Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.vundo? gadcom? infection


  • This topic is locked This topic is locked
17 replies to this topic

#1 jjroland

jjroland

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 14 December 2008 - 12:58 PM

My computer became infected sometime yesterday - no idea what was being done when it happened. I get many pop-ops and originally AVG diagnosed an infection with the name of gadcom. I attempted to find some fixes for this virus as AVG seems generally useless aside from giving me the "possible" name of the infection. No avail. At one point windows starting going to a black screen instead of loading - I believe I have that fixed now. I am getting pop-ups and redirects using both firefox or IE in thier newest versions. ALL help is greatly appreciated.

*** Not sure how to properly backup registry before beginning fix.
Downloaded: malewarebytes, OTScanit, atfcleaner,hjthis, and rtis.
Am currently using AVG free and Spybot.

After running rtis, these are my reports:

INFO:
info.txt logfile of random's system information tool 1.04 2008-12-14 11:48:14

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
-->MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
-->MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Canon iP2600 series User Registration-->C:\Program Files\Canon\IJEREG\iP2600 series\UNINST.EXE
Canon iP2600 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Carrara 3D Express-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D6371A9C-5A90-41CC-A824-A6B4B5348D42}\Setup.exe" -l0x9
CINEMA 4D Release 10-->C:\WINDOWS\unvise32.exe C:\Program Files\MAXON\CINEMA 4D R10\uninstal_C4D.log
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Command & Conquer The First Decade-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
Download Manager 2.3.7-->C:\Program Files\Download Manager\uninst.exe
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Hexagon-->C:\Program Files\DAZ\Hexagon\Remove-Hexagon.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire 4.18.5-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Resizer-->"C:\Program Files\Media Resizer\unins000.exe"
Medieval II Total War-->"C:\Program Files\InstallShield Installation Information\{A9D0745C-BABD-472B-8AF0-FAF888D31046}\setup.exe" -runfromtemp -l0x0009 -removeonly
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MWSnap 3-->"C:\Program Files\MWSnap\uninstall.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
Poser 6-->C:\WINDOWS\unvise32.exe C:\Program Files\Curious Labs\Poser 6\uninstal.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Roxio Easy Media Creator 7-->MsiExec.exe /I{A99C6296-A311-4D6C-9602-53B4241921D5}
SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Sid Meier's Civilization 4-->"C:\Program Files\InstallShield Installation Information\{1CF028E5-705D-4B62-AC1D-A59593B7C0BB}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
The Witcher Enhanced Edition-->"C:\Program Files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0009 -removeonly
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free
FW: ActiveArmor Firewall (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Roxio Shared\DLLShared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4302
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------



LOG:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Jaci at 2008-12-14 11:48:06
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 6 GB (8%) free of 76 GB
Total RAM: 2047 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:14 AM, on 12/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\regedit.exe
C:\Documents and Settings\Jaci\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jaci.exe

O2 - BHO: {6c5b6b8b-1e43-56d9-d664-a60a9fad14c0} - {0c41daf9-a06a-466d-9d65-34e1b8b6b5c6} - C:\WINDOWS\system32\lpmtkl.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\jkkJbcBu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E6F84C21-F343-4B94-B591-3B2447246E7F} - C:\WINDOWS\system32\hgGywWMf.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [2c67e8f8] rundll32.exe "C:\WINDOWS\system32\hkxidpvo.dll",b
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE" -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18" -"http://www.nickjr.com/playtime/shows/blue/games/blue_tickety.jhtml"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1218743739906
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll lpmtkl.dll
O20 - Winlogon Notify: jkkJbcBu - C:\WINDOWS\SYSTEM32\jkkJbcBu.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://www.renderotica.com/modules/My_eGal...05211452151.gif

--
End of file - 5784 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\krstfmtm.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c41daf9-a06a-466d-9d65-34e1b8b6b5c6}]
C:\WINDOWS\system32\lpmtkl.dll [2008-12-13 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\jkkJbcBu.dll [2008-12-13 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6F84C21-F343-4B94-B591-3B2447246E7F}]
C:\WINDOWS\system32\hgGywWMf.dll [2008-12-13 302592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-29 7618560]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMCTray.dll [2006-10-29 86016]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1603152]
"2c67e8f8"=C:\WINDOWS\system32\hkxidpvo.dll [2008-12-13 72704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-12-03 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-08-06 447928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe [2008-08-01 1103216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe [2005-09-21 1695744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-07 185632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
C:\PROGRA~1\COMMON~1\SONICS~1\CineTray.exe [2005-08-11 114688]

C:\Documents and Settings\Jaci\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll lpmtkl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkJbcBu]
C:\WINDOWS\system32\jkkJbcBu.dll [2008-12-13 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\jkkJbcBu.dll [2008-12-13 34816]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\hgGywWMf

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Curious Labs\Poser 6\Poser.exe"="C:\Program Files\Curious Labs\Poser 6\Poser.exe:*:Disabled:Poser executable file"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\SEGA\Medieval II Total War\medieval2.exe"="C:\Program Files\SEGA\Medieval II Total War\medieval2.exe:*:Enabled:Medieval II Total War"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-14 11:48:06 ----D---- C:\rsit
2008-12-14 11:14:24 ----D---- C:\Program Files\Trend Micro
2008-12-14 11:13:08 ----D---- C:\Documents and Settings\Jaci\Application Data\Malwarebytes
2008-12-14 11:12:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-14 11:12:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-14 10:28:28 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-14 10:07:58 ----D---- C:\WINDOWS\pss
2008-12-13 17:30:45 ----SH---- C:\WINDOWS\system32\ovpdixkh.ini
2008-12-13 17:30:41 ----A---- C:\WINDOWS\system32\hkxidpvo.dll
2008-12-13 17:30:37 ----A---- C:\WINDOWS\system32\lpmtkl.dll
2008-12-13 17:30:36 ----A---- C:\WINDOWS\system32\oorslybp.dll
2008-12-13 17:30:07 ----A---- C:\WINDOWS\system32\27442c86-.txt
2008-12-13 17:29:47 ----ASH---- C:\WINDOWS\system32\fMWwyGgh.ini2
2008-12-13 17:29:47 ----ASH---- C:\WINDOWS\system32\fMWwyGgh.ini
2008-12-13 17:29:45 ----A---- C:\WINDOWS\system32\hgGywWMf.dll
2008-12-13 17:24:43 ----A---- C:\WINDOWS\system32\ssqrRHAT.dll
2008-12-13 17:24:28 ----A---- C:\WINDOWS\system32\jkkJbcBu.dll
2008-12-13 17:24:25 ----A---- C:\WINDOWS\system32\digeste.dll
2008-12-05 09:12:11 ----D---- C:\Program Files\Media Resizer
2008-11-30 15:18:30 ----D---- C:\Program Files\Common Files\CANON
2008-11-30 15:16:24 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-11-30 15:16:12 ----A---- C:\WINDOWS\system32\CNMLM97.DLL
2008-11-30 15:16:09 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-11-30 15:15:55 ----HD---- C:\Program Files\CanonBJ
2008-11-30 15:15:20 ----D---- C:\Program Files\Canon
2008-11-29 11:03:57 ----D---- C:\Documents and Settings\Jaci\Application Data\SecondLife
2008-11-29 11:03:31 ----D---- C:\Program Files\SecondLife

