Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Variant


  • This topic is locked This topic is locked
13 replies to this topic

#1 mjm044

mjm044

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:evergreen park
  • Local time:10:01 PM

Posted 14 December 2008 - 01:32 PM

Need some help. Have files SAS says are Vundo infections. Tried SAS and Malware and Adware, with no luck. Here are HiJack log and SAS log.
Thanks

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/14/2008 at 12:16 PM

Application Version : 4.23.1006

Core Rules Database Version : 3674
Trace Rules Database Version: 1653

Scan type : Quick Scan
Total Scan Time : 00:10:50

Memory items scanned : 360
Memory threats detected : 0
Registry items scanned : 401
Registry threats detected : 6
File items scanned : 4177
File threats detected : 10

Adware.Tracking Cookie
C:\Documents and Settings\mike\Cookies\mike@trafficmp[2].txt
C:\Documents and Settings\mike\Cookies\mike@atwola[1].txt
C:\Documents and Settings\mike\Cookies\mike@realmedia[1].txt
C:\Documents and Settings\mike\Cookies\mike@specificclick[2].txt
C:\Documents and Settings\mike\Cookies\mike@ad.yieldmanager[2].txt
C:\Documents and Settings\mike\Cookies\mike@doubleclick[1].txt
C:\Documents and Settings\mike\Cookies\mike@fastclick[1].txt
C:\Documents and Settings\mike\Cookies\mike@advertising[1].txt
C:\Documents and Settings\mike\Cookies\mike@adopt.euroclick[1].txt
C:\Documents and Settings\mike\Cookies\mike@ads.pointroll[1].txt

Adware.Vundo Variant
HKCR\CLSID\{22EF8BA1-A18C-4AD3-AD84-01B95B581C5C}
HKCR\CLSID\{22EF8BA1-A18C-4AD3-AD84-01B95B581C5C}\InProcServer32
HKCR\CLSID\{22EF8BA1-A18C-4AD3-AD84-01B95B581C5C}\InProcServer32#ThreadingModel
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32#ThreadingModel



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:48 PM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {8c9321d8-a114-4f3c-b102-fa23166bf9de} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182212092389
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://portal.connect.cps.edu//SNX/CSHELL/extender.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\defupabo.dll c:\windows\system32\lolanayo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7531 bytes

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 PM

Posted 22 December 2008 - 01:52 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 mjm044

mjm044
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:evergreen park
  • Local time:10:01 PM

Posted 25 December 2008 - 12:44 AM

Thanks for your help..Here is the logs asked for.

OTViewIt logfile created on: 12/24/2008 2:38:57 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.49 Mb Total Physical Memory | 144.88 Mb Available Physical Memory | 28.32% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 69.17% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 26.13 Gb Free Space | 35.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 189.92 Gb Total Space | 118.79 Gb Free Space | 62.55% Space Free | Partition Type: NTFS

Computer Name: MIKE1
Current User Name: mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2004/06/09 19:31:14 | 00,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
[2004/06/09 19:31:08 | 00,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/08/11 11:15:36 | 00,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
[2004/10/06 16:56:52 | 00,161,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
[2004/01/08 12:54:06 | 00,065,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2003/10/31 18:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2008/07/07 12:12:26 | 00,675,935 | ---- | M] ( ) -- C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
[2004/06/09 19:31:06 | 00,066,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2008/09/09 09:58:10 | 00,353,680 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
[2008/12/10 12:45:46 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2007/12/22 17:03:28 | 00,916,240 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
[2004/10/06 16:56:36 | 00,030,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
[2008/12/10 12:45:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2006/10/19 12:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2004/10/06 16:56:44 | 01,275,216 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
[2004/12/17 08:00:00 | 00,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
[2007/01/18 19:04:04 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[2007/08/30 16:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[2008/04/13 18:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/12/24 14:28:20 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike\Desktop\OTViewIt.exe
[2008/12/10 12:45:44 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe

