Description: Belkin 802.11g Network Adapter)
{8B7D099A-6D08-456A-89EA-29CEEDAB76EB} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/09/24 10:55:26 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/09/23 10:51:15 | 00,418,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2008/09/22 11:44:58 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008/09/22 11:44:53 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/09/22 11:43:33 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\swxcacls.exe
[2008/09/22 11:43:33 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2008/09/22 11:43:33 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/09/22 11:43:33 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/09/22 11:43:33 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/09/22 11:43:33 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/09/22 11:43:33 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/09/22 11:43:33 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFind.exe
[2008/09/22 11:43:33 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\Nircmd.exe
[2008/09/22 11:22:39 | 04,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2008/09/22 11:14:49 | 02,854,922 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2008/09/22 10:48:49 | 00,241,152 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Birmingham to Bombay2.doc
[2008/09/18 03:15:05 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/09/17 18:59:25 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/17 18:59:24 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/17 18:00:58 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2008/09/17 18:00:33 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2008/09/17 17:55:28 | 00,185,065 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FixPolicies.exe
[2008/09/17 16:16:26 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/17 16:16:26 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/17 16:16:25 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/17 16:08:44 | 00,000,464 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2008/09/17 16:08:42 | 00,000,378 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2008/09/17 16:08:40 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\XoftSpySE.lnk
[2008/09/17 13:22:01 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/09/17 13:21:46 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/09/17 13:21:44 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/09/17 13:21:35 | 27,629,790 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/09/17 13:21:35 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/09/17 13:21:35 | 00,249,919 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/09/17 13:21:35 | 00,111,420 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/09/16 11:16:57 | 00,134,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Birmingham to Bombay.doc
[2008/09/15 10:25:48 | 00,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/09/15 10:25:21 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2008/09/15 10:23:00 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/15 10:19:38 | 25,740,144 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\wmp11-windowsxp-x86-enu.exe
[2008/09/04 15:46:29 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Business Models.xls
[2008/08/31 16:03:02 | 00,048,396 | ---- | C] () -- C:\WINDOWS\UninstVeetleTVPlayer.exe

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/09/23 10:51:18 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2008/09/23 09:24:45 | 27,629,790 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/09/23 06:56:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/09/23 06:32:53 | 00,000,378 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2008/09/22 17:57:29 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2008/09/22 17:00:01 | 00,000,464 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2008/09/22 11:44:58 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/09/22 11:22:39 | 04,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2008/09/22 11:14:50 | 02,854,922 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2008/09/22 10:48:49 | 00,241,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Birmingham to Bombay2.doc
[2008/09/19 09:31:28 | 00,249,919 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/09/18 08:33:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/09/18 08:33:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/09/18 03:15:13 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2008/09/17 18:59:25 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/17 18:59:24 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/17 18:00:59 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2008/09/17 18:00:39 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2008/09/17 17:55:32 | 00,185,065 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FixPolicies.exe
[2008/09/17 16:16:26 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/17 16:08:40 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\XoftSpySE.lnk
[2008/09/17 13:26:01 | 00,111,420 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/09/17 13:22:01 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/09/17 13:21:46 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/09/17 13:21:45 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/09/17 13:21:35 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/09/16 23:15:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/16 11:16:58 | 00,134,144 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Birmingham to Bombay.doc
[2008/09/16 08:55:48 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/15 10:29:05 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/09/15 10:29:05 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/09/15 10:25:23 | 00,000,602 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/15 10:23:00 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/15 10:20:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/15 10:19:41 | 25,740,144 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\wmp11-windowsxp-x86-enu.exe
[2008/09/10 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/04 15:46:31 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Business Models.xls
[2008/09/02 15:02:16 | 00,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ScheduledItems
[2008/09/02 14:16:33 | 00,001,734 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/08/31 16:03:02 | 00,048,396 | ---- | M] () -- C:\WINDOWS\UninstVeetleTVPlayer.exe
[2008/08/26 13:28:14 | 16,208,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >


