Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected from Bebo virus +mywebsearch


  • This topic is locked This topic is locked
25 replies to this topic

#1 dome90uk

dome90uk

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 06 December 2008 - 03:23 PM

hi,

my sisters computer was / is infected from a fake flash player installed via Bebo - i think i have removed the majority of problems with AVG and MalewareBytes but the computer is still sluggish. Have also tried to remove using Spybot S&D but will not remove a mywebSearch reg entry. Could you please have a look at my RSIT log and my Kaperski log (attached sorry it is html), thanks.

Any help much appreciated

RSIT LOG ::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Logfile of random's system information tool 1.04 (written by random/random)
Run by Jen at 2008-12-06 20:15:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (37%) free of 38 GB
Total RAM: 447 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:43, on 06/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jen\Local Settings\Temp\jkos-Jen\binaries\ScanningProcess.exe
C:\Documents and Settings\Jen\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jen.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gluesite] C:\DOCUME~1\Jen\APPLIC~1\WEBMEO~1\Start Seek.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Quick StartUp.lnk = C:\PENSOFT\fquick32.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Start.lnk = C:\PENSOFT\Quick95.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Quick StartUp.lnk = C:\PENSOFT\fquick32.exe (User 'Default user')
O4 - .DEFAULT Startup: Start.lnk = C:\PENSOFT\Quick95.exe (User 'Default user')
O4 - Startup: Quick StartUp.lnk = C:\PENSOFT\fquick32.exe
O4 - Startup: Start.lnk = C:\PENSOFT\Quick95.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alias SketchBook Snapshot.lnk = C:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162750324718
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8109 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AF82AACC91855C3C.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
ZoneAlarm Spy Blocker BHO - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-08-14 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-08-14 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-10-14 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-10-14 167936]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-10-17 729178]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-10-17 590848]
"atwtusb"=atwtusb.exe beta []
"PenLock"= []
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2006-06-29 269104]
"VX3000"=C:\WINDOWS\vVX3000.exe [2006-06-29 707376]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-11-04 185896]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-08-09 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-08-09 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Gluesite"=C:\DOCUME~1\Jen\APPLIC~1\WEBMEO~1\Start Seek.exe []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2005-08-31 1658592]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\Msmsgs.exe [2005-08-31 1658592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartPic]
C:\Program Files\SmartPic\SmartPic.exe [2006-01-14 1410048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-08-17 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-11-04 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Alias SketchBook Snapshot.lnk - C:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Jen\Start Menu\Programs\Startup
Quick StartUp.lnk - C:\PENSOFT\fquick32.exe
Start.lnk - C:\PENSOFT\Quick95.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgemc.exe"="C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\ypager.exe"="C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\tinyproxy\tinyproxy.exe"="C:\Program Files\tinyproxy\tinyproxy.exe:*:Enabled:tinyproxy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{975e4acc-b043-11da-b7b6-0002e345a6e2}]
shell\AutoRun\command - ~tmp0.1st.exe


======List of files/folders created in the last 1 months======

2008-12-06 20:15:24 ----D---- C:\rsit
2008-12-06 16:08:50 ----D---- C:\WINDOWS\LastGood
2008-12-04 22:57:44 ----SHD---- C:\Config.Msi
2008-12-04 22:33:42 ----D---- C:\Program Files\Trend Micro
2008-11-30 22:22:01 ----D---- C:\Documents and Settings\Jen\Application Data\Malwarebytes
2008-11-30 22:21:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-30 22:21:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-30 18:27:21 ----A---- C:\WINDOWS\wininit.ini
2008-11-30 12:11:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-30 12:11:44 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-30 11:55:56 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-30 11:55:44 ----A---- C:\rapport.txt
2008-11-30 11:53:44 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-29 22:33:05 ----D---- C:\Documents and Settings\Jen\Application Data\.clamwin
2008-11-14 18:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-14 18:36:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-14 18:35:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-06 20:15:42 ----D---- C:\WINDOWS\Prefetch
2008-12-06 20:14:41 ----D---- C:\WINDOWS\Internet Logs
2008-12-06 17:00:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-06 16:28:59 ----D---- C:\Program Files\Mozilla Firefox
2008-12-06 16:16:36 ----D---- C:\Programs
2008-12-06 16:09:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-06 16:09:06 ----D---- C:\WINDOWS\Temp
2008-12-06 16:09:05 ----AD---- C:\WINDOWS\system32
2008-12-06 16:09:03 ----HD---- C:\WINDOWS\inf
2008-12-06 16:09:03 ----D---- C:\WINDOWS\Help
2008-12-06 16:08:51 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-06 16:08:50 ----D---- C:\WINDOWS
2008-12-06 16:04:12 ----D---- C:\Documents and Settings\Jen\Application Data\AVG7
2008-12-06 16:02:55 ----A---- C:\WINDOWS\win.ini
2008-12-06 16:02:54 ----A---- C:\WINDOWS\aiptbl.ini
2008-12-06 16:02:38 ----A---- C:\WINDOWS\ModemLog_Smart Link 56K Voice Modem.txt
2008-12-04 22:59:25 ----D---- C:\Program Files\Yahoo!
2008-12-04 22:58:26 ----SHD---- C:\WINDOWS\Installer
2008-12-04 22:58:26 ----D---- C:\Program Files\Windows Live Toolbar
2008-12-04 22:58:12 ----RD---- C:\Program Files
2008-12-04 22:57:44 ----SD---- C:\WINDOWS\Tasks
2008-12-04 22:55:32 ----D---- C:\Program Files\Google
2008-12-04 22:55:31 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-30 23:22:15 ----SHD---- C:\RECYCLER
2008-11-30 22:21:57 ----D---- C:\WINDOWS\system32\drivers
2008-11-30 15:04:05 ----RHD---- C:\$VAULT$.AVG
2008-11-30 11:54:18 ----D---- C:\Documents and Settings
2008-11-30 11:52:36 ----A---- C:\WINDOWS\system32\DEBUG_LOG.txt
2008-11-30 01:28:33 ----D---- C:\Program Files\MSN Messenger
2008-11-30 01:07:05 ----D---- C:\Program Files\Internet Explorer
2008-11-30 00:37:04 ----D---- C:\Program Files\Circle Developement
2008-11-15 22:40:06 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-15 21:43:23 ----D---- C:\Program Files\Virtual Makeover 2
2008-11-15 17:15:07 ----D---- C:\Documents and Settings\Jen\Application Data\LimeWire
2008-11-14 18:36:26 ----A---- C:\WINDOWS\imsins.BAK
2008-11-14 18:36:21 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-14 18:35:06 ----D---- C:\WINDOWS\WinSxS
2008-11-09 12:06:55 ----D---- C:\Program Files\Common Files\Symantec Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-11-04 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2006-12-22 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-03-23 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-29 10760]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2006-12-22 4960]
R2 usbhub;DSC Composite USB Device; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-19 3644800]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-05-05 463168]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-10-17 43008]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys [2005-10-17 237616]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\SLDRV\slntamr.sys [2005-10-17 698848]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys [2005-10-17 13248]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-10-17 190560]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-10-14 238464]
S1 aiptektp;HyperPen; C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 22272]
S2 Ca533av;Polaroid Digital Cam Video; C:\WINDOWS\System32\Drivers\Ca533av.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cdrmkaun;cdrmkaun; \??\C:\DOCUME~1\Jen\LOCALS~1\Temp\cdrmkaun.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys [2005-10-17 1464912]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys [2005-10-17 101328]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-01-15 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2006-06-29 1966256]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-11-04 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2006-12-22 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-29 406528]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamSvc.exe [2006-06-29 187184]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slmdmsr.exe [2005-10-17 61440]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
S2 DCOM Server Process Launcher (DcomLaunch) ;DCOM Server Process Launcher (DcomLaunch) ; C:\Program Files\tinyproxy\tinyproxy.exe []
S2 DHCP Client (Dhcp) ;DHCP Client (Dhcp) ; C:\Program Files\tinyproxy\tinyproxy.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 Protected Storage (ProtectedStorage) ;Protected Storage (ProtectedStorage) ; C:\Program Files\tinyproxy\tinyproxy.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 PM

Posted 11 December 2008 - 08:06 PM

Hello.

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Since it has been a while, I would like to see another kaspersky scan and an OTViewIT log please.

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 dome90uk

dome90uk
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 13 December 2008 - 12:02 PM

Thanks for your help :thumbsup: - logs below

==============================================
==============================================
OTViewIt logfile created on: 13/12/2008 16:58:44 - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Jen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.48 Mb Total Physical Memory | 109.00 Mb Available Physical Memory | 24.36% Memory free
1.03 Gb Paging File | 0.61 Gb Available in Paging File | 59.44% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 14.11 Gb Free Space | 37.87% Space Free | Partition Type: NTFS
Drive D: | 1.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNIFER
Current User Name: Jen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2008/01/15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/11/04 18:44:04 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
[2006/12/22 22:35:29 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
[2007/12/29 12:57:44 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/06/29 23:54:23 | 00,187,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
[2005/10/17 09:00:54 | 00,061,440 | ---- | M] ( ) -- C:\WINDOWS\system32\slmdmsr.exe
[2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008/04/14 00:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2005/10/14 11:00:13 | 00,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
[2005/10/14 11:00:13 | 00,167,936 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
[2005/10/17 09:20:06 | 00,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2008/10/17 12:03:08 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgcc.exe
[2006/02/21 09:32:38 | 00,294,912 | ---- | M] () -- C:\WINDOWS\system32\ATWTUSB.EXE
[2006/06/29 23:55:44 | 00,707,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
[2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2006/11/04 19:10:53 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2004/08/09 06:03:38 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2008/03/30 09:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/07/09 08:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[2005/08/31 19:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\Msmsgs.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2005/06/20 17:13:00 | 00,107,237 | ---- | M] (Alias Systems) -- C:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe
[2006/12/25 22:28:22 | 00,185,476 | ---- | M] () -- C:\PENSOFT\fquick32.exe
[2006/12/25 22:28:22 | 00,060,928 | ---- | M] () -- C:\PENSOFT\Quick95.exe
[2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/10/15 07:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/09/20 10:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2008/12/12 21:05:34 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jen\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/01/15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/11/04 18:44:04 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
[2006/12/22 22:35:29 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
[2007/12/29 12:57:44 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe -- (AVGEMS [Auto | Running])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (DCOM Server Process Launcher (DcomLaunch) [Auto | Stopped])
File not found -- -- (DHCP Client (Dhcp) [Auto | Stopped])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2006/06/29 23:54:23 | 00,187,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamSvc.exe -- (MSCamSvc [Auto | Running])
File not found -- -- (Protected Storage (ProtectedStorage) [Auto | Stopped])
[2005/10/17 09:00:54 | 00,061,440 | ---- | M] ( ) -- C:\WINDOWS\system32\slmdmsr.exe -- (SLService [Auto | Running])
[2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/07/07 16:02:14 | 00,022,272 | ---- | M] (AIPTEK International Inc.) -- C:\WINDOWS\system32\drivers\aiptektp.sys -- (aiptektp [System | Stopped])
[2005/08/19 15:31:52 | 03,644,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2005/05/05 00:08:38 | 00,463,168 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211 [On_Demand | Running])
[2007/11/04 18:44:01 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7core.sys -- (Avg7Core [System | Running])
[2006/12/22 22:35:30 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
[2007/03/23 21:45:15 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
[2007/12/29 12:57:45 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean [System | Running])
[2006/12/22 22:35:30 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdi.sys -- (AvgTdi [Auto | Running])
[2005/10/17 06:27:44 | 00,043,008 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])
[2001/08/17 12:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
[2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/10/12 11:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2007/07/19 14:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2005/10/17 09:00:50 | 00,237,616 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\SLDRV\mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])
[2005/10/17 09:00:51 | 01,464,912 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\SLDRV\mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])
[2008/05/02 09:58:12 | 00,017,536 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
[2008/05/02 09:58:14 | 00,020,864 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
[2005/08/18 15:52:06 | 00,093,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2005/08/18 15:52:08 | 00,077,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
[2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/10/17 09:00:51 | 00,014,680 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\SLDRV\RecAgent.sys -- (RecAgent [Boot | Running])
[2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2005/01/11 15:58:48 | 00,030,976 | ---- | M] (Silicon Integrated Systems Corp) -- C:\WINDOWS\system32\drivers\SiSRaid2.sys -- (SiSRaid2 [Boot | Running])
[2005/10/17 09:00:54 | 00,698,848 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\SLDRV\slntamr.sys -- (Slntamr [On_Demand | Running])
[2005/10/17 09:00:54 | 00,101,328 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\SLDRV\slnthal.sys -- (SlNtHal [On_Demand | Stopped])
[2005/10/17 09:00:54 | 00,013,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\SLDRV\slwdmsup.sys -- (SlWdmSup [On_Demand | Running])
[2008/02/27 02:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2005/08/30 01:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus [On_Demand | Stopped])
[2005/08/30 01:49:34 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl [On_Demand | Stopped])
[2005/08/30 01:49:38 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm [On_Demand | Stopped])
[2005/10/17 09:19:59 | 00,190,560 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2008/04/13 18:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys -- (uagp35 [Boot | Running])
[2008/05/02 09:58:14 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
[2008/01/15 02:39:58 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 18:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2008/04/13 18:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
[2008/05/02 09:58:28 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
[2003/07/02 02:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [Boot | Running])
[2005/10/14 11:00:12 | 00,238,464 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Running])
[2005/11/23 09:12:12 | 00,092,672 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid [Boot | Running])
[2008/07/09 08:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2006/06/29 23:55:56 | 01,966,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000 [On_Demand | Stopped])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = *.local;<local>