======List of files/folders modified in the last 1 months======

2008-12-14 11:48:12 ----D---- C:\WINDOWS\Temp
2008-12-14 11:47:41 ----D---- C:\WINDOWS\Prefetch
2008-12-14 11:14:24 ----RD---- C:\Program Files
2008-12-14 11:13:01 ----D---- C:\WINDOWS\system32\drivers
2008-12-14 11:08:06 ----D---- C:\Program Files\Mozilla Firefox
2008-12-14 11:05:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-14 11:04:21 ----SH---- C:\boot.ini
2008-12-14 11:04:21 ----A---- C:\WINDOWS\win.ini
2008-12-14 11:04:21 ----A---- C:\WINDOWS\system.ini
2008-12-14 10:44:51 ----D---- C:\WINDOWS
2008-12-14 10:43:49 ----HD---- C:\WINDOWS\inf
2008-12-14 10:43:20 ----D---- C:\WINDOWS\system32\Restore
2008-12-14 10:38:46 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-14 00:07:05 ----D---- C:\Documents and Settings\Jaci\Application Data\Mozilla
2008-12-13 23:56:10 ----HD---- C:\$AVG8.VAULT$
2008-12-13 23:47:34 ----D---- C:\Documents and Settings\Jaci\Application Data\LimeWire
2008-12-13 17:31:02 ----D---- C:\WINDOWS\system32
2008-12-13 17:24:44 ----SD---- C:\WINDOWS\Tasks
2008-11-30 15:18:30 ----D---- C:\Program Files\Common Files
2008-11-30 15:10:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-27 22:04:44 ----D---- C:\Documents and Settings\Jaci\Application Data\Adobe
2008-11-18 19:32:58 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-18 19:31:03 ----D---- C:\Program Files\DivX
2008-11-18 19:30:33 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-18 19:30:30 ----SHD---- C:\WINDOWS\Installer
2008-11-15 17:08:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-15 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-09-02 26824]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2005-09-21 44288]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2005-09-21 24960]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2005-09-21 291456]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2005-09-21 141184]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2005-09-21 117760]
R1 UDFReadr;UDFReadr; C:\WINDOWS\system32\drivers\UDFReadr.sys [2005-09-21 202496]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-10-19 279712]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-09-02 76040]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-10-19 25888]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2005-09-21 24064]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2005-09-21 23808]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-11 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-29 3925920]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-06-29 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-06-29 20480]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-02-28 17024]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-02-28 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-14 611664]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-15 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-15 231704]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-13 20543]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-06-29 131131]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-06-29 65599]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-29 155715]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-02 72704]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 22 December 2008 - 01:52 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 25 December 2008 - 12:41 PM

Hi.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5 days the topic will need to be closed.

Thanks for understanding. :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 27 December 2008 - 05:34 PM

Hello.

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 04 January 2009 - 05:00 PM

Hello.

Topic Re-Opened open user request.

Please post back with the logs when you are ready.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 jjroland

jjroland
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 04 January 2009 - 08:26 PM

Sunday, January 4, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, January 04, 2009 21:25:33
Records in database: 1559986
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
Scan statistics
Files scanned 136065
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:31:35

No malware has been detected. The scan area is clean.
The selected area was scanned.


OTViewIt logfile created on: 1/4/2009 5:11:37 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Jaci\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.08% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 5.13 Gb Free Space | 6.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 149.05 Gb Total Space | 57.32 Gb Free Space | 38.46% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACI-13D16D0C5D
Current User Name: Jaci
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/08/14 14:08:57 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/02/28 06:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/11/27 09:15:11 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2007/09/13 19:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/12/09 04:12:30 | 00,234,856 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\HOMERunner.exe
[2008/09/15 07:38:26 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
[2006/06/29 08:12:46 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
[2006/06/29 08:12:30 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
[2008/09/02 08:04:24 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2006/10/29 09:16:38 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/09/15 07:38:25 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2006/02/28 06:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/06/10 03:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
[2006/02/28 06:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/12/25 11:55:45 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/12/14 11:34:05 | 00,406,016 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTScanIt.exe
[2006/02/28 06:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE
[2009/01/04 17:11:26 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/08/14 14:08:57 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/09/02 20:09:03 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/09/15 07:38:25 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/09/15 07:38:26 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface [Auto | Running])
[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/06/29 08:12:46 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running])
[2006/06/29 08:12:30 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running])
[2006/10/29 09:16:38 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/10/19 21:55:17 | 00,279,712 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt [Auto | Running])
[2008/09/15 07:38:25 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/09/02 08:04:24 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/09/02 08:04:30 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2005/09/21 20:05:00 | 00,044,288 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2005/09/21 20:08:20 | 00,024,960 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2005/09/21 20:14:48 | 00,291,456 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
[2005/01/27 02:22:00 | 00,088,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2005/09/21 20:04:50 | 00,141,184 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp [System | Running])
[2005/09/21 20:14:24 | 00,024,064 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K [On_Demand | Running])
[2005/01/07 16:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService [On_Demand | Running])
[2005/01/07 16:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2004/08/03 21:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/10/19 21:55:16 | 00,025,888 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])
[2005/09/21 19:53:26 | 00,023,808 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2004/08/11 10:00:00 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2006/10/29 09:16:32 | 03,925,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/06/28 19:38:56 | 00,105,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2006/06/29 16:04:50 | 00,057,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/06/29 16:04:54 | 00,020,480 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/02/28 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/09/21 19:38:04 | 00,117,760 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k [System | Running])
[2005/04/25 01:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/02/28 06:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/09/21 19:54:18 | 00,202,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=gogl

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon (CANON INC.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install File not found
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)

========== (O4) Startup Folders ==========

[2005/03/16 18:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Jaci\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab -- CDownloadCtrl Object
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1218743739906 -- WUWebControl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://go.divx.com/plugin/DivXBrowserPlugin.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll lpmtkl.dll
>[2008/09/02 08:04:24 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/08/14 13:08:40 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e11c7de5-d17b-11dd-b6cc-0018f35126d1}\Shell\AutoRun\command]
""=G:\InstallTomTomHOME.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/04 17:11:25 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTViewIt.exe
[2009/01/03 21:48:21 | 00,000,268 | -H-- | C] () -- C:\sqmdata05.sqm
[2009/01/03 21:48:21 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
[2009/01/03 12:56:39 | 00,062,460 | ---- | C] () -- C:\Documents and Settings\Jaci\Desktop\AstroGadget.ttf
[2009/01/03 12:56:28 | 00,036,502 | ---- | C] () -- C:\Documents and Settings\Jaci\Desktop\astro_gadget.zip
[2008/12/25 12:36:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaci\My Documents\TomTom
[2008/12/25 12:36:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/12/25 12:36:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaci\Local Settings\Application Data\TomTom
[2008/12/25 12:36:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaci\Application Data\TomTom
[2008/12/25 12:35:57 | 00,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2008/12/25 12:35:24 | 00,000,000 | ---D | C] -- C:\Program Files\TomTom DesktopSuite
[2008/12/23 23:36:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trophy Bass 2007
[2008/12/23 23:29:49 | 00,000,534 | ---- | C] () -- C:\Documents and Settings\Jaci\Desktop\Trophy Bass 2007.lnk
[2008/12/23 23:22:24 | 00,000,268 | -H-- | C] () -- C:\sqmdata04.sqm
[2008/12/23 23:22:24 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
[2008/12/21 20:39:14 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2008/12/21 20:39:13 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2008/12/21 20:39:13 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2008/12/21 20:39:13 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2008/12/21 01:19:48 | 00,000,000 | ---D | C] -- C:\ASTROLOG
[2008/12/21 01:19:26 | 00,563,001 | ---- | C] (PKWARE, Inc.) -- C:\Documents and Settings\Jaci\Desktop\ast54win.exe
[2008/12/14 11:48:06 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/14 11:47:07 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\Jaci\Desktop\RSIT.exe
[2008/12/14 11:34:05 | 00,406,016 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTScanIt.exe
[2008/12/14 11:29:40 | 13,702,648 | ---- | C] () -- C:\Documents and Settings\Jaci\My Documents\regbackup.reg
[2008/12/14 11:14:26 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Jaci\Desktop\HijackThis.lnk
[2008/12/14 11:14:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/14 11:13:18 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Jaci\Desktop\HJTInstall.exe
[2008/12/14 11:13:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaci\Application Data\Malwarebytes
[2008/12/14 11:13:01 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/14 11:13:01 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 11:12:59 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/14 11:12:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/14 11:12:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/14 11:11:31 | 02,539,400 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jaci\Desktop\mbam-setup.exe
[2008/12/14 10:41:58 | 00,000,268 | -H-- | C] () -- C:\sqmdata03.sqm
[2008/12/14 10:41:58 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2008/12/14 10:07:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008/12/13 17:24:44 | 00,000,292 | ---- | C] () -- C:\WINDOWS\tasks\krstfmtm.job