Extras.txt

OTViewIt Extras logfile created on: 9/23/2008 10:51:52 AM - Run Administrator
OTViewIt by OldTimer - Version 1.0.7.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.33 Mb Total Physical Memory | 505.44 Mb Available Physical Memory | 65.96% Memory free
2.39 Gb Paging File | 1.03 Gb Available in Paging File | 42.84% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 5.19 Gb Free Space | 35.46% Space Free | Partition Type: NTFS
Drive D: | 22.61 Gb Total Space | 14.33 Gb Free Space | 63.38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SATBIR
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007/09/24 12:31:57 | 00,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw
[2008/09/17 13:21:20 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2008/09/17 13:21:33 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])
msdaipp: [HKLM - No CLSID value]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1030DCDC-2425-407d-BEE1-13558B837FCA}"=HP Color LaserJet 2820/2830/2840 2.0
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}"=InstantShare
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}"=TrayApp
"{2154375F-A35D-4CB5-A996-3466251F6B3B}"=hpp2800usg
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk"=Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}"=Unload
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{341E9A67-9E45-4CAE-9AAC-49AD3EBACA41}"=ACT!
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{52504CE6-E909-4113-B232-4AFEC6543A61}"=Broadcom 440x 10/100 Integrated Controller
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}"=CP_PLSBusinessFlyers
"{59073DF9-3D3D-4FFC-AF41-C2C268A1A31E}"=hppTooCool
"{5B09BD67-4C99-46A1-8161-B7208CE18121}"=QuickTime
"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}"=McAfee VirusScan Enterprise
"{606E5C0D-6039-42A7-988E-9D51DE773AFF}"=hppFonts
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}"=CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}"=PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}"=HP Software Update
"{688EC50D-0155-4490-8DBF-686CD3B2893F}"=hppScanTo
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}"=Destinations
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}"=BufferChm
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74E5E862-F1FF-412B-B824-9582ED7DE84A}"=hppSendFax
"{7959721D-8268-4565-9E0E-C41A9F4848A9}"=SigmaTel AC97 Audio Drivers
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}"=HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7D7F2CB5-F9A4-4E86-853D-1BADD936DDAD}"=hppscan2800
"{8043D1B8-81AE-4597-AAA8-1E1F49D6E4DF}"=hppManuals2800
"{80CD64AA-7406-4508-BFDF-2DFE7F1F8EF0}"=Belkin Wireless Utility
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}"=SkinsHP1
"{851D5410-0851-46F0-8836-74E0D8D20196}"=hppDustDevil
"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8B2EF64A-1D1F-4AD8-91BF-7B5F1BC36E00}"=hppFaxDrv
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}"=DocProc
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}"=Google Earth
"{A28F43DA-258F-42EC-9C95-E6C9A7475670}"=hppIOFiles
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A00000000001}"=Adobe Reader 6.0.1
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{B911B811-BA3E-46D4-90F8-6F3338359651}"=Director
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}"=MarketResearch
"{C3E6DC57-473A-4424-9617-AF60BA8403C3}"=hppCLJ2800
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}"=WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}"=DocumentViewer
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}"=BBC iPlayer Download Manager
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}"=Dell ResourceCD
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}"=Scan
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AVG8Uninstall"=AVG Free 8.0
"BBC iPlayer Download Manager"=BBC iPlayer Download Manager
"BCM V.92 56K Modem"=BCM V.92 56K Modem
"CCleaner"=CCleaner (remove only)
"cpehrjgdoebzvpnb"=Browser Extension Tool Mxlivemedia
"ENTERPRISE"=Microsoft Office Enterprise 2007
"HijackThis"=HijackThis 2.0.2
"HP Photo & Imaging"=HP Image Zone 4.7
"HPExtendedCapabilities"=HP Extended Capabilities 4.7
"InstallShield_{341E9A67-9E45-4CAE-9AAC-49AD3EBACA41}"=ACT! 2006
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}"=Broadcom 440x 10/100 Integrated Controller
"Live Support Chat for Web Site_is1"=Live Support Chat for Web Site 4.3.0
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"RealAlt_is1"=Real Alternative 1.7.5
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SopCast"=SopCast 2.0.4
"TV Player"=Veetle TV Player 0.9.6
"TVAnts 1.0"=TVAnts 1.0
"Veetle TV Player"=Veetle TV Player 0.9.6
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XoftSpySE"=XoftSpySE