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (4102 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
46 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"atwtusb"=atwtusb.exe beta ()
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" (Microsoft Corporation)
"PenLock"= File not found
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"VTTimer"=VTTimer.exe (S3 Graphics, Inc.)
"VTTrayp"=VTtrayp.exe (S3 Graphics Co., Ltd.)
"VX3000"=C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gluesite"=C:\DOCUME~1\Jen\APPLIC~1\WEBMEO~1\Start Seek.exe File not found
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========

[2005/09/23 21:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2005/06/20 17:13:00 | 00,107,237 | ---- | M] (Alias Systems) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Alias SketchBook Snapshot.lnk = C:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe
[2001/02/13 01:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
[2006/12/25 22:28:22 | 00,185,476 | ---- | M] () -- C:\Documents and Settings\Jen\Start Menu\Programs\Startup\Quick StartUp.lnk = C:\PENSOFT\fquick32.exe
[2006/12/25 22:28:22 | 00,060,928 | ---- | M] () -- C:\Documents and Settings\Jen\Start Menu\Programs\Startup\Start.lnk = C:\PENSOFT\Quick95.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: @c:\Program Files\Messenger\Msgslang.dll,-61144 -- %ProgramFiles%\Messenger\Msmsgs.exe [2005/08/31 19:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: @c:\Program Files\Messenger\Msgslang.dll,-61144 -- %ProgramFiles%\Messenger\Msmsgs.exe [2005/08/31 19:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [Messenger Class] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\Msmsgs.exe [@c:\Program Files\Messenger\Msgslang.dll,-61144] -> [2005/08/31 19:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1162750324718 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{4AAEB0DC-2B3C-4979-8CE0-E96BAAB59224} (Servers: | Description: Atheros AR5005G Wireless Network Adapter)
{68523A16-A228-436F-BAA7-C6C1D99431F2} (Servers: | Description: )
{851B02DC-8DE1-4305-8155-AD960170CF29} (Servers: | Description: VIA Rhine II Fast Ethernet Adapter)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/03/10 13:14:33 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{975e4acc-b043-11da-b7b6-0002e345a6e2}\Shell\AutoRun\command]
""=~tmp0.1st.exe

========== Files/Folders - Created Within 30 Days ==========

[2008/12/12 21:05:29 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jen\Desktop\OTViewIt.exe
[2008/12/06 20:15:24 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/06 20:12:03 | 00,012,316 | ---- | C] () -- C:\Documents and Settings\Jen\Desktop\kaspersky_report.html
[2008/12/06 16:49:29 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\Jen\Desktop\RSIT.exe
[2008/12/04 22:33:42 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Jen\Desktop\HijackThis.lnk
[2008/12/04 22:33:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/30 22:22:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jen\Application Data\Malwarebytes
[2008/11/30 22:21:57 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/30 22:21:57 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/30 22:21:54 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/11/30 22:21:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/30 22:21:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/30 18:27:21 | 00,000,109 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/30 12:31:50 | 46,928,6912 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/30 12:11:54 | 00,000,939 | ---- | C] () -- C:\Documents and Settings\Jen\Desktop\Spybot - Search & Destroy.lnk
[2008/11/30 12:11:44 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/30 12:11:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/11/30 12:08:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jen\Desktop\Clamwin DB
[2008/11/30 11:55:56 | 00,003,284 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2008/11/30 11:48:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jen\Desktop\antivirus
[2008/11/29 22:41:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jen\Desktop\vault
[2008/11/29 22:33:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jen\Application Data\.clamwin
[2008/11/14 16:37:57 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/14 16:37:13 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/11/14 16:28:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jen\Desktop\Unused Desktop Shortcuts

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/12/13 16:32:22 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/12/13 16:31:52 | 00,000,766 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/13 16:31:51 | 00,003,873 | ---- | M] () -- C:\WINDOWS\aiptbl.ini
[2008/12/13 16:31:40 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/13 16:31:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/13 16:30:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/13 16:30:52 | 46,928,6912 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/13 16:30:06 | 34,037,792 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/12/13 16:30:06 | 00,398,972 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/12/13 16:28:07 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/13 02:00:06 | 00,000,258 | -H-- | M] () -- C:\WINDOWS\tasks\AF82AACC91855C3C.job
[2008/12/12 21:05:34 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jen\Desktop\OTViewIt.exe
[2008/12/09 23:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/06 20:12:04 | 00,012,316 | ---- | M] () -- C:\Documents and Settings\Jen\Desktop\kaspersky_report.html
[2008/12/06 16:49:30 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\Jen\Desktop\RSIT.exe
[2008/12/04 22:33:42 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Jen\Desktop\HijackThis.lnk
[2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/30 22:21:57 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/30 21:00:37 | 03,191,492 | -H-- | M] () -- C:\Documents and Settings\Jen\Local Settings\Application Data\IconCache.db
[2008/11/30 18:27:21 | 00,000,109 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/11/30 12:24:21 | 00,003,284 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/11/30 12:11:54 | 00,000,939 | ---- | M] () -- C:\Documents and Settings\Jen\Desktop\Spybot - Search & Destroy.lnk
[2008/11/15 22:46:21 | 00,000,584 | ---- | M] () -- C:\Documents and Settings\Jen\My Documents\My Sharing Folders.lnk
[2008/11/15 16:44:40 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\f49f4daa.dat
[2008/11/15 16:44:07 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\be49f4daa.dat
< End of report >

======================================================
======================================================

OTViewIt Extras logfile created on: 13/12/2008 16:58:44 - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Jen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.48 Mb Total Physical Memory | 109.00 Mb Available Physical Memory | 24.36% Memory free
1.03 Gb Paging File | 0.61 Gb Available in Paging File | 59.44% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 14.11 Gb Free Space | 37.87% Space Free | Partition Type: NTFS
Drive D: | 1.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNIFER
Current User Name: Jen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/10/17 12:03:24 | 00,514,560 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
[2007/12/29 12:57:44 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/10/17 12:03:08 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe
[2007/11/04 18:44:04 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe
[2006/06/29 23:56:13 | 04,152,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe
[2006/06/29 23:54:45 | 00,269,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/03/30 09:36:34 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2007/03/16 19:25:16 | 25,268,264 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2008/09/18 18:50:21 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
File not found -- C:\Program Files\tinyproxy\tinyproxy.exe:*:Enabled:tinyproxy

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2004/09/17 13:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2004/09/17 13:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2004/09/17 13:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2001/06/20 16:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2008/01/24 15:22:56 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2007/01/12 12:50:48 | 01,828,440 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{06E73C0B-7DE7-4F41-860B-587033B75BD9}"=iPod Updater 2004-11-15
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{11EF6123-C176-11D5-B570-0060084A16BE}"=Art Attack Make It!
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}"=QuickTime
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}"=Samsung PC Studio
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}"=Google Earth
"{28437B9E-8730-11D9-B7CC-00C04F4351FF}"=Zoo Vet
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{335667B0-737C-4E7A-9864-860A7C918F4A}"=PhotoArtMaster Classic
"{3470101E-A698-4B27-9532-5528B02A5FE0}"=Alias SketchBook Pro 2.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3C59AF9D-4139-4D07-BCA2-3CDEFE8B28E3}"=Puppy Luv A New Breed
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}"=Skype Plugin Manager
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{47AA42FD-0450-4CB4-ADAF-B6E770AA7B2F}"=Sony Media Manager 2.2
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{4DEE75B1-B201-4DA3-A50F-007CDB00DA23}"=Microsoft LifeCam
"{4E868D3D-6EEB-4273-926C-2287236B5B79}"=3DVIA player 4.1
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}"=iTunes
"{6815FCDD-401D-481E-BA88-31B4754C2B46}"=Macromedia Flash Player 8
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}"=Software Update for Web Folders
"{87DABCF7-2C38-4996-8FBE-053CA6536168}"=Sony ACID Pro 6.0
"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD
"{9C92937F-7E79-4A32-AB80-BD7637146308}"=BRATZ - Rock Angelz
"{9D1C26BD-E792-4159-9D16-07EA222D8EF0}"=Windows Messenger 5.1
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A70900000002}"=Adobe Reader 7.0.9
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B1B869EB-BDDD-44EE-8858-3753741CDC37}"=3D Garden Designer Deluxe Edition
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}"=Nokia Connectivity Cable Driver
"{C4A4722E-79F9-417C-BD72-8D359A090C97}"=Samsung PC Studio
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}"=Samsung PC Studio 3 USB Driver Installer
"{EF5A6DD8-4A03-4BDD-A7C3-5CA2FF02DCFA}"=Pippa Funnell
"{F3CBA4E6-436E-4B51-9651-93830EE38616}"=Windows Messenger 5.1 MUI Pack
"{FBF18108-DDC2-11D5-BEBF-00606733A9BE}"=Polaroid Digital Cam
"Ad-Aware SE Personal"=Ad-Aware SE Personal
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"AVG7Uninstall"=AVG Free Edition
"Catz"=Catz (remove only)
"DeleteProdRunControl_UK"=IBM ViaVoice Command and Control Runtime 5.3 - UK English
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}"=iPod Updater 2004-11-15
"InstallShield_{B1B869EB-BDDD-44EE-8858-3753741CDC37}"=3D Garden Designer Deluxe Edition
"LimeWire"=LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Messenger Plus! Live"=Messenger Plus! Live & Sponsor (CiD)
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"My Scene™ CD-ROM"=My Scene™ CD-ROM
"Nero - Burning Rom!UninstallKey"=Nero OEM
"Nero BurnRights!UninstallKey"=Nero BurnRights
"NeroVision!UninstallKey"=Nero Digital
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVEContent!UninstallKey"=NeroVision Express Content
"Pensoft"=Pensoft
"Petz 4"=Petz 4 (remove only)
"Pippa Funnell 2 - Take The Reins"=Pippa Funnell 2 - Take The Reins
"RealPlayer 6.0"=RealPlayer
"Rmtablet"=Graphics-Pad MD 41217
"SAMSUNG CDMA Modem"=SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem"=SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software
"Skype_is1"=Skype 3.1
"SLAMRNTV"=Smart Link 56K Voice Modem
"SmartPic_is1"=SmartPic
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"Virtual Makeover 2_is1"=Virtual Makeover 2
"VN_VUIns_Rhine_VIA"=VIA Rhine-Family Fast Ethernet Adapter
"Vodafone 804SS USB driver"=SAMSUNG Mobile USB Modem ^^
"Walt Disney World Quest Magical Racing Tour"=Walt Disney World Quest Magical Racing Tour
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"Windows XP Service Pack"=Windows XP Service Pack 3
"ZoneAlarm"=ZoneAlarm
"ZoneAlarmSB Uninstall"=ZoneAlarm Spy Blocker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/09/2008 13:12:01 | Computer Name = JENNIFER | Source = Windows Live Messenger | ID = 1000
Description =

Error - 21/09/2008 10:58:31 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 7.6.2.9, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16/10/2008 07:30:07 | Computer Name = JENNIFER | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1704. An installation for Microsoft SQL Server Desktop Engine is currently suspended.
You must undo the changes made by that installation to continue. Do you want
to undo those changes?