========== (O23) Win32 Services ==========

[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2006/08/11 11:15:36 | 00,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])
[2004/06/09 19:31:08 | 00,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
[2004/06/09 19:31:12 | 00,087,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
[2004/06/09 19:31:14 | 00,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
[2008/09/09 09:58:10 | 00,353,680 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender [Auto | Running])
[2004/10/06 16:56:36 | 00,030,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
[2008/06/03 19:03:20 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2005/02/24 14:30:50 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/12/10 12:45:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/10/19 12:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
File not found -- -- (NMIndexingService [Disabled | Stopped])
[2004/10/06 16:56:48 | 00,173,392 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
[2004/06/11 17:28:30 | 00,201,944 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
[2004/10/06 16:56:44 | 01,275,216 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
[2007/01/18 19:04:04 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2003/12/11 09:54:14 | 00,391,424 | ---- | M] (Sensaura Ltd) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Running])
[2004/01/09 09:17:02 | 00,601,100 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2008/04/13 12:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [System | Running])
[2004/12/16 12:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])
[2001/08/17 06:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
[2003/09/03 20:37:04 | 00,041,984 | R--- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB [On_Demand | Stopped])
[2008/04/13 12:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/04/13 12:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/12/19 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081219.005\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/12/19 03:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081219.005\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2003/07/17 02:10:06 | 00,007,040 | R--- | M] (VIA Networking Technologies, Inc. ) -- C:\WINDOWS\system32\ntsim.sys -- (NTSIM [On_Demand | Stopped])
[2004/08/03 23:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/17 06:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4 [On_Demand | Stopped])
[2001/08/18 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/06/10 18:07:16 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2008/05/21 16:03:28 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
[2006/02/16 16:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
[2008/05/21 16:03:28 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2004/02/09 14:43:56 | 00,301,200 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
[2004/02/09 14:43:56 | 00,037,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [Auto | Running])
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/03/04 22:46:46 | 00,082,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2004/06/11 17:28:08 | 00,016,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2004/06/11 17:28:10 | 00,263,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2003/07/01 14:42:00 | 00,027,904 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [Boot | Running])
[2001/10/17 22:00:00 | 00,006,144 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\viaidexp.sys -- (ViaIde [Boot | Running])
[2008/09/09 09:58:10 | 00,120,976 | ---- | M] (Check Point Software Technologies) -- C:\WINDOWS\system32\drivers\vna.sys -- (VNA [On_Demand | Running])
[2001/08/18 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://google.com/

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{8c9321d8-a114-4f3c-b102-fa23166bf9de} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
"Name of App"=C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r ( )
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN (FUJI PHOTO FILM CO., LTD.)
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"=C:\Program Files\Eraser\Eraser.exe -hide (The Eraser Project)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"=C:\Program Files\Eraser\Eraser.exe -hide (The Eraser Project)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)

========== (O4) Startup Folders ==========

[2000/01/21 02:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
[2004/12/17 08:00:00 | 00,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [2008/12/10 12:45:47 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [Sun Java Console] -> [2008/12/10 12:45:47 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Messenger] -> File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [Sun Java Console] -> [2008/12/10 12:45:47 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Messenger] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [Sun Java Console] -> [2008/12/10 12:45:47 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Messenger] -> File not found

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [Sun Java Console] -> [2008/12/10 12:45:47 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Messenger] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
2 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
2 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://www.apple.com/qtactivex/qtplugin.cab -- QuickTime Object
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1182212092389 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}: https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx -- Get_ActiveX Control
{B4CB50E4-0309-4906-86EA-10B6641C8392}: https://portal.connect.cps.edu//SNX/CSHELL/extender.cab -- SlimClient Class
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{1A281F24-AA95-4DD8-A71A-3043FDCB599A} (Servers: | Description: VIA Rhine II Fast Ethernet Adapter)
{F17F3222-855A-49BB-B4D1-071FC6AF65D0} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\system32\defupabo.dll c:\windows\system32\lolanayo.dll
>File not found -- C:\WINDOWS\system32\defupabo.dll
>File not found -- c:\windows\system32\lolanayo.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/06/15 20:50:12 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/12/24 14:28:17 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mike\Desktop\OTViewIt.exe
[2008/12/17 20:22:45 | 00,407,287 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\90 jo.jpg
[2008/12/14 23:24:23 | 00,013,584 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\cc_20081214_232421.reg
[2008/12/14 12:02:57 | 53,640,3968 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/14 11:42:36 | 00,000,490 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\cc_20081214_1142.reg
[2008/12/14 10:24:51 | 00,001,772 | ---- | C] () -- C:\Documents and Settings\mike\Desktop\HijackThis.lnk
[2008/12/14 10:24:50 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/14 00:44:02 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/12/14 00:23:14 | 00,035,954 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\cc_20081214_0023.reg
[2008/12/14 00:20:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2008/12/14 00:20:18 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/12/14 00:19:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mike\Local Settings\Application Data\Apple
[2008/12/14 00:19:13 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2008/12/14 00:19:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/12/14 00:15:22 | 00,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2008/12/14 00:13:20 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/12/13 19:07:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mike\Application Data\Malwarebytes
[2008/12/13 19:07:29 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/13 19:07:28 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/13 19:07:26 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/13 19:07:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/13 19:07:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/13 14:08:02 | 00,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/13 13:43:40 | 00,006,994 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\cc_20081213_1343.reg
[2008/12/13 13:17:56 | 00,585,122 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\cc_20081213_1317.reg
[2008/12/10 19:00:44 | 00,000,000 | ---D | C] -- C:\New Folder
[2008/12/04 21:52:46 | 00,000,000 | ---D | C] -- C:\Program Files\ill
[2008/12/04 21:28:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mike\My Documents\Version Cue
[2008/12/04 21:28:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mike\My Documents\AdobeStockPhotos
[2008/11/30 21:24:10 | 00,091,136 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msls2.dll
[2008/11/30 21:19:55 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\mike\Desktop\xmas gift list 08.wps
[2008/11/28 12:52:23 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\mike\Desktop\848E0C0C4CD70A80