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antispyware PRO XP 3.1"=Antispyware PRO XP

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antispyware PRO XP 3.1"=Antispyware PRO XP

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/23/2008 5:36:19 AM | Computer Name = SATBIR | Source = ESENT | ID = 455
Description = wuaueng.dll (5660) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 4/23/2008 5:36:33 AM | Computer Name = SATBIR | Source = ESENT | ID = 489
Description = wuauclt (5660) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 4/23/2008 5:36:33 AM | Computer Name = SATBIR | Source = ESENT | ID = 455
Description = wuaueng.dll (5660) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 4/24/2008 12:36:14 PM | Computer Name = SATBIR | Source = Application Hang | ID = 1002
Description = Hanging application SopCast.exe, version 2.0.4.1126, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/24/2008 2:34:18 PM | Computer Name = SATBIR | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 9.0.0.3250, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/25/2008 1:19:56 PM | Computer Name = SATBIR | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The update failed; see event log.(from SATBIR
IP 192.168.1.100 user SYSTEM running VirusScan Ent. 8.0.0 UPD)

Error - 4/25/2008 3:28:25 PM | Computer Name = SATBIR | Source = Application Hang | ID = 1002
Description = Hanging application SopCast.exe, version 2.0.4.1126, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/26/2008 8:44:31 AM | Computer Name = SATBIR | Source = Application Hang | ID = 1002
Description = Hanging application SopCast.exe, version 2.0.4.1126, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/28/2008 11:10:01 AM | Computer Name = SATBIR | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x02aa9350.

Error - 4/28/2008 3:50:17 PM | Computer Name = SATBIR | Source = Application Hang | ID = 1002
Description = Hanging application SopCast.exe, version 2.0.4.1126, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 11/6/2007 3:44:48 AM | Computer Name = SATBIR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/22/2007 3:58:57 AM | Computer Name = SATBIR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 318
seconds with 120 seconds of active time. This session ended with a crash.

Error - 12/7/2007 1:11:41 AM | Computer Name = SATBIR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/23/2008 4:47:12 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/23/2008 4:47:17 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/23/2008 4:47:20 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/23/2008 4:47:47 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/23/2008 4:47:55 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/23/2008 4:47:57 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/23/2008 4:48:21 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/23/2008 4:48:32 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/23/2008 4:48:34 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/23/2008 4:48:56 AM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.


< End of report >


Hope thats ok.

The computer is running better. Just need confirmation from you that the problem is fully resolved.

Regards,

Sca.

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 AM

Posted 24 September 2008 - 07:22 AM

Hello Sca.

Yes I do have Mcafee on my system. I shall make sure that I have only 1 antivirus program running as suggested.

Yes, please remove all Mcafee programs using the Add/Remove Programs.

As far as I see, there are no active malware on your system. We will remove some leftovers this round. Please do stick with me until we are done though.

Something you should see from the Kaspersky log:
D:\MAYFAIR INTERNATIONAL GROUP\DATA\Suraiya\Suraiya.pst\Outlook.pst Infected: Email-Worm.Win32.NetSky.q 1
D:\pst\Outlook.pst Suspicious: Exploit.HTML.Iframe.FileDownload 2
D:\pst\Outlook.pst Infected: Email-Worm.Win32.NetSky.q 1

You OutLook documents are infected. If possible, I would suggest that you empty your OutLook folders. These infections are writen in simple scripting language, so AVs will usually detect them, if they are send.