Error - 16/10/2008 07:30:07 | Computer Name = JENNIFER | Source = MsiInstaller | ID = 11712
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1712. One or more of the files required to restore your computer to its previous
state could not be found. Restoration will not be possible.

Error - 17/10/2008 07:58:46 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 8.5.1302.1018, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 17/10/2008 07:58:49 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 8.5.1302.1018, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 01/11/2008 16:46:23 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/11/2008 12:44:21 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 8.5.1302.1018, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/11/2008 16:13:06 | Computer Name = JENNIFER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x0000100b.

Error - 16/11/2008 19:19:27 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 30/11/2008 17:03:37 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2

Error - 30/11/2008 18:23:45 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 04/12/2008 15:35:55 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2

Error - 04/12/2008 16:59:20 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2

Error - 06/12/2008 12:02:44 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2

Error - 06/12/2008 12:07:01 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 06/12/2008 12:07:07 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 12/12/2008 16:57:00 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2

Error - 13/12/2008 12:17:12 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2

Error - 13/12/2008 12:31:19 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2


< End of report >

===================================================
===================================================

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, December 13, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 12, 2008 17:00:16
Records in database: 1455121
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 120097
Threat name: 6
Infected objects: 10
Suspicious objects: 0
Duration of the scan: 01:26:32


File name / Threat name / Threats count
C:\Documents and Settings\Jen\Desktop\vault\infected.PopularScreensaversSetup2.2.60.11-2.ZRfox000.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1
C:\Documents and Settings\Jen\Desktop\vault\infected.screensavers.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1
C:\Documents and Settings\Jen\Desktop\vault\infected.SignupLt.EXE Infected: not-a-virus:Dialer.Win32.BT.b 1
C:\Documents and Settings\Jen\Desktop\vault\infected.Uninstall.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\RECYCLER\S-1-5-21-311781197-1809539003-19255424-1006\Dc66\Narrowband\Signup\Anytime\signupLt.exe Infected: not-a-virus:Dialer.Win32.BT.b 1
C:\RECYCLER\S-1-5-21-311781197-1809539003-19255424-1006\Dc66\Narrowband\Signup\Standard\SignupLt.exe Infected: not-a-virus:Dialer.Win32.BT.b 1
C:\RECYCLER\S-1-5-21-311781197-1809539003-19255424-1006\Dc67.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\RECYCLER\S-1-5-21-311781197-1809539003-19255424-1006\Dc68.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\RECYCLER\S-1-5-21-311781197-1809539003-19255424-1006\Dc69.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\RECYCLER\S-1-5-21-311781197-1809539003-19255424-1006\Dc70.wma Infected: Trojan-Downloader.WMA.Wimad.n 1

The selected area was scanned.

=====================================================
=====================================================

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 PM

Posted 14 December 2008 - 09:39 AM

Hello.

Kaspersky found some files related to mywebsearch, we will remove those files later.

I do see another infection which is called Lop. We will need to run a scan first and then remove them. You also seem to have a flash-drive infection.

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case LimeWire 4.18.8). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Remove Programs via Add/Remove

Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.

Messenger Plus! Live & Sponsor (CiD)
Netpumper
BitRoll
CiD Help
CiD Manager
Download Plugin for Internet Explorer
Zone Media


*Extra note: Messenger Plus comes with Adware, which is what caused you to have the Lop infection. If you really need it, you may install it again after the cleaning process :thumbsup:. I would advise not to install the Sponsor part because it is usually bundled with malware and etc..


Download and run LopS&D

DownloadLop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double-click LopSD.exe
    If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

Please post back with:
-The Lop log (C:\lopR.txt)
-Fresh OTViewIT log


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 dome90uk

dome90uk
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 15 December 2008 - 04:53 PM

Thanks - below is the requested logs. Only removed Messenger plus via add / remove programs the others were not there.


====================================================

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel® Celeron® M processor 1.50GHz )
BIOS : Insyde Software MobilePRO BIOS Version 4.20.10
USER : Jen ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.552 7.5.552 (Activated)
Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:14 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 15/12/2008|21:38 )

--------------------\\ Listing folders in APPLIC~1

[10/03/2006|13:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[10/03/2006|13:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[30/03/2008|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[10/03/2006|14:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[22/12/2006|22:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Alias
[16/01/2008|21:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[22/04/2007|14:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[07/01/2007|12:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[04/12/2008|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[04/11/2006|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[03/02/2008|20:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[14/08/2008|20:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[30/11/2008|22:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[22/03/2008|13:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10/03/2006|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[23/03/2007|22:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[28/09/2008|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
[30/11/2008|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[16/07/2007|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
[23/04/2008|23:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\up hold blue delete
[25/12/2006|17:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Vivendi Universal Games
[05/11/2006|18:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[31/08/2007|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[22/03/2008|13:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[10/03/2006|13:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[10/03/2006|13:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[20/08/2008|17:21] C:\DOCUME~1\Guest\APPLIC~1\Adobe
[20/08/2008|16:57] C:\DOCUME~1\Guest\APPLIC~1\Alias
[20/08/2008|16:56] C:\DOCUME~1\Guest\APPLIC~1\AVG7
[13/09/2008|20:08] C:\DOCUME~1\Guest\APPLIC~1\Google
[10/03/2006|13:20] C:\DOCUME~1\Guest\APPLIC~1\Identities
[20/08/2008|17:21] C:\DOCUME~1\Guest\APPLIC~1\Macromedia
[13/09/2008|20:08] C:\DOCUME~1\Guest\APPLIC~1\Microsoft
[20/08/2008|17:12] C:\DOCUME~1\Guest\APPLIC~1\Mozilla
[20/08/2008|16:56] C:\DOCUME~1\Guest\APPLIC~1\Real

[29/11/2008|22:33] C:\DOCUME~1\Jen\APPLIC~1\.clamwin
[27/04/2008|10:41] C:\DOCUME~1\Jen\APPLIC~1\Adobe
[30/03/2008|16:56] C:\DOCUME~1\Jen\APPLIC~1\AdobeUM
[22/12/2006|22:41] C:\DOCUME~1\Jen\APPLIC~1\Alias
[22/04/2007|14:33] C:\DOCUME~1\Jen\APPLIC~1\Apple Computer
[06/12/2008|20:28] C:\DOCUME~1\Jen\APPLIC~1\AVG7
[31/08/2007|21:44] C:\DOCUME~1\Jen\APPLIC~1\Google
[14/06/2007|19:03] C:\DOCUME~1\Jen\APPLIC~1\Help
[10/03/2006|13:20] C:\DOCUME~1\Jen\APPLIC~1\Identities
[27/05/2007|20:34] C:\DOCUME~1\Jen\APPLIC~1\InterVideo
[04/11/2006|22:30] C:\DOCUME~1\Jen\APPLIC~1\Lavasoft
[15/11/2008|17:15] C:\DOCUME~1\Jen\APPLIC~1\LimeWire
[30/03/2008|15:47] C:\DOCUME~1\Jen\APPLIC~1\Macromedia
[30/11/2008|22:22] C:\DOCUME~1\Jen\APPLIC~1\Malwarebytes
[27/10/2007|16:05] C:\DOCUME~1\Jen\APPLIC~1\Microsoft
[30/08/2008|21:19] C:\DOCUME~1\Jen\APPLIC~1\Mozilla
[28/09/2008|21:06] C:\DOCUME~1\Jen\APPLIC~1\NetMedia Providers
[28/09/2008|21:06] C:\DOCUME~1\Jen\APPLIC~1\Publish Providers
[22/04/2007|14:32] C:\DOCUME~1\Jen\APPLIC~1\Real
[26/02/2008|18:58] C:\DOCUME~1\Jen\APPLIC~1\Samsung
[13/04/2008|18:45] C:\DOCUME~1\Jen\APPLIC~1\Screenshot Sender
[13/09/2008|19:34] C:\DOCUME~1\Jen\APPLIC~1\Skype
[28/09/2008|21:09] C:\DOCUME~1\Jen\APPLIC~1\Sony
[19/07/2007|20:38] C:\DOCUME~1\Jen\APPLIC~1\Sun
[23/03/2007|18:08] C:\DOCUME~1\Jen\APPLIC~1\Template
[23/04/2008|23:15] C:\DOCUME~1\Jen\APPLIC~1\web meow bits

[30/11/2008|08:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[22/12/2006|22:35] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[05/09/2008|21:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
[05/09/2008|21:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
[22/12/2006|22:35] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[13/12/2008 17:00][--ah-----] C:\WINDOWS\tasks\AF82AACC91855C3C.job
[03/06/2008 16:38][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[15/12/2008 21:29][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( AF82AACC91855C3C.job )=( c:\docume~1\jen\applic~1\webmeo~1\Castthirdteam.exe )