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/12/24 14:28:37 | 00,000,439 | ---- | M] () -- C:\Documents and Settings\mike\Application Data\SamsungLiveUpdateConfig.ini
[2008/12/24 14:28:20 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike\Desktop\OTViewIt.exe
[2008/12/24 14:25:32 | 00,013,086 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/24 14:24:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/24 14:24:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/24 14:24:41 | 53,640,3968 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/24 14:21:43 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/24 12:02:49 | 00,002,471 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\Excel.lnk
[2008/12/20 11:52:53 | 00,001,856 | -H-- | M] () -- C:\Documents and Settings\mike\My Documents\Default.rdp
[2008/12/17 20:22:45 | 00,407,287 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\90 jo.jpg
[2008/12/14 23:24:36 | 00,013,584 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\cc_20081214_232421.reg
[2008/12/14 23:22:54 | 00,001,586 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\CCleaner.lnk
[2008/12/14 11:42:39 | 00,000,490 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\cc_20081214_1142.reg
[2008/12/14 10:24:52 | 00,001,772 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\HijackThis.lnk
[2008/12/14 00:23:17 | 00,035,954 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\cc_20081214_0023.reg
[2008/12/14 00:19:18 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/14 00:16:55 | 00,001,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/14 00:15:22 | 00,001,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2008/12/13 19:07:29 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/13 14:08:02 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/13 13:43:44 | 00,006,994 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\cc_20081213_1343.reg
[2008/12/13 13:18:08 | 00,585,122 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\cc_20081213_1317.reg
[2008/12/13 12:24:49 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\videmeyo
[2008/12/04 21:40:47 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\Word.lnk
[2008/12/03 19:53:40 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:53:36 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/30 21:19:55 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\xmas gift list 08.wps
< End of report >





OTViewIt Extras logfile created on: 12/24/2008 2:29:13 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.49 Mb Total Physical Memory | 216.08 Mb Available Physical Memory | 42.24% Memory free
1.22 Gb Paging File | 0.86 Gb Available in Paging File | 70.70% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 26.15 Gb Free Space | 35.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 189.92 Gb Total Space | 118.79 Gb Free Space | 62.55% Space Free | Partition Type: NTFS