Apply Registry Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "quote".


    Windows Registry Editor Version 5.00

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}]
    [-hkey_classes_root\clsid\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}]
    [-hkey_classes_root\clsid\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}]

    [HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}"=-

  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.reg.
  • Hit OK.
When done properly, the icon should look like Posted Image.

Double click fix.reg and answer Yes to the prompts. You should recieve the message that the entries have been successfully merged. If not, post back with the error message.

Delete fix.reg after use.

Update Java to Version 6 Update 7
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please then install the latest Java from this page. Follow the prompts and select the appropriate settings for your machine. Click on the "Required File" jdk-6u7-windows-i586-p.exe to download the installer. Double click the installer to run. Delete the installer after use.

Install Firewall
Please now install a third-party firewall from the following selection of excellent programsThe main reason you would prefer a third-party firewall over the Windows XP Firewall is because Windows Firewall only stops incoming signals from accessing your computer. However, it will not stop programs (possibly ones that could intrude your privacy) from sending outgoing signals to the Internet or to other networks.

After you have installed one of the above firewalls, please disable your Windows Firewall, if you had it enabled.


Post back with:
-a new OTViewIt log (here is a link if you lost yours)

With Regards,
The Panda

Edited by PropagandaPanda, 24 September 2008 - 07:22 AM.


#9 Sca

Sca
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 24 September 2008 - 10:46 AM

Hi PP,

I removed the Mcafee software and the D:\... Suraiya.pst\Outlook.pst file and attempted to run the fix.reg file but got the error message:

Cannot import C:\Documents and Settings\Administrator\Desktop\fix.reg: Error accessing the registry.

Please instruct.

Regards,

Sca.

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 AM

Posted 24 September 2008 - 11:05 AM

Hello Sca.

Not to worry about. Those were only leftover entries. We can remove them using other methods later.

Please continue to updating Java, installing a firewall, and posting back with a new OTViewIt log.

With Regards,
The Panda

#11 Sca

Sca
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 25 September 2008 - 05:23 PM

Hi PP,

Followed instructions as suggested.

Please see logs for OTViewIt.txt and Extras.txt:

OTViewIt.txt

OTViewIt logfile created on: 9/25/2008 11:11:04 PM - Run 4
OTViewIt by OldTimer - Version 1.0.7.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.33 Mb Total Physical Memory | 281.44 Mb Available Physical Memory | 36.73% Memory free
1.83 Gb Paging File | 1.28 Gb Available in Paging File | 70.02% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 4.91 Gb Free Space | 33.52% Space Free | Partition Type: NTFS
Drive D: | 22.61 Gb Total Space | 14.66 Gb Free Space | 64.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SATBIR
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Process Files Modified Within 30 Days ==========

[2004/12/11 21:28:42 | 00,065,536 | ---- | M] () -- C:\WINDOWS\system32\wltrysvc.exe
[2008/09/17 19:00:08 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/09/17 13:21:11 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/09/25 22:12:38 | 00,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe
[2008/09/17 13:21:27 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/09/17 13:21:21 | 01,235,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/09/25 22:13:16 | 00,278,264 | ---- | M] (COMODO) -- C:\Program Files\COMODO\SafeSurf\cssurf.exe
[2008/09/25 22:12:38 | 01,655,552 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cfp.exe
[2007/09/24 12:31:57 | 00,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
[2008/09/23 10:51:18 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe

========== (O23) Win32 Service Files Modified Within 30 Days ==========

[2008/09/17 19:00:08 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/09/17 13:21:11 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/09/25 22:12:38 | 00,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe -- (cmdAgent [Auto | Running])
[2004/12/11 21:28:42 | 00,065,536 | ---- | M] () -- C:\WINDOWS\system32\wltrysvc.exe -- (wltrysvc [Auto | Running])