========== Files - Modified Within 30 Days ==========

[2 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/04 17:11:26 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTViewIt.exe
[2009/01/03 22:00:00 | 00,000,292 | ---- | M] () -- C:\WINDOWS\tasks\krstfmtm.job
[2009/01/03 21:51:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/01/03 21:51:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/03 21:51:11 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/03 21:51:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/03 21:51:07 | 00,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/03 21:48:21 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/01/03 21:48:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/01/03 21:19:17 | 31,513,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/01/03 12:56:29 | 00,036,502 | ---- | M] () -- C:\Documents and Settings\Jaci\Desktop\astro_gadget.zip
[2009/01/01 21:26:21 | 00,014,903 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/12/23 23:29:49 | 00,000,534 | ---- | M] () -- C:\Documents and Settings\Jaci\Desktop\Trophy Bass 2007.lnk
[2008/12/23 23:22:24 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/12/23 23:22:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/12/22 09:39:22 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/21 20:41:56 | 00,010,240 | ---- | M] () -- C:\Documents and Settings\Jaci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/21 01:19:26 | 00,563,001 | ---- | M] (PKWARE, Inc.) -- C:\Documents and Settings\Jaci\Desktop\ast54win.exe
[2008/12/14 11:47:07 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\Jaci\Desktop\RSIT.exe
[2008/12/14 11:34:05 | 00,406,016 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTScanIt.exe
[2008/12/14 11:29:45 | 13,702,648 | ---- | M] () -- C:\Documents and Settings\Jaci\My Documents\regbackup.reg
[2008/12/14 11:14:26 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Jaci\Desktop\HijackThis.lnk
[2008/12/14 11:13:18 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Jaci\Desktop\HJTInstall.exe
[2008/12/14 11:13:01 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 11:11:38 | 02,539,400 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jaci\Desktop\mbam-setup.exe
[2008/12/14 11:04:21 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/14 11:04:21 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/14 11:04:21 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2008/12/14 10:41:58 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/12/14 10:41:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
< End of report >


OTViewIt Extras logfile created on: 1/4/2009 5:11:37 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Jaci\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.08% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 5.13 Gb Free Space | 6.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 149.05 Gb Total Space | 57.32 Gb Free Space | 38.46% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACI-13D16D0C5D
Current User Name: Jaci
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/02/28 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/09/15 07:38:05 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/09/15 07:38:25 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2005/03/04 13:25:26 | 12,705,792 | ---- | M] (Curious Labs, Inc.) -- C:\Program Files\Curious Labs\Poser 6\Poser.exe:*:Disabled:Poser executable file
[2008/08/15 14:23:08 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Disabled:Apache HTTP Server
[2007/08/04 18:11:00 | 21,721,089 | ---- | M] (The Creative Assembly Ltd) -- C:\Program Files\SEGA\Medieval II Total War\medieval2.exe:*:Disabled:Medieval II Total War
[2006/02/28 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2007/05/16 21:52:50 | 05,282,817 | ---- | M] (Firaxis Games) -- C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Disabled:Sid Meier's Civilization 4
File not found -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 11:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/02 08:04:29 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 11:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 11:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series"=Canon iP2600 series
"{1C55AE03-9FF0-4908-B42C-D191DA3C4F22}"=Medieval II Total War
"{1CF028E5-705D-4B62-AC1D-A59593B7C0BB}"=Sid Meier's Civilization 4
"{1F6423DE-7959-4178-80E0-023C7EAA5347}"=NVIDIA ForceWare Network Access Manager
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}"=Command & Conquer The First Decade
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}"=Adobe Stock Photos 1.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}"=VC_MergeModuleToMSI
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}"=AGEIA PhysX v7.11.13
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{A99C6296-A311-4D6C-9602-53B4241921D5}"=Roxio Easy Media Creator 7
"{A9D0745C-BABD-472B-8AF0-FAF888D31046}"=Medieval II Total War
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}"=Adobe Bridge 1.0
"{D6371A9C-5A90-41CC-A824-A6B4B5348D42}"=Carrara 3D Express
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E053BA59-2CB3-4EED-AE3B-4B3614DB3BA2}}_is1"=Media Resizer
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}"=The Witcher Enhanced Edition
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"Adobe Shockwave Player"=Adobe Shockwave Player
"AVG8Uninstall"=AVG Free 8.0
"Canon iP2600 series User Registration"=Canon iP2600 series User Registration
"CanonMyPrinter"=Canon My Printer
"CanonSolutionMenu"=Canon Utilities Solution Menu
"CINEMA 4D Release 10"=CINEMA 4D Release 10
"CleanUp!"=CleanUp!
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"Download Manager"=Download Manager 2.3.7
"Easy-PhotoPrint EX"=Canon Utilities Easy-PhotoPrint EX
"GameSpy Arcade"=GameSpy Arcade
"Hexagon 2.5"=Hexagon
"HijackThis"=HijackThis 2.0.2
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}"=NVIDIA ForceWare Network Access Manager
"InterActual Player"=InterActual Player
"KLiteCodecPack_is1"=K-Lite Codec Pack 4.1.7 (Full)
"LimeWire"=LimeWire 4.18.5
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MWSnap 3"=MWSnap 3
"NVIDIA Drivers"=NVIDIA Drivers
"Poser 6"=Poser 6
"RealPlayer 6.0"=RealPlayer
"SecondLife"=SecondLife (remove only)
"TomTom HOME"=TomTom HOME 2.5.2.60
"Trophy Bass 2007"=Trophy Bass 2007
"WinRAR archiver"=WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/15/2008 7:04:10 PM | Computer Name = JACI-13D16D0C5D | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module rpcss.dll, version 5.1.2600.2180, fault address 0x0001be55.