--------------------\\ Listing Folders in C:\Program Files

[10/03/2006|14:15] C:\Program Files\Adobe
[10/03/2006|14:25] C:\Program Files\Ahead
[22/12/2006|22:41] C:\Program Files\Alias
[03/06/2008|19:44] C:\Program Files\Apple Software Update
[16/01/2008|21:42] C:\Program Files\Bonjour
[01/09/2008|17:31] C:\Program Files\Common Files
[10/03/2006|13:10] C:\Program Files\ComPlus Applications
[12/09/2007|15:41] C:\Program Files\Disney Interactive
[16/03/2008|20:43] C:\Program Files\Europress
[13/05/2007|09:47] C:\Program Files\Fisher-Pricer
[03/02/2008|20:23] C:\Program Files\Focus Multimedia Ltd
[04/12/2008|22:55] C:\Program Files\Google
[04/11/2006|17:06] C:\Program Files\Grisoft
[28/09/2008|20:41] C:\Program Files\Image-Line
[16/03/2008|20:43] C:\Program Files\InstallShield Installation Information
[13/12/2008|16:27] C:\Program Files\Internet Explorer
[10/03/2006|14:26] C:\Program Files\InterVideo
[03/06/2008|17:10] C:\Program Files\iPod
[03/06/2008|17:11] C:\Program Files\iTunes
[27/09/2008|20:51] C:\Program Files\Java
[04/11/2006|22:30] C:\Program Files\Lavasoft
[21/09/2008|15:33] C:\Program Files\LimeWire
[06/12/2008|21:53] C:\Program Files\Malwarebytes' Anti-Malware
[09/09/2008|17:54] C:\Program Files\Messenger
[15/12/2008|21:32] C:\Program Files\Messenger Plus! Live
[04/11/2006|22:22] C:\Program Files\Microsoft ActiveSync
[10/03/2006|13:14] C:\Program Files\microsoft frontpage
[09/02/2008|21:49] C:\Program Files\Microsoft LifeCam
[04/11/2006|22:22] C:\Program Files\Microsoft Office
[28/09/2008|20:53] C:\Program Files\Microsoft SQL Server
[10/09/2008|18:26] C:\Program Files\Microsoft Works
[07/08/2007|15:59] C:\Program Files\Mindscape
[09/09/2008|17:53] C:\Program Files\Movie Maker
[06/12/2008|16:28] C:\Program Files\Mozilla Firefox
[10/03/2006|13:09] C:\Program Files\MSN
[10/03/2006|13:09] C:\Program Files\MSN Gaming Zone
[30/11/2008|01:28] C:\Program Files\MSN Messenger
[23/03/2007|22:41] C:\Program Files\MSXML 4.0
[25/12/2006|17:31] C:\Program Files\My Scene™
[09/09/2008|17:47] C:\Program Files\NetMeeting
[10/03/2006|13:12] C:\Program Files\Online Services
[09/09/2008|17:47] C:\Program Files\Outlook Express
[28/09/2008|20:50] C:\Program Files\Outsim
[28/12/2006|19:13] C:\Program Files\PF.Magic
[09/02/2008|21:49] C:\Program Files\PhotoArtMaster Classic
[04/11/2006|15:54] C:\Program Files\Program Shortcuts
[09/08/2008|13:17] C:\Program Files\Puppy Luv A New Breed
[03/06/2008|17:07] C:\Program Files\QuickTime
[04/11/2006|19:10] C:\Program Files\Real
[26/08/2008|20:09] C:\Program Files\Safari
[26/02/2008|18:00] C:\Program Files\Samsung
[23/03/2007|22:21] C:\Program Files\Skype
[22/12/2006|23:22] C:\Program Files\SmartPic
[28/09/2008|20:42] C:\Program Files\Sony
[28/09/2008|20:39] C:\Program Files\Sony Setup
[30/11/2008|12:18] C:\Program Files\Spybot - Search & Destroy
[27/09/2008|20:52] C:\Program Files\Sun
[10/03/2006|14:17] C:\Program Files\Synaptics
[25/12/2006|14:05] C:\Program Files\THQ
[04/12/2008|22:33] C:\Program Files\Trend Micro
[14/09/2007|16:39] C:\Program Files\Ubisoft
[10/03/2006|13:19] C:\Program Files\Uninstall Information
[21/10/2008|18:09] C:\Program Files\Virtools
[15/11/2008|21:43] C:\Program Files\Virtual Makeover 2
[28/09/2008|20:44] C:\Program Files\Vstplugins
[19/01/2008|22:06] C:\Program Files\web meow bits
[22/03/2008|13:52] C:\Program Files\Windows Live
[04/12/2008|22:58] C:\Program Files\Windows Live Toolbar
[09/09/2008|17:47] C:\Program Files\Windows Media Player
[09/09/2008|17:47] C:\Program Files\Windows NT
[10/03/2006|13:12] C:\Program Files\WindowsUpdate
[10/03/2006|13:14] C:\Program Files\xerox
[04/12/2008|22:59] C:\Program Files\Yahoo!
[04/11/2006|17:00] C:\Program Files\Zone Labs
[14/08/2008|20:22] C:\Program Files\ZoneAlarmSB

--------------------\\ Listing Folders in C:\Program Files\Common Files

[30/03/2008|16:58] C:\Program Files\Common Files\Adobe
[10/03/2006|14:23] C:\Program Files\Common Files\Ahead
[16/01/2008|21:39] C:\Program Files\Common Files\Apple
[04/11/2006|22:22] C:\Program Files\Common Files\Designer
[03/02/2008|20:27] C:\Program Files\Common Files\InstallShield
[18/07/2007|22:02] C:\Program Files\Common Files\Java
[22/03/2008|13:53] C:\Program Files\Common Files\Microsoft Shared
[10/03/2006|13:11] C:\Program Files\Common Files\MSSoap
[10/03/2006|14:04] C:\Program Files\Common Files\ODBC
[04/11/2006|19:11] C:\Program Files\Common Files\Real
[10/03/2006|13:11] C:\Program Files\Common Files\Services
[23/03/2007|22:21] C:\Program Files\Common Files\Skype
[10/03/2006|14:04] C:\Program Files\Common Files\SpeechEngines
[09/11/2008|12:06] C:\Program Files\Common Files\Symantec Shared
[09/09/2008|17:47] C:\Program Files\Common Files\System
[25/12/2006|17:31] C:\Program Files\Common Files\Vivendi Universal Games
[22/03/2008|13:53] C:\Program Files\Common Files\WindowsLiveInstaller
[04/11/2006|19:11] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 47 Processes )

iexplore.exe ~ [PID:4080]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Jen\APPLIC~1\webmeo~1
C:\Program Files\webmeo~1
C:\DOCUME~1\Jen\LOCALS~1\Temp\nsk3E.tmp
C:\DOCUME~1\Jen\Cookies\jen@32vegas[1].txt
C:\DOCUME~1\Jen\Cookies\jen@banner.32vegas[2].txt
C:\DOCUME~1\Jen\Cookies\jen@888ladies[2].txt
C:\DOCUME~1\Jen\Cookies\jen@888[1].txt
C:\WINDOWS\Tasks\AF82AACC91855C3C.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gluesite"="C:\\DOCUME~1\\Jen\\APPLIC~1\\WEBMEO~1\\Start Seek.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Checking the Hosts file

Hosts file MODIFIED

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 72 [ 70 ## added by CiD ]

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 21:40:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 9

--------------------\\ Searching for other infections

--------------------\\ KoobFace !

C:\WINDOWS\bemark2.dat



[F:1023][D:64]-> C:\DOCUME~1\Jen\LOCALS~1\Temp
[F:279][D:0]-> C:\DOCUME~1\Jen\Cookies
[F:6339][D:13]-> C:\DOCUME~1\Jen\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 15/12/2008|21:44 - Option : [1]

--------------------\\ Scan completed at 21:44:47


===========================================================
===========================================================

OTViewIt logfile created on: 15/12/2008 21:50:16 - Run 3
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Jen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.48 Mb Total Physical Memory | 97.31 Mb Available Physical Memory | 21.75% Memory free
1.03 Gb Paging File | 0.73 Gb Available in Paging File | 70.42% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 14.07 Gb Free Space | 37.77% Space Free | Partition Type: NTFS
Drive D: | 1.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNIFER
Current User Name: Jen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2008/01/15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/11/04 18:44:04 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
[2006/12/22 22:35:29 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
[2007/12/29 12:57:44 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/06/29 23:54:23 | 00,187,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
[2005/10/17 09:00:54 | 00,061,440 | ---- | M] ( ) -- C:\WINDOWS\system32\slmdmsr.exe
[2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008/04/14 00:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2005/10/14 11:00:13 | 00,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
[2005/10/14 11:00:13 | 00,167,936 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
[2005/10/17 09:20:06 | 00,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2006/02/21 09:32:38 | 00,294,912 | ---- | M] () -- C:\WINDOWS\system32\ATWTUSB.EXE
[2006/06/29 23:55:44 | 00,707,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
[2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2006/11/04 19:10:53 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2004/08/09 06:03:38 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2008/03/30 09:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/07/09 08:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[2005/08/31 19:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\Msmsgs.exe
[2005/06/20 17:13:00 | 00,107,237 | ---- | M] (Alias Systems) -- C:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe
[2006/12/25 22:28:22 | 00,185,476 | ---- | M] () -- C:\PENSOFT\fquick32.exe
[2006/12/25 22:28:22 | 00,060,928 | ---- | M] () -- C:\PENSOFT\Quick95.exe
[2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/10/15 07:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/09/20 10:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2006/11/04 19:10:57 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
[2008/12/12 21:05:34 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jen\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/01/15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/11/04 18:44:04 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
[2006/12/22 22:35:29 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
[2007/12/29 12:57:44 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe -- (AVGEMS [Auto | Running])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (DCOM Server Process Launcher (DcomLaunch) [Auto | Stopped])
File not found -- -- (DHCP Client (Dhcp) [Auto | Stopped])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2006/06/29 23:54:23 | 00,187,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamSvc.exe -- (MSCamSvc [Auto | Running])
File not found -- -- (Protected Storage (ProtectedStorage) [Auto | Stopped])
[2005/10/17 09:00:54 | 00,061,440 | ---- | M] ( ) -- C:\WINDOWS\system32\slmdmsr.exe -- (SLService [Auto | Running])
[2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/07/07 16:02:14 | 00,022,272 | ---- | M] (AIPTEK International Inc.) -- C:\WINDOWS\system32\drivers\aiptektp.sys -- (aiptektp [System | Stopped])
[2005/08/19 15:31:52 | 03,644,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2005/05/05 00:08:38 | 00,463,168 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211 [On_Demand | Running])
[2007/11/04 18:44:01 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7core.sys -- (Avg7Core [System | Running])
[2006/12/22 22:35:30 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
[2007/03/23 21:45:15 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
[2007/12/29 12:57:45 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean [System | Running])
[2006/12/22 22:35:30 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdi.sys -- (AvgTdi [Auto | Running])
[2005/10/17 06:27:44 | 00,043,008 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])
[2001/08/17 12:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
[2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/10/12 11:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2007/07/19 14:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2005/10/17 09:00:50 | 00,237,616 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\SLDRV\mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])
[2005/10/17 09:00:51 | 01,464,912 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\SLDRV\mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])
[2008/05/02 09:58:12 | 00,017,536 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
[2008/05/02 09:58:14 | 00,020,864 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
[2005/08/18 15:52:06 | 00,093,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2005/08/18 15:52:08 | 00,077,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
[2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/10/17 09:00:51 | 00,014,680 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\SLDRV\RecAgent.sys -- (RecAgent [Boot | Running])
[2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2005/01/11 15:58:48 | 00,030,976 | ---- | M] (Silicon Integrated Systems Corp) -- C:\WINDOWS\system32\drivers\SiSRaid2.sys -- (SiSRaid2 [Boot | Running])
[2005/10/17 09:00:54 | 00,698,848 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\SLDRV\slntamr.sys -- (Slntamr [On_Demand | Running])
[2005/10/17 09:00:54 | 00,101,328 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\SLDRV\slnthal.sys -- (SlNtHal [On_Demand | Stopped])
[2005/10/17 09:00:54 | 00,013,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\SLDRV\slwdmsup.sys -- (SlWdmSup [On_Demand | Running])
[2008/02/27 02:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2005/08/30 01:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus [On_Demand | Stopped])
[2005/08/30 01:49:34 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl [On_Demand | Stopped])
[2005/08/30 01:49:38 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm [On_Demand | Stopped])
[2005/10/17 09:19:59 | 00,190,560 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2008/04/13 18:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys -- (uagp35 [Boot | Running])
[2008/05/02 09:58:14 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
[2008/01/15 02:39:58 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 18:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2008/04/13 18:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
[2008/05/02 09:58:28 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
[2003/07/02 02:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [Boot | Running])
[2005/10/14 11:00:12 | 00,238,464 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Running])
[2005/11/23 09:12:12 | 00,092,672 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid [Boot | Running])
[2008/07/09 08:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2006/06/29 23:55:56 | 01,966,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000 [On_Demand | Stopped])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = *.local;<local>