========== Driver Service Files Modified Within 30 Days ==========

[2008/09/17 13:21:46 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/09/17 13:21:45 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
File not found -- C:\ComboFix\catchme.sys -- (catchme [On_Demand | Stopped])
[2008/09/25 22:12:39 | 00,087,056 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard [System | Running])
[2008/09/25 22:12:39 | 00,024,208 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp [System | Running])
File not found -- C:\WINDOWS\system32\drivers\EntDrv51.sys -- (EntDrv51 [On_Demand | Stopped])
[2008/09/25 22:12:39 | 00,079,760 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect [Boot | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.mayfairprojects.com/MIG-Intranet/

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.co.uk
"Start Page"=http://www.comodo.com/search/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}" (HKLM) -- C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.co.uk
"Start Page"=http://www.comodo.com/search/

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}" (HKLM) -- C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} (HKLM) -- C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (HKLM) -- C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" -h ()
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s (COMODO)

========== (O4) Startup Folders ==========


========== (O6 & O7) Internet Explorer Policies ==========
[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel] - present
[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Control Panel] - present

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
"NoDrives"=0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0



[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0


[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{A903E5AB-C67E-40FB-94F1-E1305982F6E0}: http://www.ooxtv.com/stream.ocx -- KooPlayer Control
{C5E28B9D-0A68-4B50-94E9-E8F6B4697514}: http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab -- NsvPlayX Control
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{552D6C19-0365-4A4D-B8AF-72CB33BC15A2} (Servers: | Description: Belkin 802.11g Network Adapter)
{8B7D099A-6D08-456A-89EA-29CEEDAB76EB} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/09/24 10:55:26 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/09/25 22:39:06 | 00,000,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall Pro.lnk
[2008/09/25 22:13:17 | 00,249,592 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cssdll32.dll
[2008/09/25 22:12:42 | 00,143,104 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2008/09/25 22:12:42 | 00,087,056 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2008/09/25 22:12:42 | 00,079,760 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2008/09/25 22:12:42 | 00,024,208 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2008/09/25 22:11:56 | 19,564,288 | ---- | C] (COMODO) -- C:\Documents and Settings\Administrator\Desktop\CFP_Setup_3.0.25.378_XP_Vista_x32.exe
[2008/09/24 20:29:31 | 03,754,496 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sales Master v3 (version 2).xls
[2008/09/24 16:45:53 | 00,000,454 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\fix.reg
[2008/09/23 10:51:15 | 00,418,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2008/09/22 11:44:58 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008/09/22 11:44:53 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/09/22 11:43:33 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\swxcacls.exe
[2008/09/22 11:43:33 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2008/09/22 11:43:33 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/09/22 11:43:33 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/09/22 11:43:33 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/09/22 11:43:33 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/09/22 11:43:33 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/09/22 11:43:33 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFind.exe
[2008/09/22 11:43:33 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\Nircmd.exe
[2008/09/22 11:22:39 | 04,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2008/09/22 11:14:49 | 02,854,922 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2008/09/22 10:48:49 | 00,241,152 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Birmingham to Bombay2.doc
[2008/09/18 03:15:05 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/09/17 18:59:25 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/17 18:59:24 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/17 18:00:58 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2008/09/17 18:00:33 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2008/09/17 17:55:28 | 00,185,065 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FixPolicies.exe
[2008/09/17 16:16:26 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/17 16:16:26 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/17 16:16:25 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/17 16:08:44 | 00,000,464 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2008/09/17 16:08:42 | 00,000,378 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2008/09/17 16:08:40 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\XoftSpySE.lnk
[2008/09/17 13:22:01 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/09/17 13:21:46 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/09/17 13:21:44 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/09/17 13:21:35 | 27,719,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/09/17 13:21:35 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/09/17 13:21:35 | 00,249,919 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/09/17 13:21:35 | 00,045,378 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/09/16 11:16:57 | 00,134,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Birmingham to Bombay.doc
[2008/09/15 10:25:48 | 00,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/09/15 10:25:21 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2008/09/15 10:23:00 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/15 10:19:38 | 25,740,144 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\wmp11-windowsxp-x86-enu.exe
[2008/09/04 15:46:29 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Business Models.xls
[2008/08/31 16:03:02 | 00,048,396 | ---- | C] () -- C:\WINDOWS\UninstVeetleTVPlayer.exe