Error - 11/15/2008 7:04:17 PM | Computer Name = JACI-13D16D0C5D | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BE from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/15/2008 7:04:17 PM | Computer Name = JACI-13D16D0C5D | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BE from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/15/2008 7:05:35 PM | Computer Name = JACI-13D16D0C5D | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/16/2008 7:48:23 PM | Computer Name = JACI-13D16D0C5D | Source = Application Error | ID = 1000
Description = Faulting application witcher.exe, version 1.4.5.1280, faulting module
witcher.exe, version 1.4.5.1280, fault address 0x00159d17.

Error - 11/27/2008 4:04:34 PM | Computer Name = JACI-13D16D0C5D | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00700074.

Error - 12/30/2008 4:42:38 PM | Computer Name = JACI-13D16D0C5D | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module rpcss.dll, version 5.1.2600.2180, fault address 0x0001be55.

Error - 12/30/2008 4:43:04 PM | Computer Name = JACI-13D16D0C5D | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/3/2009 11:43:29 PM | Computer Name = JACI-13D16D0C5D | Source = Application Hang | ID = 1002
Description = Hanging application Trophy Bass 2007.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/3/2009 11:47:26 PM | Computer Name = JACI-13D16D0C5D | Source = Application Hang | ID = 1002
Description = Hanging application Trophy Bass 2007.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/15/2008 7:04:17 PM | Computer Name = JACI-13D16D0C5D | Source = Service Control Manager | ID = 7031
Description = The Remote Procedure Call (RPC) service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 11/21/2008 10:55:41 AM | Computer Name = JACI-13D16D0C5D | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.11 on
the Network Card with network address 0018F35126D1.

Error - 12/14/2008 1:56:57 AM | Computer Name = JACI-13D16D0C5D | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/14/2008 12:38:27 PM | Computer Name = JACI-13D16D0C5D | Source = Print | ID = 23
Description = Printer Canon iP2600 series failed to initialize because a suitable
Canon iP2600 series driver could not be found.

Error - 12/14/2008 12:44:45 PM | Computer Name = JACI-13D16D0C5D | Source = Print | ID = 23
Description = Printer Canon iP2600 series failed to initialize because a suitable
Canon iP2600 series driver could not be found.

Error - 12/14/2008 1:06:01 PM | Computer Name = JACI-13D16D0C5D | Source = Print | ID = 23
Description = Printer Canon iP2600 series failed to initialize because a suitable
Canon iP2600 series driver could not be found.

Error - 12/14/2008 6:50:11 PM | Computer Name = JACI-13D16D0C5D | Source = Print | ID = 23
Description = Printer Canon iP2600 series failed to initialize because a suitable
Canon iP2600 series driver could not be found.

Error - 12/14/2008 6:50:22 PM | Computer Name = JACI-13D16D0C5D | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus

Error - 12/15/2008 9:34:40 PM | Computer Name = JACI-13D16D0C5D | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/30/2008 4:42:42 PM | Computer Name = JACI-13D16D0C5D | Source = Service Control Manager | ID = 7031
Description = The Remote Procedure Call (RPC) service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.


< End of report >


Thank you very much for reopening the thread and for the help resolving the issue!
Jaci

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 05 January 2009 - 05:08 PM

Hello.

What seems to be the problem? Please describe to me.

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case LimeWire 4.18.5). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

Download and Run OTMoveIT3
  • Please download OTMoveIt3 by OldTimer and save it to your desktop. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
     C:\WINDOWS\tasks\krstfmtm.job
    
    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=-
    [HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=-
    :commands
    [EmptyTemp]
    [Reboot]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Update Java to Version 6 Update 11

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with:
-OTMoveIT log
-MBAM log
-New OTViewIT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 jjroland

jjroland
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 05 January 2009 - 08:50 PM

""What seems to be the problem? Please describe to me.""

Going to reply to this before posting the logs requested. Initially it seemed to be some sort of virus/trojan with the name of Gadcom. I searched my computer for the name and deleted all instances of it I could find. However after doing that and some other things to try to fix the problem when I rebooted my computer windows would not load. I eventually got it to boot using 'last known safe settings'. It has continued to boot up properly since. I still get random pop-ups which are very difficult to close. You know the ones where if you click the X to close it a string of 24,000000 ie windows pop up all continuing the cycle. Spybot and AVG still show signs of an infection and I believe it is possible that the original "Gadcom" infection may have allowed other malicious things to be introduced to my PC.

Thank you for your advice about Limewire.

Also I can no long use or even install my software for my printer, and had trouble starting other software.

Jaci

ps logs will be coming shortly

Edited by jjroland, 05 January 2009 - 08:54 PM.


#9 jjroland

jjroland
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 05 January 2009 - 09:26 PM

========== FILES ==========
C:\WINDOWS\tasks\krstfmtm.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\~vis0002\Dream Home scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\~vis0001\Dream Home scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\~vis0000\Dream Home scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\Arj.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\avlib.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\Avp1.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\AvpMgr.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\btimages.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\CAB.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\dmap.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\dtreg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\FsDrvPlg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\FSSync.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\HashCont.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\HashMD5.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\HCCMP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\ichk2.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\iChkSA.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\Inflate.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\IWGen.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\kave.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\kosglue-7.0.25.0.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\lha.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\L_llio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\mdb.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\MDMAP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\MemModSc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\MemScan.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\minizip.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\MKavIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\msoe.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\nfio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\NTFSstrm.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\prKernel.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\prLoader.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\prseqio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\PrUtil.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\rar.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\ScanningProcess.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\sfdb.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\TempFile.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\thpimpl.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\UniArc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\UnLZX.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\UnStored.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\WDiskIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\hsperfdata_Jaci\3540 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\etilqs_XnV0UdLHccc7tgbudesH scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Jaci\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-14640658 scheduled to be deleted on reboot.
Java cache emptied.
File delete failed. C:\Documents and Settings\Jaci\Local Settings\Application Data\Mozilla\Firefox\Profiles\4i8va11c.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jaci\Local Settings\Application Data\Mozilla\Firefox\Profiles\4i8va11c.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jaci\Local Settings\Application Data\Mozilla\Firefox\Profiles\4i8va11c.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jaci\Local Settings\Application Data\Mozilla\Firefox\Profiles\4i8va11c.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jaci\Local Settings\Application Data\Mozilla\Firefox\Profiles\4i8va11c.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01052009_195223