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-311781197-1809539003-19255424-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-311781197-1809539003-19255424-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-311781197-1809539003-19255424-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-311781197-1809539003-19255424-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (4102 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
46 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-311781197-1809539003-19255424-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"atwtusb"=atwtusb.exe beta ()
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" (Microsoft Corporation)
"PenLock"= File not found
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"VTTimer"=VTTimer.exe (S3 Graphics, Inc.)
"VTTrayp"=VTtrayp.exe (S3 Graphics Co., Ltd.)
"VX3000"=C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gluesite"=C:\DOCUME~1\Jen\APPLIC~1\WEBMEO~1\Start Seek.exe File not found
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-21-311781197-1809539003-19255424-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gluesite"=C:\DOCUME~1\Jen\APPLIC~1\WEBMEO~1\Start Seek.exe File not found
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MessengerPlusLiveUninstall"="C:\DOCUME~1\Jen\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup (Patchou)

========== (O4) Startup Folders ==========

[2005/09/23 21:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2005/06/20 17:13:00 | 00,107,237 | ---- | M] (Alias Systems) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Alias SketchBook Snapshot.lnk = C:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe
[2001/02/13 01:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
[2006/12/25 22:28:22 | 00,185,476 | ---- | M] () -- C:\Documents and Settings\Jen\Start Menu\Programs\Startup\Quick StartUp.lnk = C:\PENSOFT\fquick32.exe
[2006/12/25 22:28:22 | 00,060,928 | ---- | M] () -- C:\Documents and Settings\Jen\Start Menu\Programs\Startup\Start.lnk = C:\PENSOFT\Quick95.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FF FF FF FF [binary data]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-311781197-1809539003-19255424-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FF FF FF FF [binary data]

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-311781197-1809539003-19255424-1006\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: @c:\Program Files\Messenger\Msgslang.dll,-61144 -- %ProgramFiles%\Messenger\Msmsgs.exe [2005/08/31 19:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: @c:\Program Files\Messenger\Msgslang.dll,-61144 -- %ProgramFiles%\Messenger\Msmsgs.exe [2005/08/31 19:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [Messenger Class] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\Msmsgs.exe [@c:\Program Files\Messenger\Msgslang.dll,-61144] -> [2005/08/31 19:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [Messenger Class] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\Msmsgs.exe [@c:\Program Files\Messenger\Msgslang.dll,-61144] -> [2005/08/31 19:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [Messenger Class] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\Msmsgs.exe [@c:\Program Files\Messenger\Msgslang.dll,-61144] -> [2005/08/31 19:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-311781197-1809539003-19255424-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [Messenger Class] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\Msmsgs.exe [@c:\Program Files\Messenger\Msgslang.dll,-61144] -> [2005/08/31 19:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1162750324718 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{4AAEB0DC-2B3C-4979-8CE0-E96BAAB59224} (Servers: | Description: Atheros AR5005G Wireless Network Adapter)
{68523A16-A228-436F-BAA7-C6C1D99431F2} (Servers: | Description: )
{851B02DC-8DE1-4305-8155-AD960170CF29} (Servers: | Description: VIA Rhine II Fast Ethernet Adapter)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/03/10 13:14:33 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf []
[2008/12/15 21:23:46 | 00,000,000 | RHSD | M] -- C:\autorun.inf -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{975e4acc-b043-11da-b7b6-0002e345a6e2}\Shell\AutoRun\command]
""=~tmp0.1st.exe

========== Files/Folders - Created Within 30 Days ==========

[2008/12/15 21:37:39 | 00,000,000 | ---D | C] -- C:\Lop SD
[2008/12/15 21:36:58 | 00,529,069 | ---- | C] () -- C:\DOCUME~1\Jen\Desktop\LopSD.exe
[2008/12/15 21:23:46 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2008/12/15 21:22:20 | 00,132,597 | ---- | C] () -- C:\DOCUME~1\Jen\Desktop\Flash_Disinfector.exe
[2008/12/12 21:05:29 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Jen\Desktop\OTViewIt.exe
[2008/12/06 20:15:24 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/06 20:12:03 | 00,012,316 | ---- | C] () -- C:\DOCUME~1\Jen\Desktop\kaspersky_report.html
[2008/12/06 16:49:29 | 00,305,705 | ---- | C] () -- C:\DOCUME~1\Jen\Desktop\RSIT.exe
[2008/12/04 22:33:42 | 00,001,740 | ---- | C] () -- C:\DOCUME~1\Jen\Desktop\HijackThis.lnk
[2008/12/04 22:33:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/30 22:22:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jen\Application Data\Malwarebytes
[2008/11/30 22:21:57 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/30 22:21:57 | 00,000,702 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/30 22:21:54 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/11/30 22:21:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/30 22:21:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/30 18:27:21 | 00,000,109 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/30 12:31:50 | 46,928,6912 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/30 12:11:54 | 00,000,939 | ---- | C] () -- C:\DOCUME~1\Jen\Desktop\Spybot - Search & Destroy.lnk
[2008/11/30 12:11:44 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/30 12:11:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/11/30 12:08:15 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Jen\Desktop\Clamwin DB
[2008/11/30 11:55:56 | 00,003,284 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2008/11/30 11:48:41 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Jen\Desktop\antivirus
[2008/11/29 22:41:27 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Jen\Desktop\vault
[2008/11/29 22:33:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jen\Application Data\.clamwin

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/12/15 21:37:39 | 00,529,069 | ---- | M] () -- C:\DOCUME~1\Jen\Desktop\LopSD.exe
[2008/12/15 21:30:20 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/12/15 21:29:48 | 00,000,766 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/15 21:29:46 | 00,003,873 | ---- | M] () -- C:\WINDOWS\aiptbl.ini
[2008/12/15 21:29:37 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/15 21:29:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/15 21:28:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/15 21:28:55 | 46,928,6912 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/15 21:28:10 | 34,037,792 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/12/15 21:28:10 | 00,398,972 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/12/15 21:22:46 | 00,132,597 | ---- | M] () -- C:\DOCUME~1\Jen\Desktop\Flash_Disinfector.exe
[2008/12/13 17:00:00 | 00,000,258 | -H-- | M] () -- C:\WINDOWS\tasks\AF82AACC91855C3C.job
[2008/12/13 16:28:07 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/12 21:05:34 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Jen\Desktop\OTViewIt.exe
[2008/12/09 23:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/06 20:12:04 | 00,012,316 | ---- | M] () -- C:\DOCUME~1\Jen\Desktop\kaspersky_report.html
[2008/12/06 16:49:30 | 00,305,705 | ---- | M] () -- C:\DOCUME~1\Jen\Desktop\RSIT.exe
[2008/12/04 22:33:42 | 00,001,740 | ---- | M] () -- C:\DOCUME~1\Jen\Desktop\HijackThis.lnk
[2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/30 22:21:57 | 00,000,702 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/30 21:00:37 | 03,191,492 | -H-- | M] () -- C:\Documents and Settings\Jen\Local Settings\Application Data\IconCache.db
[2008/11/30 18:27:21 | 00,000,109 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/11/30 12:24:21 | 00,003,284 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/11/30 12:11:54 | 00,000,939 | ---- | M] () -- C:\DOCUME~1\Jen\Desktop\Spybot - Search & Destroy.lnk
[2008/11/15 22:46:21 | 00,000,584 | ---- | M] () -- C:\DOCUME~1\Jen\My Documents\My Sharing Folders.lnk
< End of report >

================================================================
================================================================

OTViewIt Extras logfile created on: 15/12/2008 21:50:16 - Run 3
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Jen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.48 Mb Total Physical Memory | 97.31 Mb Available Physical Memory | 21.75% Memory free
1.03 Gb Paging File | 0.73 Gb Available in Paging File | 70.42% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 14.07 Gb Free Space | 37.77% Space Free | Partition Type: NTFS
Drive D: | 1.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNIFER
Current User Name: Jen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/10/17 12:03:24 | 00,514,560 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
[2007/12/29 12:57:44 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/10/17 12:03:08 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe
[2007/11/04 18:44:04 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe
[2006/06/29 23:56:13 | 04,152,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe
[2006/06/29 23:54:45 | 00,269,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/03/30 09:36:34 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2007/03/16 19:25:16 | 25,268,264 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2008/09/18 18:50:21 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
File not found -- C:\Program Files\tinyproxy\tinyproxy.exe:*:Enabled:tinyproxy

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/09/17 13:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/09/17 13:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/09/17 13:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 16:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/24 15:22:56 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/12 12:50:48 | 01,828,440 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{06E73C0B-7DE7-4F41-860B-587033B75BD9}"=iPod Updater 2004-11-15
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{11EF6123-C176-11D5-B570-0060084A16BE}"=Art Attack Make It!
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}"=QuickTime
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}"=Samsung PC Studio
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}"=Google Earth
"{28437B9E-8730-11D9-B7CC-00C04F4351FF}"=Zoo Vet
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{335667B0-737C-4E7A-9864-860A7C918F4A}"=PhotoArtMaster Classic
"{3470101E-A698-4B27-9532-5528B02A5FE0}"=Alias SketchBook Pro 2.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3C59AF9D-4139-4D07-BCA2-3CDEFE8B28E3}"=Puppy Luv A New Breed
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}"=Skype Plugin Manager
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{47AA42FD-0450-4CB4-ADAF-B6E770AA7B2F}"=Sony Media Manager 2.2
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{4DEE75B1-B201-4DA3-A50F-007CDB00DA23}"=Microsoft LifeCam
"{4E868D3D-6EEB-4273-926C-2287236B5B79}"=3DVIA player 4.1
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}"=iTunes
"{6815FCDD-401D-481E-BA88-31B4754C2B46}"=Macromedia Flash Player 8
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}"=Software Update for Web Folders
"{87DABCF7-2C38-4996-8FBE-053CA6536168}"=Sony ACID Pro 6.0
"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD
"{9C92937F-7E79-4A32-AB80-BD7637146308}"=BRATZ - Rock Angelz
"{9D1C26BD-E792-4159-9D16-07EA222D8EF0}"=Windows Messenger 5.1
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A70900000002}"=Adobe Reader 7.0.9
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B1B869EB-BDDD-44EE-8858-3753741CDC37}"=3D Garden Designer Deluxe Edition
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}"=Nokia Connectivity Cable Driver
"{C4A4722E-79F9-417C-BD72-8D359A090C97}"=Samsung PC Studio
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}"=Samsung PC Studio 3 USB Driver Installer
"{EF5A6DD8-4A03-4BDD-A7C3-5CA2FF02DCFA}"=Pippa Funnell
"{F3CBA4E6-436E-4B51-9651-93830EE38616}"=Windows Messenger 5.1 MUI Pack
"{FBF18108-DDC2-11D5-BEBF-00606733A9BE}"=Polaroid Digital Cam
"Ad-Aware SE Personal"=Ad-Aware SE Personal
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"AVG7Uninstall"=AVG Free Edition
"Catz"=Catz (remove only)
"DeleteProdRunControl_UK"=IBM ViaVoice Command and Control Runtime 5.3 - UK English
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}"=iPod Updater 2004-11-15
"InstallShield_{B1B869EB-BDDD-44EE-8858-3753741CDC37}"=3D Garden Designer Deluxe Edition
"LimeWire"=LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"My Scene™ CD-ROM"=My Scene™ CD-ROM
"Nero - Burning Rom!UninstallKey"=Nero OEM
"Nero BurnRights!UninstallKey"=Nero BurnRights
"NeroVision!UninstallKey"=Nero Digital
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVEContent!UninstallKey"=NeroVision Express Content
"Pensoft"=Pensoft
"Petz 4"=Petz 4 (remove only)
"Pippa Funnell 2 - Take The Reins"=Pippa Funnell 2 - Take The Reins
"RealPlayer 6.0"=RealPlayer
"Rmtablet"=Graphics-Pad MD 41217
"SAMSUNG CDMA Modem"=SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem"=SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software
"Skype_is1"=Skype 3.1
"SLAMRNTV"=Smart Link 56K Voice Modem
"SmartPic_is1"=SmartPic
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"Virtual Makeover 2_is1"=Virtual Makeover 2
"VN_VUIns_Rhine_VIA"=VIA Rhine-Family Fast Ethernet Adapter
"Vodafone 804SS USB driver"=SAMSUNG Mobile USB Modem ^^
"Walt Disney World Quest Magical Racing Tour"=Walt Disney World Quest Magical Racing Tour
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"Windows XP Service Pack"=Windows XP Service Pack 3
"ZoneAlarm"=ZoneAlarm
"ZoneAlarmSB Uninstall"=ZoneAlarm Spy Blocker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/09/2008 13:12:01 | Computer Name = JENNIFER | Source = Windows Live Messenger | ID = 1000
Description =