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/09/25 23:04:11 | 00,000,464 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2008/09/25 23:03:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/09/25 23:03:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/09/25 22:39:06 | 00,000,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall Pro.lnk
[2008/09/25 22:13:16 | 00,249,592 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cssdll32.dll
[2008/09/25 22:12:39 | 00,143,104 | ---- | M] () -- C:\WINDOWS\System32\guard32.dll
[2008/09/25 22:12:39 | 00,087,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2008/09/25 22:12:39 | 00,079,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2008/09/25 22:12:39 | 00,024,208 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2008/09/25 22:11:56 | 19,564,288 | ---- | M] (COMODO) -- C:\Documents and Settings\Administrator\Desktop\CFP_Setup_3.0.25.378_XP_Vista_x32.exe
[2008/09/25 13:57:35 | 27,719,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/09/25 09:06:26 | 00,045,378 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/09/24 20:29:32 | 03,754,496 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sales Master v3 (version 2).xls
[2008/09/24 16:45:56 | 00,000,454 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fix.reg
[2008/09/23 23:13:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/23 17:49:20 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2008/09/23 10:51:18 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2008/09/23 06:56:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/09/23 06:32:53 | 00,000,378 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2008/09/22 11:44:58 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/09/22 11:22:39 | 04,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2008/09/22 11:14:50 | 02,854,922 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2008/09/22 10:48:49 | 00,241,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Birmingham to Bombay2.doc
[2008/09/19 09:31:28 | 00,249,919 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/09/18 03:15:13 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2008/09/17 18:59:25 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/17 18:59:24 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/17 18:00:59 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2008/09/17 18:00:39 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2008/09/17 17:55:32 | 00,185,065 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FixPolicies.exe
[2008/09/17 16:16:26 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/17 16:08:40 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\XoftSpySE.lnk
[2008/09/17 13:22:01 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/09/17 13:21:46 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/09/17 13:21:45 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/09/17 13:21:35 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/09/16 11:16:58 | 00,134,144 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Birmingham to Bombay.doc
[2008/09/16 08:55:48 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/15 10:29:05 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/09/15 10:29:05 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/09/15 10:25:23 | 00,000,602 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/15 10:23:00 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/15 10:20:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/15 10:19:41 | 25,740,144 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\wmp11-windowsxp-x86-enu.exe
[2008/09/10 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/04 15:46:31 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Business Models.xls
[2008/09/02 15:02:16 | 00,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ScheduledItems
[2008/09/02 14:16:33 | 00,001,734 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/08/31 16:03:02 | 00,048,396 | ---- | M] () -- C:\WINDOWS\UninstVeetleTVPlayer.exe
< End of report >