Files moved on Reboot...
File C:\DOCUME~1\Jaci\LOCALS~1\Temp\~vis0002\Dream Home not found!
File C:\DOCUME~1\Jaci\LOCALS~1\Temp\~vis0001\Dream Home not found!
File C:\DOCUME~1\Jaci\LOCALS~1\Temp\~vis0000\Dream Home not found!
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\Arj.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\avlib.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\Avp1.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\AvpMgr.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\btimages.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\CAB.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\dmap.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\dtreg.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\FsDrvPlg.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\FSSync.dll
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\FSSync.dll NOT unregistered.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\FSSync.dll moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\HashCont.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\HashMD5.PPL moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\HCCMP.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\ichk2.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\iChkSA.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\Inflate.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\IWGen.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\kave.dll
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\kave.dll NOT unregistered.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\kave.dll moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\kosglue-7.0.25.0.dll
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\kosglue-7.0.25.0.dll NOT unregistered.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\kosglue-7.0.25.0.dll moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\lha.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\L_llio.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\mdb.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\MDMAP.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\MemModSc.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\MemScan.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\minizip.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\MKavIO.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\msoe.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\nfio.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\NTFSstrm.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\prKernel.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\prLoader.dll
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\prLoader.dll NOT unregistered.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\prLoader.dll moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\prseqio.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\PrUtil.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\rar.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\ScanningProcess.exe moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\sfdb.PPL moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\TempFile.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\thpimpl.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\UniArc.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\UnLZX.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\UnStored.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\jkos-Jaci\binaries\WDiskIO.ppl moved successfully.
C:\DOCUME~1\Jaci\LOCALS~1\Temp\hsperfdata_Jaci\3540 moved successfully.
File move failed. C:\DOCUME~1\Jaci\LOCALS~1\Temp\etilqs_XnV0UdLHccc7tgbudesH scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Jaci\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-14640658 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Jaci\Local Settings\Application Data\Mozilla\Firefox\Profiles\4i8va11c.default\Cache\_CACHE_001_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Jaci\Local Settings\Application Data\Mozilla\Firefox\Profiles\4i8va11c.default\Cache\_CACHE_002_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Jaci\Local Settings\Application Data\Mozilla\Firefox\Profiles\4i8va11c.default\Cache\_CACHE_003_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Jaci\Local Settings\Application Data\Mozilla\Firefox\Profiles\4i8va11c.default\Cache\_CACHE_MAP_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Jaci\Local Settings\Application Data\Mozilla\Firefox\Profiles\4i8va11c.default\urlclassifier3.sqlite scheduled to be moved on reboot.


Malwarebytes' Anti-Malware 1.32
Database version: 1621
Windows 5.1.2600 Service Pack 2

1/5/2009 8:07:59 PM
mbam-log-2009-01-05 (20-07-59).txt

Scan type: Quick Scan
Objects scanned: 46318
Time elapsed: 2 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


*****NOTE NOTE NOTE*****
I had originally run this malwarebytes scan when I posted this thread the first time. On that scan there were malicious things found and there is a bunch of stuff in the Quarantine tab of the Malwarebytes program. I do not know what to do about those things. You can see the results of the original scan in the first post on this topic.


OTViewIt logfile created on: 1/5/2009 8:22:57 PM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Jaci\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.34% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 5.17 Gb Free Space | 6.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 149.05 Gb Total Space | 57.89 Gb Free Space | 38.84% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACI-13D16D0C5D
Current User Name: Jaci
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/08/14 14:08:57 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/02/28 06:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/11/27 09:15:11 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2007/09/13 19:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/09/15 07:38:26 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
[2006/06/29 08:12:46 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
[2006/06/29 08:12:30 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
[2008/09/02 08:04:24 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2006/10/29 09:16:38 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/09/15 07:38:25 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2006/02/28 06:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/12/25 11:55:45 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2006/02/28 06:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
[2007/09/20 09:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2009/01/05 20:22:29 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2009/01/04 17:11:26 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/08/14 14:08:57 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/09/02 20:09:03 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/09/15 07:38:25 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/09/15 07:38:26 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface [Auto | Running])
[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/06/29 08:12:46 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running])
[2006/06/29 08:12:30 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running])
[2006/10/29 09:16:38 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2009/01/05 20:22:29 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

========== Driver Services ==========

[2008/10/19 21:55:17 | 00,279,712 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt [Auto | Running])
[2008/09/15 07:38:25 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/09/02 08:04:24 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/09/02 08:04:30 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2005/09/21 20:05:00 | 00,044,288 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2005/09/21 20:08:20 | 00,024,960 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2005/09/21 20:14:48 | 00,291,456 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
[2005/01/27 02:22:00 | 00,088,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2005/09/21 20:04:50 | 00,141,184 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp [System | Running])
[2005/09/21 20:14:24 | 00,024,064 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K [On_Demand | Running])
[2005/01/07 16:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService [On_Demand | Running])
[2005/01/07 16:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2004/08/03 21:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/10/19 21:55:16 | 00,025,888 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])
[2005/09/21 19:53:26 | 00,023,808 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2004/08/11 10:00:00 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2006/10/29 09:16:32 | 03,925,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/06/28 19:38:56 | 00,105,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2006/06/29 16:04:50 | 00,057,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/06/29 16:04:54 | 00,020,480 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/02/28 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/09/21 19:38:04 | 00,117,760 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k [System | Running])
[2005/04/25 01:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/02/28 06:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/09/21 19:54:18 | 00,202,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=gogl

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon (CANON INC.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install File not found
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" File not found

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" File not found

========== (O4) Startup Folders ==========

[2005/03/16 18:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Jaci\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab -- CDownloadCtrl Object
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1218743739906 -- WUWebControl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://go.divx.com/plugin/DivXBrowserPlugin.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll lpmtkl.dll
>[2008/09/02 08:04:24 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/08/14 13:08:40 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e11c7de5-d17b-11dd-b6cc-0018f35126d1}\Shell\AutoRun\command]
""=G:\InstallTomTomHOME.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/05 20:22:24 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/01/05 20:20:52 | 16,168,344 | ---- | C] () -- C:\Documents and Settings\Jaci\Desktop\jre-6u11-windows-i586-p.exe
[2009/01/05 19:57:02 | 00,016,765 | ---- | C] () -- C:\Documents and Settings\Jaci\My Documents\bleepingcomputerlog.rtf
[2009/01/05 19:52:23 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/01/05 19:50:46 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTMoveIt3.exe
[2009/01/04 19:23:31 | 00,002,644 | ---- | C] () -- C:\Documents and Settings\Jaci\My Documents\kaspersky report.html
[2009/01/04 17:44:05 | 00,000,268 | -H-- | C] () -- C:\sqmdata06.sqm
[2009/01/04 17:44:05 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm
[2009/01/04 17:11:25 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTViewIt.exe
[2009/01/03 21:48:21 | 00,000,268 | -H-- | C] () -- C:\sqmdata05.sqm
[2009/01/03 21:48:21 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
[2009/01/03 12:56:39 | 00,062,460 | ---- | C] () -- C:\Documents and Settings\Jaci\Desktop\AstroGadget.ttf
[2009/01/03 12:56:28 | 00,036,502 | ---- | C] () -- C:\Documents and Settings\Jaci\Desktop\astro_gadget.zip
[2008/12/25 12:36:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaci\My Documents\TomTom
[2008/12/25 12:36:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/12/25 12:36:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaci\Local Settings\Application Data\TomTom
[2008/12/25 12:36:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaci\Application Data\TomTom
[2008/12/25 12:35:24 | 00,000,000 | ---D | C] -- C:\Program Files\TomTom DesktopSuite
[2008/12/23 23:36:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trophy Bass 2007
[2008/12/23 23:29:49 | 00,000,534 | ---- | C] () -- C:\Documents and Settings\Jaci\Desktop\Trophy Bass 2007.lnk
[2008/12/23 23:22:24 | 00,000,268 | -H-- | C] () -- C:\sqmdata04.sqm
[2008/12/23 23:22:24 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
[2008/12/21 20:39:14 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2008/12/21 20:39:13 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2008/12/21 20:39:13 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2008/12/21 20:39:13 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2008/12/21 01:19:48 | 00,000,000 | ---D | C] -- C:\ASTROLOG
[2008/12/21 01:19:26 | 00,563,001 | ---- | C] (PKWARE, Inc.) -- C:\Documents and Settings\Jaci\Desktop\ast54win.exe
[2008/12/14 11:48:06 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/14 11:47:07 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\Jaci\Desktop\RSIT.exe
[2008/12/14 11:34:05 | 00,406,016 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTScanIt.exe
[2008/12/14 11:29:40 | 13,702,648 | ---- | C] () -- C:\Documents and Settings\Jaci\My Documents\regbackup.reg
[2008/12/14 11:14:26 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Jaci\Desktop\HijackThis.lnk
[2008/12/14 11:14:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/14 11:13:18 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Jaci\Desktop\HJTInstall.exe
[2008/12/14 11:13:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaci\Application Data\Malwarebytes
[2008/12/14 11:13:01 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/14 11:13:01 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 11:12:59 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/14 11:12:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/14 11:12:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/14 11:11:31 | 02,539,400 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jaci\Desktop\mbam-setup.exe
[2008/12/14 10:41:58 | 00,000,268 | -H-- | C] () -- C:\sqmdata03.sqm
[2008/12/14 10:41:58 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2008/12/14 10:07:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