Error - 21/09/2008 10:58:31 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 7.6.2.9, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16/10/2008 07:30:07 | Computer Name = JENNIFER | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1704. An installation for Microsoft SQL Server Desktop Engine is currently suspended.
You must undo the changes made by that installation to continue. Do you want
to undo those changes?

Error - 16/10/2008 07:30:07 | Computer Name = JENNIFER | Source = MsiInstaller | ID = 11712
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1712. One or more of the files required to restore your computer to its previous
state could not be found. Restoration will not be possible.

Error - 17/10/2008 07:58:46 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 8.5.1302.1018, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 17/10/2008 07:58:49 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 8.5.1302.1018, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 01/11/2008 16:46:23 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/11/2008 12:44:21 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 8.5.1302.1018, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/11/2008 16:13:06 | Computer Name = JENNIFER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x0000100b.

Error - 16/11/2008 19:19:27 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 04/12/2008 15:35:55 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2

Error - 04/12/2008 16:59:20 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2

Error - 06/12/2008 12:02:44 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2

Error - 06/12/2008 12:07:01 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 06/12/2008 12:07:07 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 12/12/2008 16:57:00 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2

Error - 13/12/2008 12:17:12 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2

Error - 13/12/2008 12:31:19 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2

Error - 15/12/2008 17:07:58 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2

Error - 15/12/2008 17:29:20 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2


< End of report >

==============================================================

Thanks

Edited by dome90uk, 15 December 2008 - 04:55 PM.


#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 PM

Posted 16 December 2008 - 07:57 AM

Hello.

For some reason I missed your reply..

Thanks - below is the requested logs. Only removed Messenger plus via add / remove programs the others were not there.

Yes. Just wanted to make sure though :thumbsup:

Run Lop S&D using Option 2

Download Lop S&D by Eric_71 and save it to your desktop again if you have lost your copy..

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double-click LopSD.exe
    If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 2 to choose Option 2 (Fix + Hosts), then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

Backup Registry with ERUNT

This tool will create a complete backup of your registry. A backup is created to ensure we have backup so encase anything goes wrong we can deal with it. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt


How to Restore from the ERUNT Backup
Only restore from the backups if instructed to, or you need to do so. You need it if after doing something, your computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all.

To restore if you can boot, navigate to C:\WINDOWS\erdnt, choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options.

To restore from the Recovery Console using the Windows CD:
  • Turn on your machine with the disk in the drive.
  • Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
  • Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
  • Type without quotes "cd erdnt" followed by Enter.
  • Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
  • Type without quotes "cd **name of the folder**" followed by Enter.
  • Type without quotes "batch erdnt.con" followed by Enter.
  • Type without quotes "exit" followed by Enter.
  • Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try again with an earlier restore date.

Download and Run OTMoveIT3
  • Please download OTMoveIt3 by OldTimer and save it to your desktop. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Services
    DCOM Server Process Launcher (DcomLaunch)
    DHCP Client (Dhcp)
    Protected Storage (ProtectedStorage)
    
    :files
    C:\Program Files\tinyproxy
    C:\DOCUME~1\Jen\LOCALS~1\Temp\MsgPlusUninstall.exe
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "MessengerPlusLiveUninstall"=-
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{975e4acc-b043-11da-b7b6-0002e345a6e2}]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Download and run MalwareBytes Anti-Malware

I know you have Malwarebytes anti-malware but just encase you uninstalled it you can find instructions below. :)

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Please post back with:
-The Lop log (C:\lopR.txt)
-OTMoveIT log
-Malwarebytes Anti-Malware log
-New OTViewIT log(Run this after completion of everything else)


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 dome90uk

dome90uk
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 17 December 2008 - 07:08 PM

Hi,

LopSD log ====================================================


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel® Celeron® M processor 1.50GHz )
BIOS : Insyde Software MobilePRO BIOS Version 4.20.10
USER : Jen ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.552 7.5.552 (Activated)
Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:14 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 17/12/2008|23:28 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\Jen\LOCALS~1\Temp\nsk3E.tmp
Deleted! - C:\DOCUME~1\Jen\Cookies\jen@32vegas[1].txt
Deleted! - C:\DOCUME~1\Jen\Cookies\jen@banner.32vegas[2].txt
Deleted! - C:\DOCUME~1\Jen\Cookies\jen@888ladies[2].txt
Deleted! - C:\DOCUME~1\Jen\Cookies\jen@888[1].txt
Deleted! - C:\WINDOWS\Tasks\AF82AACC91855C3C.job
Deleted! - C:\DOCUME~1\Jen\APPLIC~1\webmeo~1
Deleted! - C:\Program Files\webmeo~1
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[10/03/2006|13:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[10/03/2006|13:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[30/03/2008|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[10/03/2006|14:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[22/12/2006|22:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Alias
[16/01/2008|21:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[22/04/2007|14:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[07/01/2007|12:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[04/12/2008|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[04/11/2006|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[03/02/2008|20:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[14/08/2008|20:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[30/11/2008|22:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[22/03/2008|13:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10/03/2006|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[23/03/2007|22:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[28/09/2008|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
[30/11/2008|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[16/07/2007|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
[23/04/2008|23:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\up hold blue delete
[25/12/2006|17:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Vivendi Universal Games
[05/11/2006|18:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[31/08/2007|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[22/03/2008|13:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[10/03/2006|13:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[10/03/2006|13:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[20/08/2008|17:21] C:\DOCUME~1\Guest\APPLIC~1\Adobe
[20/08/2008|16:57] C:\DOCUME~1\Guest\APPLIC~1\Alias
[20/08/2008|16:56] C:\DOCUME~1\Guest\APPLIC~1\AVG7
[13/09/2008|20:08] C:\DOCUME~1\Guest\APPLIC~1\Google
[10/03/2006|13:20] C:\DOCUME~1\Guest\APPLIC~1\Identities
[20/08/2008|17:21] C:\DOCUME~1\Guest\APPLIC~1\Macromedia
[13/09/2008|20:08] C:\DOCUME~1\Guest\APPLIC~1\Microsoft
[20/08/2008|17:12] C:\DOCUME~1\Guest\APPLIC~1\Mozilla
[20/08/2008|16:56] C:\DOCUME~1\Guest\APPLIC~1\Real

[29/11/2008|22:33] C:\DOCUME~1\Jen\APPLIC~1\.clamwin
[27/04/2008|10:41] C:\DOCUME~1\Jen\APPLIC~1\Adobe
[30/03/2008|16:56] C:\DOCUME~1\Jen\APPLIC~1\AdobeUM
[22/12/2006|22:41] C:\DOCUME~1\Jen\APPLIC~1\Alias
[22/04/2007|14:33] C:\DOCUME~1\Jen\APPLIC~1\Apple Computer
[06/12/2008|20:28] C:\DOCUME~1\Jen\APPLIC~1\AVG7
[31/08/2007|21:44] C:\DOCUME~1\Jen\APPLIC~1\Google
[14/06/2007|19:03] C:\DOCUME~1\Jen\APPLIC~1\Help
[10/03/2006|13:20] C:\DOCUME~1\Jen\APPLIC~1\Identities
[27/05/2007|20:34] C:\DOCUME~1\Jen\APPLIC~1\InterVideo
[04/11/2006|22:30] C:\DOCUME~1\Jen\APPLIC~1\Lavasoft
[15/11/2008|17:15] C:\DOCUME~1\Jen\APPLIC~1\LimeWire
[30/03/2008|15:47] C:\DOCUME~1\Jen\APPLIC~1\Macromedia
[30/11/2008|22:22] C:\DOCUME~1\Jen\APPLIC~1\Malwarebytes
[27/10/2007|16:05] C:\DOCUME~1\Jen\APPLIC~1\Microsoft
[30/08/2008|21:19] C:\DOCUME~1\Jen\APPLIC~1\Mozilla
[28/09/2008|21:06] C:\DOCUME~1\Jen\APPLIC~1\NetMedia Providers
[28/09/2008|21:06] C:\DOCUME~1\Jen\APPLIC~1\Publish Providers
[22/04/2007|14:32] C:\DOCUME~1\Jen\APPLIC~1\Real
[26/02/2008|18:58] C:\DOCUME~1\Jen\APPLIC~1\Samsung
[13/04/2008|18:45] C:\DOCUME~1\Jen\APPLIC~1\Screenshot Sender
[13/09/2008|19:34] C:\DOCUME~1\Jen\APPLIC~1\Skype
[28/09/2008|21:09] C:\DOCUME~1\Jen\APPLIC~1\Sony
[19/07/2007|20:38] C:\DOCUME~1\Jen\APPLIC~1\Sun
[23/03/2007|18:08] C:\DOCUME~1\Jen\APPLIC~1\Template