Extras.txt

OTViewIt Extras logfile created on: 9/25/2008 11:11:04 PM - Run Administrator
OTViewIt by OldTimer - Version 1.0.7.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.33 Mb Total Physical Memory | 281.44 Mb Available Physical Memory | 36.73% Memory free
1.83 Gb Paging File | 1.28 Gb Available in Paging File | 70.02% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 4.91 Gb Free Space | 33.52% Space Free | Partition Type: NTFS
Drive D: | 22.61 Gb Total Space | 14.66 Gb Free Space | 64.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SATBIR
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007/09/24 12:31:57 | 00,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw
File not found -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Disabled:Framework Service
[2008/09/17 13:21:20 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2008/09/17 13:21:33 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])
msdaipp: [HKLM - No CLSID value]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1030DCDC-2425-407d-BEE1-13558B837FCA}"=HP Color LaserJet 2820/2830/2840 2.0
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}"=InstantShare
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}"=TrayApp
"{2154375F-A35D-4CB5-A996-3466251F6B3B}"=hpp2800usg
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk"=Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}"=Unload
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}"=Java™ SE Development Kit 6 Update 7
"{341E9A67-9E45-4CAE-9AAC-49AD3EBACA41}"=ACT!
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{52504CE6-E909-4113-B232-4AFEC6543A61}"=Broadcom 440x 10/100 Integrated Controller
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}"=CP_PLSBusinessFlyers
"{59073DF9-3D3D-4FFC-AF41-C2C268A1A31E}"=hppTooCool
"{5B09BD67-4C99-46A1-8161-B7208CE18121}"=QuickTime
"{606E5C0D-6039-42A7-988E-9D51DE773AFF}"=hppFonts
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}"=CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}"=PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}"=HP Software Update
"{688EC50D-0155-4490-8DBF-686CD3B2893F}"=hppScanTo
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}"=Destinations
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}"=BufferChm
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74E5E862-F1FF-412B-B824-9582ED7DE84A}"=hppSendFax
"{7959721D-8268-4565-9E0E-C41A9F4848A9}"=SigmaTel AC97 Audio Drivers
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}"=HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7D7F2CB5-F9A4-4E86-853D-1BADD936DDAD}"=hppscan2800
"{8043D1B8-81AE-4597-AAA8-1E1F49D6E4DF}"=hppManuals2800
"{80CD64AA-7406-4508-BFDF-2DFE7F1F8EF0}"=Belkin Wireless Utility
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}"=SkinsHP1
"{851D5410-0851-46F0-8836-74E0D8D20196}"=hppDustDevil
"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8B2EF64A-1D1F-4AD8-91BF-7B5F1BC36E00}"=hppFaxDrv
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}"=DocProc
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}"=Google Earth
"{A28F43DA-258F-42EC-9C95-E6C9A7475670}"=hppIOFiles
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A00000000001}"=Adobe Reader 6.0.1
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{B911B811-BA3E-46D4-90F8-6F3338359651}"=Director
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}"=MarketResearch
"{C3E6DC57-473A-4424-9617-AF60BA8403C3}"=hppCLJ2800
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}"=Java DB 10.3.1.4
"{CDFCF124-115F-4976-8BF4-08C89187A146}"=WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}"=DocumentViewer
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}"=BBC iPlayer Download Manager
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}"=Dell ResourceCD
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}"=Scan
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AskSBar Uninstall"=Ask Toolbar
"AVG8Uninstall"=AVG Free 8.0
"BBC iPlayer Download Manager"=BBC iPlayer Download Manager
"BCM V.92 56K Modem"=BCM V.92 56K Modem
"CCleaner"=CCleaner (remove only)
"COMODO Firewall Pro"=COMODO Firewall Pro
"COMODO SafeSurf"=COMODO SafeSurf
"cpehrjgdoebzvpnb"=Browser Extension Tool Mxlivemedia
"ENTERPRISE"=Microsoft Office Enterprise 2007
"HijackThis"=HijackThis 2.0.2
"HP Photo & Imaging"=HP Image Zone 4.7
"HPExtendedCapabilities"=HP Extended Capabilities 4.7
"InstallShield_{341E9A67-9E45-4CAE-9AAC-49AD3EBACA41}"=ACT! 2006
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}"=Broadcom 440x 10/100 Integrated Controller
"Live Support Chat for Web Site_is1"=Live Support Chat for Web Site 4.3.0
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"RealAlt_is1"=Real Alternative 1.7.5
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SopCast"=SopCast 2.0.4
"TV Player"=Veetle TV Player 0.9.6
"TVAnts 1.0"=TVAnts 1.0
"Veetle TV Player"=Veetle TV Player 0.9.6
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XoftSpySE"=XoftSpySE

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antispyware PRO XP 3.1"=Antispyware PRO XP

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antispyware PRO XP 3.1"=Antispyware PRO XP