========== Files - Modified Within 30 Days ==========

[2 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/05 20:21:13 | 16,168,344 | ---- | M] () -- C:\Documents and Settings\Jaci\Desktop\jre-6u11-windows-i586-p.exe
[2009/01/05 20:19:46 | 31,590,713 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/01/05 20:19:46 | 00,031,035 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/01/05 20:18:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/05 20:18:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/01/05 20:18:10 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/05 20:18:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/05 20:18:06 | 00,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/05 20:12:54 | 00,016,765 | ---- | M] () -- C:\Documents and Settings\Jaci\My Documents\bleepingcomputerlog.rtf
[2009/01/05 19:50:46 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTMoveIt3.exe
[2009/01/04 19:23:31 | 00,002,644 | ---- | M] () -- C:\Documents and Settings\Jaci\My Documents\kaspersky report.html
[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/04 17:44:05 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/01/04 17:44:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/01/04 17:11:26 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTViewIt.exe
[2009/01/03 21:48:21 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/01/03 21:48:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/01/03 12:56:29 | 00,036,502 | ---- | M] () -- C:\Documents and Settings\Jaci\Desktop\astro_gadget.zip
[2008/12/23 23:29:49 | 00,000,534 | ---- | M] () -- C:\Documents and Settings\Jaci\Desktop\Trophy Bass 2007.lnk
[2008/12/23 23:22:24 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/12/23 23:22:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/12/22 09:39:22 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/21 20:41:56 | 00,010,240 | ---- | M] () -- C:\Documents and Settings\Jaci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/21 01:19:26 | 00,563,001 | ---- | M] (PKWARE, Inc.) -- C:\Documents and Settings\Jaci\Desktop\ast54win.exe
[2008/12/14 11:47:07 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\Jaci\Desktop\RSIT.exe
[2008/12/14 11:34:05 | 00,406,016 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTScanIt.exe
[2008/12/14 11:29:45 | 13,702,648 | ---- | M] () -- C:\Documents and Settings\Jaci\My Documents\regbackup.reg
[2008/12/14 11:14:26 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Jaci\Desktop\HijackThis.lnk
[2008/12/14 11:13:18 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Jaci\Desktop\HJTInstall.exe
[2008/12/14 11:13:01 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 11:11:38 | 02,539,400 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jaci\Desktop\mbam-setup.exe
[2008/12/14 11:04:21 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/14 11:04:21 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/14 11:04:21 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2008/12/14 10:41:58 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/12/14 10:41:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
< End of report >

#10 jjroland

jjroland
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 05 January 2009 - 10:05 PM

add note:

I'm very sad about whatever I have done with my computer with these last program runs and logs and java install. Now my firefox wont load gmail anymore, or anything on myspace - I have to use IE to get it to open and that is verrrry slow. Not gunna change anything as per instructions but I thought I'd add this new problem.

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 06 January 2009 - 05:03 PM

Hello.

Gadcom is a trojan backdoor. Your computer may be compromised..

Posted ImageBackdoor Threat
Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. I'll assume you want to continue please continue the instructions below:

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
If GMER doesn't work in Normal Mode try running it in Safe Mode

Important!:Please do not select the Show all checkbox during the scan..

You said your AVG still find some baddies please give me/export a log for me so I can see what it's detecting.

You can see the results of the original scan in the first post on this topic.

I don't see it..

The Firefox problem I have seen before but not sure if it is related let's try clearing your cache and etc.. Also take a look at this link

Download and Run ATFCleaner

Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Please post back with:
-GMER log
-New OTViewiT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 jjroland

jjroland
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 06 January 2009 - 08:26 PM

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-06 19:17:01
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.14 ----

Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.14 ----

OTViewIt logfile created on: 1/6/2009 7:18:58 PM - Run 4
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Jaci\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.63% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 5.21 Gb Free Space | 7.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 149.05 Gb Total Space | 57.89 Gb Free Space | 38.84% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACI-13D16D0C5D
Current User Name: Jaci
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/08/14 14:08:57 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/02/28 06:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2009/01/05 20:22:29 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/09/15 07:38:26 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
[2009/01/05 20:22:29 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/09/02 08:04:24 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2006/06/29 08:12:46 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
[2006/06/29 08:12:30 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
[2006/10/29 09:16:38 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/09/15 07:38:25 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2006/02/28 06:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/12/25 11:55:45 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/04/17 21:13:02 | 00,811,008 | ---- | M] () -- C:\Documents and Settings\Jaci\My Documents\gmer.exe
[2009/01/04 17:11:26 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/08/14 14:08:57 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/09/02 20:09:03 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/09/15 07:38:25 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/09/15 07:38:26 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface [Auto | Running])
[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2009/01/05 20:22:29 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/06/29 08:12:46 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running])
[2006/06/29 08:12:30 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running])
[2006/10/29 09:16:38 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/10/19 21:55:17 | 00,279,712 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt [Auto | Running])
[2008/09/15 07:38:25 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/09/02 08:04:24 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/09/02 08:04:30 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2005/09/21 20:05:00 | 00,044,288 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2005/09/21 20:08:20 | 00,024,960 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2005/09/21 20:14:48 | 00,291,456 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
[2005/01/27 02:22:00 | 00,088,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2005/09/21 20:04:50 | 00,141,184 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp [System | Running])
[2005/09/21 20:14:24 | 00,024,064 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K [On_Demand | Running])
[2009/01/06 17:04:42 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2005/01/07 16:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService [On_Demand | Running])
[2005/01/07 16:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2004/08/03 21:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/10/19 21:55:16 | 00,025,888 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])
[2005/09/21 19:53:26 | 00,023,808 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2004/08/11 10:00:00 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2006/10/29 09:16:32 | 03,925,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/06/28 19:38:56 | 00,105,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2006/06/29 16:04:50 | 00,057,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/06/29 16:04:54 | 00,020,480 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/02/28 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/09/21 19:38:04 | 00,117,760 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k [System | Running])
[2005/04/25 01:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/02/28 06:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/09/21 19:54:18 | 00,202,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=gogl

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon (CANON INC.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install File not found
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" File not found