[30/11/2008|08:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[22/12/2006|22:35] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[05/09/2008|21:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
[05/09/2008|21:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
[22/12/2006|22:35] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[03/06/2008 16:38][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[17/12/2008 23:07][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[10/03/2006|14:15] C:\Program Files\Adobe
[10/03/2006|14:25] C:\Program Files\Ahead
[22/12/2006|22:41] C:\Program Files\Alias
[03/06/2008|19:44] C:\Program Files\Apple Software Update
[16/01/2008|21:42] C:\Program Files\Bonjour
[01/09/2008|17:31] C:\Program Files\Common Files
[10/03/2006|13:10] C:\Program Files\ComPlus Applications
[12/09/2007|15:41] C:\Program Files\Disney Interactive
[16/03/2008|20:43] C:\Program Files\Europress
[13/05/2007|09:47] C:\Program Files\Fisher-Pricer
[03/02/2008|20:23] C:\Program Files\Focus Multimedia Ltd
[04/12/2008|22:55] C:\Program Files\Google
[04/11/2006|17:06] C:\Program Files\Grisoft
[28/09/2008|20:41] C:\Program Files\Image-Line
[16/03/2008|20:43] C:\Program Files\InstallShield Installation Information
[13/12/2008|16:27] C:\Program Files\Internet Explorer
[10/03/2006|14:26] C:\Program Files\InterVideo
[03/06/2008|17:10] C:\Program Files\iPod
[03/06/2008|17:11] C:\Program Files\iTunes
[27/09/2008|20:51] C:\Program Files\Java
[04/11/2006|22:30] C:\Program Files\Lavasoft
[21/09/2008|15:33] C:\Program Files\LimeWire
[06/12/2008|21:53] C:\Program Files\Malwarebytes' Anti-Malware
[09/09/2008|17:54] C:\Program Files\Messenger
[04/11/2006|22:22] C:\Program Files\Microsoft ActiveSync
[10/03/2006|13:14] C:\Program Files\microsoft frontpage
[09/02/2008|21:49] C:\Program Files\Microsoft LifeCam
[04/11/2006|22:22] C:\Program Files\Microsoft Office
[28/09/2008|20:53] C:\Program Files\Microsoft SQL Server
[10/09/2008|18:26] C:\Program Files\Microsoft Works
[07/08/2007|15:59] C:\Program Files\Mindscape
[09/09/2008|17:53] C:\Program Files\Movie Maker
[06/12/2008|16:28] C:\Program Files\Mozilla Firefox
[10/03/2006|13:09] C:\Program Files\MSN
[10/03/2006|13:09] C:\Program Files\MSN Gaming Zone
[30/11/2008|01:28] C:\Program Files\MSN Messenger
[23/03/2007|22:41] C:\Program Files\MSXML 4.0
[25/12/2006|17:31] C:\Program Files\My Scene™
[09/09/2008|17:47] C:\Program Files\NetMeeting
[10/03/2006|13:12] C:\Program Files\Online Services
[09/09/2008|17:47] C:\Program Files\Outlook Express
[28/09/2008|20:50] C:\Program Files\Outsim
[28/12/2006|19:13] C:\Program Files\PF.Magic
[09/02/2008|21:49] C:\Program Files\PhotoArtMaster Classic
[04/11/2006|15:54] C:\Program Files\Program Shortcuts
[09/08/2008|13:17] C:\Program Files\Puppy Luv A New Breed
[03/06/2008|17:07] C:\Program Files\QuickTime
[04/11/2006|19:10] C:\Program Files\Real
[26/08/2008|20:09] C:\Program Files\Safari
[26/02/2008|18:00] C:\Program Files\Samsung
[23/03/2007|22:21] C:\Program Files\Skype
[22/12/2006|23:22] C:\Program Files\SmartPic
[28/09/2008|20:42] C:\Program Files\Sony
[28/09/2008|20:39] C:\Program Files\Sony Setup
[30/11/2008|12:18] C:\Program Files\Spybot - Search & Destroy
[27/09/2008|20:52] C:\Program Files\Sun
[10/03/2006|14:17] C:\Program Files\Synaptics
[25/12/2006|14:05] C:\Program Files\THQ
[04/12/2008|22:33] C:\Program Files\Trend Micro
[14/09/2007|16:39] C:\Program Files\Ubisoft
[10/03/2006|13:19] C:\Program Files\Uninstall Information
[21/10/2008|18:09] C:\Program Files\Virtools
[15/11/2008|21:43] C:\Program Files\Virtual Makeover 2
[28/09/2008|20:44] C:\Program Files\Vstplugins
[22/03/2008|13:52] C:\Program Files\Windows Live
[04/12/2008|22:58] C:\Program Files\Windows Live Toolbar
[09/09/2008|17:47] C:\Program Files\Windows Media Player
[09/09/2008|17:47] C:\Program Files\Windows NT
[10/03/2006|13:12] C:\Program Files\WindowsUpdate
[10/03/2006|13:14] C:\Program Files\xerox
[04/12/2008|22:59] C:\Program Files\Yahoo!
[04/11/2006|17:00] C:\Program Files\Zone Labs
[14/08/2008|20:22] C:\Program Files\ZoneAlarmSB

--------------------\\ Listing Folders in C:\Program Files\Common Files

[30/03/2008|16:58] C:\Program Files\Common Files\Adobe
[10/03/2006|14:23] C:\Program Files\Common Files\Ahead
[16/01/2008|21:39] C:\Program Files\Common Files\Apple
[04/11/2006|22:22] C:\Program Files\Common Files\Designer
[03/02/2008|20:27] C:\Program Files\Common Files\InstallShield
[18/07/2007|22:02] C:\Program Files\Common Files\Java
[22/03/2008|13:53] C:\Program Files\Common Files\Microsoft Shared
[10/03/2006|13:11] C:\Program Files\Common Files\MSSoap
[10/03/2006|14:04] C:\Program Files\Common Files\ODBC
[04/11/2006|19:11] C:\Program Files\Common Files\Real
[10/03/2006|13:11] C:\Program Files\Common Files\Services
[23/03/2007|22:21] C:\Program Files\Common Files\Skype
[10/03/2006|14:04] C:\Program Files\Common Files\SpeechEngines
[09/11/2008|12:06] C:\Program Files\Common Files\Symantec Shared
[09/09/2008|17:47] C:\Program Files\Common Files\System
[25/12/2006|17:31] C:\Program Files\Common Files\Vivendi Universal Games
[22/03/2008|13:53] C:\Program Files\Common Files\WindowsLiveInstaller
[04/11/2006|19:11] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 46 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 23:31:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 9

--------------------\\ Searching for other infections

--------------------\\ KoobFace !

C:\WINDOWS\bemark2.dat



[F:1023][D:63]-> C:\DOCUME~1\Jen\LOCALS~1\Temp
[F:275][D:0]-> C:\DOCUME~1\Jen\Cookies
[F:6390][D:13]-> C:\DOCUME~1\Jen\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 15/12/2008|21:44 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 17/12/2008|23:35 - Option : [2]

--------------------\\ Scan completed at 23:35:28

=================================================================
=================================================================


OTMoveIt3 results ==================

========== SERVICES/DRIVERS ==========
Unable to stop service DCOM Server Process Launcher (DcomLaunch) .
Unable to stop service DHCP Client (Dhcp) .
Unable to stop service Protected Storage (ProtectedStorage) .
========== FILES ==========
File/Folder C:\Program Files\tinyproxy not found.
C:\DOCUME~1\Jen\LOCALS~1\Temp\MsgPlusUninstall.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\MessengerPlusLiveUninstall not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{975e4acc-b043-11da-b7b6-0002e345a6e2}\\ deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12172008_234450

========================================================
========================================================


MALEWARE LOG BELOW =====================
Malwarebytes' Anti-Malware 1.31
Database version: 1512
Windows 5.1.2600 Service Pack 3

18/12/2008 00:03:43
mbam-log-2008-12-18 (00-03-43).txt

Scan type: Quick Scan
Objects scanned: 62646
Time elapsed: 10 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

===============================================================
===============================================================

OT VIEW IT LOG BELOW =================================
OTViewIt logfile created on: 18/12/2008 00:05:14 - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Jen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.48 Mb Total Physical Memory | 100.38 Mb Available Physical Memory | 22.43% Memory free
1.03 Gb Paging File | 0.72 Gb Available in Paging File | 69.77% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 14.00 Gb Free Space | 37.57% Space Free | Partition Type: NTFS
Drive D: | 1.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNIFER
Current User Name: Jen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2008/01/15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/11/04 18:44:04 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
[2006/12/22 22:35:29 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
[2007/12/29 12:57:44 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/06/29 23:54:23 | 00,187,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
[2005/10/17 09:00:54 | 00,061,440 | ---- | M] ( ) -- C:\WINDOWS\system32\slmdmsr.exe
[2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008/04/14 00:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2005/10/14 11:00:13 | 00,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
[2005/10/14 11:00:13 | 00,167,936 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
[2005/10/17 09:20:06 | 00,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2006/02/21 09:32:38 | 00,294,912 | ---- | M] () -- C:\WINDOWS\system32\ATWTUSB.EXE
[2006/06/29 23:55:44 | 00,707,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
[2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2006/11/04 19:10:53 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2004/08/09 06:03:38 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2008/03/30 09:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/07/09 08:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[2005/08/31 19:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\Msmsgs.exe
[2005/06/20 17:13:00 | 00,107,237 | ---- | M] (Alias Systems) -- C:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe
[2006/12/25 22:28:22 | 00,060,928 | ---- | M] () -- C:\PENSOFT\Quick95.exe
[2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/09/20 10:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/10/15 07:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/12/12 21:05:34 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jen\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/01/15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/11/04 18:44:04 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
[2006/12/22 22:35:29 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
[2007/12/29 12:57:44 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe -- (AVGEMS [Auto | Running])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (DCOM Server Process Launcher (DcomLaunch) [Auto | Stopped])
File not found -- -- (DHCP Client (Dhcp) [Auto | Stopped])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2006/06/29 23:54:23 | 00,187,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamSvc.exe -- (MSCamSvc [Auto | Running])
File not found -- -- (Protected Storage (ProtectedStorage) [Auto | Stopped])
[2005/10/17 09:00:54 | 00,061,440 | ---- | M] ( ) -- C:\WINDOWS\system32\slmdmsr.exe -- (SLService [Auto | Running])
[2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/07/07 16:02:14 | 00,022,272 | ---- | M] (AIPTEK International Inc.) -- C:\WINDOWS\system32\drivers\aiptektp.sys -- (aiptektp [System | Stopped])
[2005/08/19 15:31:52 | 03,644,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2005/05/05 00:08:38 | 00,463,168 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211 [On_Demand | Running])
[2007/11/04 18:44:01 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7core.sys -- (Avg7Core [System | Running])
[2006/12/22 22:35:30 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
[2007/03/23 21:45:15 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
[2007/12/29 12:57:45 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean [System | Running])
[2006/12/22 22:35:30 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdi.sys -- (AvgTdi [Auto | Running])
[2005/10/17 06:27:44 | 00,043,008 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])
[2001/08/17 12:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
[2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/10/12 11:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2007/07/19 14:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2005/10/17 09:00:50 | 00,237,616 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\SLDRV\mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])
[2005/10/17 09:00:51 | 01,464,912 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\SLDRV\mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])
[2008/05/02 09:58:12 | 00,017,536 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
[2008/05/02 09:58:14 | 00,020,864 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
[2005/08/18 15:52:06 | 00,093,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2005/08/18 15:52:08 | 00,077,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
[2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/10/17 09:00:51 | 00,014,680 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\SLDRV\RecAgent.sys -- (RecAgent [Boot | Running])
[2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2005/01/11 15:58:48 | 00,030,976 | ---- | M] (Silicon Integrated Systems Corp) -- C:\WINDOWS\system32\drivers\SiSRaid2.sys -- (SiSRaid2 [Boot | Running])
[2005/10/17 09:00:54 | 00,698,848 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\SLDRV\slntamr.sys -- (Slntamr [On_Demand | Running])
[2005/10/17 09:00:54 | 00,101,328 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\SLDRV\slnthal.sys -- (SlNtHal [On_Demand | Stopped])
[2005/10/17 09:00:54 | 00,013,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\SLDRV\slwdmsup.sys -- (SlWdmSup [On_Demand | Running])
[2008/02/27 02:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2005/08/30 01:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus [On_Demand | Stopped])
[2005/08/30 01:49:34 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl [On_Demand | Stopped])
[2005/08/30 01:49:38 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm [On_Demand | Stopped])
[2005/10/17 09:19:59 | 00,190,560 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2008/04/13 18:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys -- (uagp35 [Boot | Running])
[2008/05/02 09:58:14 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
[2008/01/15 02:39:58 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 18:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2008/04/13 18:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
[2008/05/02 09:58:28 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
[2003/07/02 02:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [Boot | Running])
[2005/10/14 11:00:12 | 00,238,464 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Running])
[2005/11/23 09:12:12 | 00,092,672 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid [Boot | Running])
[2008/07/09 08:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2006/06/29 23:55:56 | 01,966,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000 [On_Demand | Stopped])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = *.local;<local>