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/25/2008 1:19:56 PM | Computer Name = SATBIR | Source = Alert Manager Event Interface | ID = 257
Description =

Error - 4/25/2008 3:28:25 PM | Computer Name = SATBIR | Source = Application Hang | ID = 1002
Description = Hanging application SopCast.exe, version 2.0.4.1126, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/26/2008 8:44:31 AM | Computer Name = SATBIR | Source = Application Hang | ID = 1002
Description = Hanging application SopCast.exe, version 2.0.4.1126, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/28/2008 11:10:01 AM | Computer Name = SATBIR | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x02aa9350.

Error - 4/28/2008 3:50:17 PM | Computer Name = SATBIR | Source = Application Hang | ID = 1002
Description = Hanging application SopCast.exe, version 2.0.4.1126, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/4/2008 2:05:20 AM | Computer Name = SATBIR | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x02db9350.

Error - 5/4/2008 9:53:30 AM | Computer Name = SATBIR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/4/2008 1:57:26 PM | Computer Name = SATBIR | Source = Application Hang | ID = 1002
Description = Hanging application SopCast.exe, version 2.0.4.1126, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/4/2008 1:57:33 PM | Computer Name = SATBIR | Source = Application Hang | ID = 1002
Description = Hanging application Act8.exe, version 8.0.182.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/6/2008 11:48:41 AM | Computer Name = SATBIR | Source = Application Hang | ID = 1002
Description = Hanging application SopCast.exe, version 2.0.4.1126, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 11/6/2007 3:44:48 AM | Computer Name = SATBIR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/22/2007 3:58:57 AM | Computer Name = SATBIR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 318
seconds with 120 seconds of active time. This session ended with a crash.

Error - 12/7/2007 1:11:41 AM | Computer Name = SATBIR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/25/2008 12:01:50 PM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/25/2008 12:01:53 PM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/25/2008 12:02:27 PM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/25/2008 12:02:30 PM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/25/2008 12:03:04 PM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/25/2008 12:03:07 PM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/25/2008 12:03:41 PM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/25/2008 12:03:44 PM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/25/2008 12:04:18 PM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.

Error - 9/25/2008 12:04:21 PM | Computer Name = SATBIR | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MAYFAIR-FB39F20 using
any of the configured protocols.


< End of report >


Please instruct.

Thanks,

Sca.

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 AM

Posted 25 September 2008 - 07:41 PM

Hello Sca.

Your machine is clean :thumbsup: . Just a couple of leftovers, and you are good to go.

Apply Registry Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "quote".
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Antispyware PRO XP 3.1"=-
    
    [HKEY_USERS\S-1-5-21-1757981266-1202660629-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Antispyware PRO XP 3.1"=-
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.reg.
  • Hit OK.
When done properly, the icon should look like Posted Image.

Double click fix.reg and answer Yes to the prompts. You should recieve the message that the entries have been successfully merged. If not, post back with the error message.

Delete fix.reg after use.

Uninstall ComboFix
Remove Combofix now that we're done with it. If any other files are left, feel free to remove them.
  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
Uninstalling ComboFix will do the following:
  • Delete ComboFix and its components from your computer.
  • Delete other tools commonly used during the malware removal process.
  • Resets clock settings to standard format.
  • Hide file extensions and hidden/system files.
  • Clear System Restore cache and creates new restore point.
Preventing Malware Infection in the Future
Please also have a look at the following links, giving some advice and suggestions for preventing future infections: Visit the Windows Update Site regularly.
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
    Note that it will download them for you, but you still have to actually click install.
    If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates separately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for choosing Bleeping Computer as you malware removal source. Be sure to tell your friends about us!


Any further questions or concerns?

With Regards,
The Panda

#13 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:05:30 AM

Posted 28 September 2008 - 08:14 PM

As this issue seems to be resolved, this thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
For all others, if you have a similar issue please start a new topic.

Thanks for asking in BleepingComputer.com

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users