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" File not found

========== (O4) Startup Folders ==========

[2005/03/16 18:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Jaci\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab -- CDownloadCtrl Object
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1218743739906 -- WUWebControl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://go.divx.com/plugin/DivXBrowserPlugin.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll lpmtkl.dll
>[2008/09/02 08:04:24 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/08/14 13:08:40 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e11c7de5-d17b-11dd-b6cc-0018f35126d1}\Shell\AutoRun\command]
""=G:\InstallTomTomHOME.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/06 17:10:32 | 00,000,268 | -H-- | C] () -- C:\sqmdata09.sqm
[2009/01/06 17:10:32 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm
[2009/01/06 17:05:36 | 00,000,268 | -H-- | C] () -- C:\sqmdata08.sqm
[2009/01/06 17:05:36 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt08.sqm
[2009/01/06 17:04:44 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/01/06 17:04:42 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/01/06 17:04:42 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/01/06 17:04:42 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/06 17:04:42 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/06 17:04:38 | 00,811,008 | ---- | C] () -- C:\Documents and Settings\Jaci\My Documents\gmer.exe
[2009/01/06 17:04:29 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Jaci\My Documents\gmer.zip
[2009/01/06 07:22:39 | 00,000,268 | -H-- | C] () -- C:\sqmdata07.sqm
[2009/01/06 07:22:39 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm
[2009/01/05 20:22:24 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/01/05 20:20:52 | 16,168,344 | ---- | C] () -- C:\Documents and Settings\Jaci\Desktop\jre-6u11-windows-i586-p.exe
[2009/01/05 19:57:02 | 00,047,613 | ---- | C] () -- C:\Documents and Settings\Jaci\My Documents\bleepingcomputerlog.rtf
[2009/01/05 19:52:23 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/01/05 19:50:46 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTMoveIt3.exe
[2009/01/04 19:23:31 | 00,002,644 | ---- | C] () -- C:\Documents and Settings\Jaci\My Documents\kaspersky report.html
[2009/01/04 17:44:05 | 00,000,268 | -H-- | C] () -- C:\sqmdata06.sqm
[2009/01/04 17:44:05 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm
[2009/01/04 17:11:25 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTViewIt.exe
[2009/01/03 21:48:21 | 00,000,268 | -H-- | C] () -- C:\sqmdata05.sqm
[2009/01/03 21:48:21 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
[2009/01/03 12:56:39 | 00,062,460 | ---- | C] () -- C:\Documents and Settings\Jaci\Desktop\AstroGadget.ttf
[2009/01/03 12:56:28 | 00,036,502 | ---- | C] () -- C:\Documents and Settings\Jaci\Desktop\astro_gadget.zip
[2008/12/25 12:36:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaci\My Documents\TomTom
[2008/12/25 12:36:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/12/25 12:36:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaci\Local Settings\Application Data\TomTom
[2008/12/25 12:36:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaci\Application Data\TomTom
[2008/12/25 12:35:24 | 00,000,000 | ---D | C] -- C:\Program Files\TomTom DesktopSuite
[2008/12/23 23:36:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trophy Bass 2007
[2008/12/23 23:29:49 | 00,000,534 | ---- | C] () -- C:\Documents and Settings\Jaci\Desktop\Trophy Bass 2007.lnk
[2008/12/23 23:22:24 | 00,000,268 | -H-- | C] () -- C:\sqmdata04.sqm
[2008/12/23 23:22:24 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
[2008/12/21 20:39:14 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2008/12/21 20:39:13 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2008/12/21 20:39:13 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2008/12/21 20:39:13 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2008/12/21 01:19:48 | 00,000,000 | ---D | C] -- C:\ASTROLOG
[2008/12/21 01:19:26 | 00,563,001 | ---- | C] (PKWARE, Inc.) -- C:\Documents and Settings\Jaci\Desktop\ast54win.exe
[2008/12/14 11:48:06 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/14 11:47:07 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\Jaci\Desktop\RSIT.exe
[2008/12/14 11:34:05 | 00,406,016 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTScanIt.exe
[2008/12/14 11:29:40 | 13,702,648 | ---- | C] () -- C:\Documents and Settings\Jaci\My Documents\regbackup.reg
[2008/12/14 11:14:26 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Jaci\Desktop\HijackThis.lnk
[2008/12/14 11:14:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/14 11:13:18 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Jaci\Desktop\HJTInstall.exe
[2008/12/14 11:13:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaci\Application Data\Malwarebytes
[2008/12/14 11:13:01 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/14 11:13:01 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 11:12:59 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/14 11:12:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/14 11:12:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/14 11:11:31 | 02,539,400 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jaci\Desktop\mbam-setup.exe
[2008/12/14 10:41:58 | 00,000,268 | -H-- | C] () -- C:\sqmdata03.sqm
[2008/12/14 10:41:58 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2008/12/14 10:07:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

========== Files - Modified Within 30 Days ==========

[2 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/06 18:32:17 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/01/06 17:10:32 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/01/06 17:10:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/01/06 17:07:59 | 31,630,359 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/01/06 17:06:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/01/06 17:06:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/06 17:06:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/06 17:05:36 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/01/06 17:05:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/01/06 17:04:42 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/01/06 17:04:42 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/06 17:04:42 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/06 17:04:30 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Jaci\My Documents\gmer.zip
[2009/01/06 07:22:39 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/01/06 07:22:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/01/05 20:24:18 | 00,047,613 | ---- | M] () -- C:\Documents and Settings\Jaci\My Documents\bleepingcomputerlog.rtf
[2009/01/05 20:21:13 | 16,168,344 | ---- | M] () -- C:\Documents and Settings\Jaci\Desktop\jre-6u11-windows-i586-p.exe
[2009/01/05 20:19:46 | 00,031,035 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/01/05 20:18:10 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/05 20:18:06 | 00,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/05 19:50:46 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTMoveIt3.exe
[2009/01/04 19:23:31 | 00,002,644 | ---- | M] () -- C:\Documents and Settings\Jaci\My Documents\kaspersky report.html
[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/04 17:44:05 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/01/04 17:44:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/01/04 17:11:26 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTViewIt.exe
[2009/01/03 21:48:21 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/01/03 21:48:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/01/03 12:56:29 | 00,036,502 | ---- | M] () -- C:\Documents and Settings\Jaci\Desktop\astro_gadget.zip
[2008/12/23 23:29:49 | 00,000,534 | ---- | M] () -- C:\Documents and Settings\Jaci\Desktop\Trophy Bass 2007.lnk
[2008/12/23 23:22:24 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/12/23 23:22:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/12/22 09:39:22 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/21 20:41:56 | 00,010,240 | ---- | M] () -- C:\Documents and Settings\Jaci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/21 01:19:26 | 00,563,001 | ---- | M] (PKWARE, Inc.) -- C:\Documents and Settings\Jaci\Desktop\ast54win.exe
[2008/12/14 11:47:07 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\Jaci\Desktop\RSIT.exe
[2008/12/14 11:34:05 | 00,406,016 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaci\Desktop\OTScanIt.exe
[2008/12/14 11:29:45 | 13,702,648 | ---- | M] () -- C:\Documents and Settings\Jaci\My Documents\regbackup.reg
[2008/12/14 11:14:26 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Jaci\Desktop\HijackThis.lnk
[2008/12/14 11:13:18 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Jaci\Desktop\HJTInstall.exe
[2008/12/14 11:13:01 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 11:11:38 | 02,539,400 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jaci\Desktop\mbam-setup.exe
[2008/12/14 11:04:21 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/14 11:04:21 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/14 11:04:21 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2008/12/14 10:41:58 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/12/14 10:41:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
< End of report >