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-311781197-1809539003-19255424-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-311781197-1809539003-19255424-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-311781197-1809539003-19255424-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-311781197-1809539003-19255424-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

[HKEY_USERS\S-1-5-21-311781197-1809539003-19255424-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-311781197-1809539003-19255424-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"atwtusb"=atwtusb.exe beta ()
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" (Microsoft Corporation)
"PenLock"= File not found
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"VTTimer"=VTTimer.exe (S3 Graphics, Inc.)
"VTTrayp"=VTtrayp.exe (S3 Graphics Co., Ltd.)
"VX3000"=C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-21-311781197-1809539003-19255424-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========

[2005/09/23 21:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2005/06/20 17:13:00 | 00,107,237 | ---- | M] (Alias Systems) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Alias SketchBook Snapshot.lnk = C:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe
[2001/02/13 01:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
[2005/10/20 12:04:08 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\Jen\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
[2006/12/25 22:28:22 | 00,185,476 | ---- | M] () -- C:\Documents and Settings\Jen\Start Menu\Programs\Startup\Quick StartUp.lnk = C:\PENSOFT\fquick32.exe
[2006/12/25 22:28:22 | 00,060,928 | ---- | M] () -- C:\Documents and Settings\Jen\Start Menu\Programs\Startup\Start.lnk = C:\PENSOFT\Quick95.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FF FF FF FF [binary data]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-311781197-1809539003-19255424-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FF FF FF FF [binary data]

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-311781197-1809539003-19255424-1006\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: @c:\Program Files\Messenger\Msgslang.dll,-61144 -- %ProgramFiles%\Messenger\Msmsgs.exe [2005/08/31 19:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: @c:\Program Files\Messenger\Msgslang.dll,-61144 -- %ProgramFiles%\Messenger\Msmsgs.exe [2005/08/31 19:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [Messenger Class] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\Msmsgs.exe [@c:\Program Files\Messenger\Msgslang.dll,-61144] -> [2005/08/31 19:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [Messenger Class] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\Msmsgs.exe [@c:\Program Files\Messenger\Msgslang.dll,-61144] -> [2005/08/31 19:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [Messenger Class] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\Msmsgs.exe [@c:\Program Files\Messenger\Msgslang.dll,-61144] -> [2005/08/31 19:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-311781197-1809539003-19255424-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [Messenger Class] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\Msmsgs.exe [@c:\Program Files\Messenger\Msgslang.dll,-61144] -> [2005/08/31 19:27:02 | 01,658,592 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1162750324718 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{4AAEB0DC-2B3C-4979-8CE0-E96BAAB59224} (Servers: | Description: Atheros AR5005G Wireless Network Adapter)
{68523A16-A228-436F-BAA7-C6C1D99431F2} (Servers: | Description: )
{851B02DC-8DE1-4305-8155-AD960170CF29} (Servers: | Description: VIA Rhine II Fast Ethernet Adapter)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/03/10 13:14:33 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf []
[2008/12/15 21:23:46 | 00,000,000 | RHSD | M] -- C:\autorun.inf -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2008/12/17 23:44:50 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/12/17 23:43:38 | 01,033,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jen\Desktop\OTMoveIt3.exe
[2008/12/17 23:42:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/17 23:41:56 | 00,000,773 | ---- | C] () -- C:\Documents and Settings\Jen\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/12/17 23:41:45 | 00,000,617 | ---- | C] () -- C:\Documents and Settings\Jen\Desktop\NTREGOPT.lnk
[2008/12/17 23:41:45 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\Jen\Desktop\ERUNT.lnk
[2008/12/17 23:41:44 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2008/12/17 23:40:28 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Jen\Desktop\erunt-setup.exe
[2008/12/15 21:37:39 | 00,000,000 | ---D | C] -- C:\Lop SD
[2008/12/15 21:36:58 | 00,529,069 | ---- | C] () -- C:\Documents and Settings\Jen\Desktop\LopSD.exe
[2008/12/15 21:23:46 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2008/12/15 21:22:20 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\Jen\Desktop\Flash_Disinfector.exe
[2008/12/12 21:05:29 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jen\Desktop\OTViewIt.exe
[2008/12/06 20:15:24 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/06 20:12:03 | 00,012,316 | ---- | C] () -- C:\Documents and Settings\Jen\Desktop\kaspersky_report.html
[2008/12/06 16:49:29 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\Jen\Desktop\RSIT.exe
[2008/12/04 22:33:42 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Jen\Desktop\HijackThis.lnk
[2008/12/04 22:33:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/30 22:22:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jen\Application Data\Malwarebytes
[2008/11/30 22:21:57 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/30 22:21:57 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/30 22:21:54 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/11/30 22:21:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/30 22:21:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/30 18:27:21 | 00,000,109 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/30 12:31:50 | 46,928,6912 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/30 12:11:54 | 00,000,939 | ---- | C] () -- C:\Documents and Settings\Jen\Desktop\Spybot - Search & Destroy.lnk
[2008/11/30 12:11:44 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/30 12:11:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/11/30 12:08:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jen\Desktop\Clamwin DB
[2008/11/30 11:55:56 | 00,003,284 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2008/11/30 11:48:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jen\Desktop\antivirus
[2008/11/29 22:41:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jen\Desktop\vault
[2008/11/29 22:33:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jen\Application Data\.clamwin

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/12/17 23:43:50 | 01,033,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jen\Desktop\OTMoveIt3.exe
[2008/12/17 23:41:56 | 00,000,773 | ---- | M] () -- C:\Documents and Settings\Jen\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/12/17 23:41:45 | 00,000,617 | ---- | M] () -- C:\Documents and Settings\Jen\Desktop\NTREGOPT.lnk
[2008/12/17 23:41:45 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\Jen\Desktop\ERUNT.lnk
[2008/12/17 23:40:59 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Jen\Desktop\erunt-setup.exe
[2008/12/17 23:28:44 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/17 23:11:20 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/12/17 23:10:57 | 00,003,873 | ---- | M] () -- C:\WINDOWS\aiptbl.ini
[2008/12/17 23:10:57 | 00,000,766 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/17 23:10:42 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/17 23:07:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/17 23:07:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/17 23:07:31 | 46,928,6912 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/15 21:59:05 | 34,037,792 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/12/15 21:59:05 | 00,398,972 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/12/15 21:37:39 | 00,529,069 | ---- | M] () -- C:\Documents and Settings\Jen\Desktop\LopSD.exe
[2008/12/15 21:22:46 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\Jen\Desktop\Flash_Disinfector.exe
[2008/12/13 16:28:07 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/12 21:05:34 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jen\Desktop\OTViewIt.exe
[2008/12/09 23:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/06 20:12:04 | 00,012,316 | ---- | M] () -- C:\Documents and Settings\Jen\Desktop\kaspersky_report.html
[2008/12/06 16:49:30 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\Jen\Desktop\RSIT.exe
[2008/12/04 22:33:42 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Jen\Desktop\HijackThis.lnk
[2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/30 22:21:57 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/30 21:00:37 | 03,191,492 | -H-- | M] () -- C:\Documents and Settings\Jen\Local Settings\Application Data\IconCache.db
[2008/11/30 18:27:21 | 00,000,109 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/11/30 12:24:21 | 00,003,284 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/11/30 12:11:54 | 00,000,939 | ---- | M] () -- C:\Documents and Settings\Jen\Desktop\Spybot - Search & Destroy.lnk
< End of report >

Again Thanks for all your help :thumbsup:

#8 dome90uk

dome90uk
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 17 December 2008 - 07:22 PM

Hi,

Everything was going fine with the laptop then the touchpad stopped working - please help !!
( writing this from an other computer !! )

Thanks

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 PM

Posted 17 December 2008 - 08:20 PM

Hello

I need to leave soon, so I just want an idea of what happened.

Everything was going fine with the laptop then the touchpad stopped working - please help !!
( writing this from an other computer !! )

When did this exactly happened? Sometimes you need to wait a while as I had this problem and my friends also had this problem before when removing something and then it worked after a while.

Don't you have a mouse or something that you can connect to instead of using the touchpad? Sometimes touchpad doesn't work when you just reboot your computer occasionally..

I'll see what we can do.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 PM

Posted 18 December 2008 - 04:41 PM

Hello again.

From what I have experienced before it might work on it's own after a while, leave your computer alone for about 30 minutes when you do not need it or taking a break. If it doesn't work, you may need to reinstall the driver. Also if you have a mouse that you can connect to that will be the best option here. Touchpad sometimes don't work well occasionally.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 PM

Posted 21 December 2008 - 01:01 PM

Hi.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5 days the topic will need to be closed.
Thanks for understanding. :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 dome90uk

dome90uk
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 22 December 2008 - 04:31 PM

Hi Extremeboy,

The laptop touchpad seems to be working again - sorry for the downtime - i had to buy presents :thumbsup:

I am struggling trying to get the laptop on my wireless network other computers can access - is it still infected?

Can you see any other problems with the last logs i posted?

Windows has updated since last logs but nothing else has changed - please advise.

Thanks for your help

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 PM

Posted 22 December 2008 - 06:49 PM

Hello.

The laptop touchpad seems to be working again - sorry for the downtime - i had to buy presents

I'm going to review this right now. From what I see so far, no, you are not clean yet. We still have some work to do.

I am struggling trying to get the laptop on my wireless network other computers can access - is it still infected?
Can you see any other problems with the last logs i posted?

Yes, still infected with some files etc... We will deal with it soon and also some programs we need to update.

When did this started happening? I'm not seeing much that is interfering with your network connection. Since you are posting this from another machine. The instructions I give provide for you, you can use your clean machine to download and transfer the files using a CD/flash-drive. However preferably a CD because flash-drives are writable and can get malware on it, and we do not want that to happen.

Try reparing your internet connection.
1. Right click on Network icon in the notification area in the lower right corner of Desktop & select "Repair".
2. Disabling/re-enabling your network connection. To do that go to Control Panel>Network Connections.

I'll get you the instructions back soon, tell me if your internet connection gets restored later.

With Regards,
Extremeboy

Edited by extremeboy, 22 December 2008 - 06:55 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 PM

Posted 23 December 2008 - 10:22 AM

Hello again.

Is your internet restored yet?

There are still some infection I see.

Let's continue.

If your internet doesn't work, please burn the following tools onto a CD and transfer it to your infected machine. If you don't have a CD then a flash-drive would be fine as well..

GMER download site
GMER Alternate Download Site 1
GMER Alternate Download Site 2

Run Scan with GMER

We will use GMER to scan for rootkits.
  • Remeber the GMER file you download and transfered earlier if your internet wasn't restored?
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
Important!:Please do not select the Show all checkbox during the scan..

Run OTMoveIt
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\WINDOWS\bemark2.dat
    
    :commands
    [EmptyTemp]
    [Reboot]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

If your internet was restored please do an online scan please:

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Please post back with:
-GMER log
-OTMoveIT log
-Kaspersky log
-Fresh OTViewIT log
-What Problems do you have still?


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 PM

Posted 27 December 2008 - 05:28 PM

Hi.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5 days the topic will need to be closed. I know it is the holidays so I will leave it a bit longer, but if you don't reply for more than a week, the topic will be closed.

Thanks for understanding. :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users