OTViewIt Extras logfile created on: 1/6/2009 7:18:58 PM - Run 4
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Jaci\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.63% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 5.21 Gb Free Space | 7.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 149.05 Gb Total Space | 57.89 Gb Free Space | 38.84% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACI-13D16D0C5D
Current User Name: Jaci
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/02/28 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/09/15 07:38:05 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/09/15 07:38:25 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2005/03/04 13:25:26 | 12,705,792 | ---- | M] (Curious Labs, Inc.) -- C:\Program Files\Curious Labs\Poser 6\Poser.exe:*:Disabled:Poser executable file
[2008/08/15 14:23:08 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Disabled:Apache HTTP Server
[2007/08/04 18:11:00 | 21,721,089 | ---- | M] (The Creative Assembly Ltd) -- C:\Program Files\SEGA\Medieval II Total War\medieval2.exe:*:Disabled:Medieval II Total War
[2006/02/28 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2007/05/16 21:52:50 | 05,282,817 | ---- | M] (Firaxis Games) -- C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Disabled:Sid Meier's Civilization 4
File not found -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 11:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/02 08:04:29 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 11:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 11:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series"=Canon iP2600 series
"{1C55AE03-9FF0-4908-B42C-D191DA3C4F22}"=Medieval II Total War
"{1CF028E5-705D-4B62-AC1D-A59593B7C0BB}"=Sid Meier's Civilization 4
"{1F6423DE-7959-4178-80E0-023C7EAA5347}"=NVIDIA ForceWare Network Access Manager
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}"=Command & Conquer The First Decade
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}"=Adobe Stock Photos 1.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}"=VC_MergeModuleToMSI
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}"=AGEIA PhysX v7.11.13
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{A99C6296-A311-4D6C-9602-53B4241921D5}"=Roxio Easy Media Creator 7
"{A9D0745C-BABD-472B-8AF0-FAF888D31046}"=Medieval II Total War
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}"=Adobe Bridge 1.0
"{D6371A9C-5A90-41CC-A824-A6B4B5348D42}"=Carrara 3D Express
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E053BA59-2CB3-4EED-AE3B-4B3614DB3BA2}}_is1"=Media Resizer
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}"=The Witcher Enhanced Edition
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"Adobe Shockwave Player"=Adobe Shockwave Player
"AVG8Uninstall"=AVG Free 8.0
"Canon iP2600 series User Registration"=Canon iP2600 series User Registration
"CanonMyPrinter"=Canon My Printer
"CanonSolutionMenu"=Canon Utilities Solution Menu
"CINEMA 4D Release 10"=CINEMA 4D Release 10
"CleanUp!"=CleanUp!
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"Download Manager"=Download Manager 2.3.7
"Easy-PhotoPrint EX"=Canon Utilities Easy-PhotoPrint EX
"GameSpy Arcade"=GameSpy Arcade
"Hexagon 2.5"=Hexagon
"HijackThis"=HijackThis 2.0.2
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}"=NVIDIA ForceWare Network Access Manager
"InterActual Player"=InterActual Player
"KLiteCodecPack_is1"=K-Lite Codec Pack 4.1.7 (Full)
"LimeWire"=LimeWire 4.18.5
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MWSnap 3"=MWSnap 3
"NVIDIA Drivers"=NVIDIA Drivers
"Poser 6"=Poser 6
"RealPlayer 6.0"=RealPlayer
"SecondLife"=SecondLife (remove only)
"Trophy Bass 2007"=Trophy Bass 2007
"WinRAR archiver"=WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1645522239-789336058-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/15/2008 7:04:10 PM | Computer Name = JACI-13D16D0C5D | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module rpcss.dll, version 5.1.2600.2180, fault address 0x0001be55.

Error - 11/15/2008 7:04:17 PM | Computer Name = JACI-13D16D0C5D | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BE from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/15/2008 7:04:17 PM | Computer Name = JACI-13D16D0C5D | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BE from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/15/2008 7:05:35 PM | Computer Name = JACI-13D16D0C5D | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/16/2008 7:48:23 PM | Computer Name = JACI-13D16D0C5D | Source = Application Error | ID = 1000
Description = Faulting application witcher.exe, version 1.4.5.1280, faulting module
witcher.exe, version 1.4.5.1280, fault address 0x00159d17.

Error - 11/27/2008 4:04:34 PM | Computer Name = JACI-13D16D0C5D | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00700074.

Error - 12/30/2008 4:42:38 PM | Computer Name = JACI-13D16D0C5D | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module rpcss.dll, version 5.1.2600.2180, fault address 0x0001be55.

Error - 12/30/2008 4:43:04 PM | Computer Name = JACI-13D16D0C5D | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/3/2009 11:43:29 PM | Computer Name = JACI-13D16D0C5D | Source = Application Hang | ID = 1002
Description = Hanging application Trophy Bass 2007.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/3/2009 11:47:26 PM | Computer Name = JACI-13D16D0C5D | Source = Application Hang | ID = 1002
Description = Hanging application Trophy Bass 2007.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/5/2009 10:16:39 PM | Computer Name = JACI-13D16D0C5D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/5/2009 10:16:39 PM | Computer Name = JACI-13D16D0C5D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/5/2009 10:16:39 PM | Computer Name = JACI-13D16D0C5D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/5/2009 10:16:39 PM | Computer Name = JACI-13D16D0C5D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/5/2009 10:16:39 PM | Computer Name = JACI-13D16D0C5D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/5/2009 10:16:39 PM | Computer Name = JACI-13D16D0C5D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/5/2009 10:16:40 PM | Computer Name = JACI-13D16D0C5D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/5/2009 10:16:40 PM | Computer Name = JACI-13D16D0C5D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/5/2009 10:16:40 PM | Computer Name = JACI-13D16D0C5D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/5/2009 10:16:40 PM | Computer Name = JACI-13D16D0C5D | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >


I can only view the vault in avg and don't see how to export a report: here is a SS of the vault locations, following will be the names, they wont fit in the same SS.

Attached Files



#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 07 January 2009 - 04:42 PM

Hello.

Your log looks okay.

Run Script with OTMoveIt3
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"="avgrsstx.dll"
    :commands
    [EmptyTemp]
    [Reboot]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Run AVG 8.0 and export file

Please re-run AVG8 again and see if it detects anything.
  • To export the file after the scan is finished, open the AVG home page.
  • Click the Computer Scanner tab
  • Click the Scan History
  • Find the name of the scan you just did by looking at the start time and end time and the double click that
  • Near the bottom there is a blue text that says" Export Overview to file... please click that
  • The browse window will open, please input a name and then save it onto your desktop
  • Now double click that file you saved on your desktop and attach it here in your next reply if it is too huge.
Also please run an online scan.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Please post back with:
-OTmoveIT log
-AVG 8.0 log
-Kaspersky scan log
-New OTViewIT logs
-Problems you still are recieving, does AVG 8.0 or any other scanners still pick up gadcom.exe?


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 10 January 2009 - 02:05 PM

Hi.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding. :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 jjroland

jjroland
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 11 January 2009 - 03:48 PM

Yes I apologize I haven't been able to do these steps the last couple days due to work. I will do them tonight.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users