Computer Name: MIKE1
Current User Name: mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/09/09 09:58:10 | 00,353,680 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe:*:Enabled:SSL Network Extender Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/02/09 08:52:56 | 00,119,808 | ---- | M] () -- C:\Program Files\BitZip\bitzip.exe:*:Disabled:bitzip
File not found -- C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2007/08/30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 16:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/09/09 09:58:10 | 00,353,680 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe:*:Enabled:SSL Network Extender Service
[2008/04/13 18:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore
[2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer
[2008/04/13 18:12:24 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Professional
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}"=Serif PhotoPlus 6.0
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{09ebf106-5b48-4975-a0a9-5bf62bf17276}"=Check Point SSL Network Extender Service
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}"=FW LiveUpdate
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{24ED4D80-8294-11D5-96CD-0040266301AD}"=FinePixViewer Ver.4.3
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{3466a026-f6b6-4df5-a1e3-2354f5deff1b}"=Check Point Deployment Shell
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3F9B2FD2-1C83-4401-9967-C3636638E958}"=Adobe SING CS3
"{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}"=StuffIt Standard
"{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}"=TaxCut Premium 2007
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}"=InterVideo DeviceService
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{5490882C-6961-11D5-BAE5-00E0188E010B}"=FUJIFILM USB Driver
"{56B8B892-317E-4FDE-9E4D-44B189848A27}"=Adobe Setup
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1"=Moyea FLV Player version 1.5.2.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{848AC794-8B81-440A-81AE-6474337DB527}"=Symantec AntiVirus
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B53422A7-10EC-4156-BCF3-550E82D4F363}"=OrangeWare USB2.0 Driver
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}"=Adobe InDesign CS3
"{CCC4E428-411E-4605-B515-317D50ABD477}"=Ulead DVD MovieFactory 6
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D680C913-5955-469D-9D88-C1940F7506D6}"=RAW FILE CONVERTER LE
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}"=LightScribe 1.4.124.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}"=Eraser
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5"=Adobe InDesign CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"BitZip"=BitZip (remove only)
"CCleaner"=CCleaner (remove only)
"Data Viewer_is1"=Data Viewer 3.1.6.8
"Enable S3 for USB Device"=Enable S3 for USB Device
"Eraser"=Eraser
"Ewisoft Website Builder (include eCommerce Builder)_is1"=Ewisoft Website Builder (include eCommerce Builder)
"Free RAR Extract Frog 1.00"=Free RAR Extract Frog 1.00
"HijackThis"=HijackThis 2.0.2
"hp deskjet 960c series"=hp deskjet 960c series (Remove only)
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}"=StuffIt Standard
"InstallShield_{CCC4E428-411E-4605-B515-317D50ABD477}"=Ulead DVD MovieFactory 6
"IrfanView"=IrfanView (remove only)
"LiveUpdate"=LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mozilla Firefox (2.0.0.18)"=Mozilla Firefox (2.0.0.18)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MVApplication1"=Memorex exPressit Label Design Studio
"Nero - Burning Rom!UninstallKey"=Nero OEM
"NeroVision!UninstallKey"=NeroVision Express 2
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NMPUninstallKey"=Nero Media Player
"Recover My Files_is1"=Recover My Files
"Security Task Manager"=Security Task Manager 1.7e
"VN_VUIns_Rhine_VIA"=VIA Rhine-Family Fast Ethernet Adapter
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger"=Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2008 3:42:17 PM | Computer Name = MIKE1 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Zlob in File: C:\Documents and Settings\mike\Application
Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-03-2008 -
20-12-41\{E6D9AA15-5CE6-4F5E-ACE8-E97EAD68E943} by: Auto-Protect scan. Action:
Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description:
The file was deleted successfully.

Error - 12/13/2008 3:42:17 PM | Computer Name = MIKE1 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Fakeavalert in File: C:\Documents and
Settings\mike\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine
- 04-03-2008 - 20-12-41\{ED671E09-0EC7-403D-9C0A-711B87DD88CA} by: Auto-Protect
scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied.
Action Description: The file was deleted successfully.

Error - 12/13/2008 3:42:17 PM | Computer Name = MIKE1 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Zlob in File: C:\Documents and Settings\mike\Application
Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-03-2008 -
20-12-41\{FD573599-BC1E-4A97-A82C-50C238B2A896} by: Auto-Protect scan. Action:
Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description:
The file was deleted successfully.

Error - 12/13/2008 8:20:08 PM | Computer Name = MIKE1 | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2008 8:20:09 PM | Computer Name = MIKE1 | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2008 8:21:01 PM | Computer Name = MIKE1 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.23.0.1006, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/14/2008 2:50:08 AM | Computer Name = MIKE1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/16/2008 7:41:16 PM | Computer Name = MIKE1 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Bloodhound.Exploit.196 in File: C:\Documents
and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\2DAR0LQN\file[1].pdf
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 12/18/2008 12:27:11 PM | Computer Name = MIKE1 | Source = Application Error | ID = 1000
Description = Faulting application fwmanager.exe, version 2.0.2.2, faulting module
fwmanager.exe, version 2.0.2.2, fault address 0x00035afd.

Error - 12/24/2008 2:55:38 PM | Computer Name = MIKE1 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Bloodhound.Exploit.196 in File: C:\Documents
and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\4PM3G96J\pdf[1].pdf
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

[ System Events ]
Error - 12/14/2008 1:37:13 PM | Computer Name = MIKE1 | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer hp deskjet 960c share name
color.

Error - 12/14/2008 2:00:29 PM | Computer Name = MIKE1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/14/2008 2:01:14 PM | Computer Name = MIKE1 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 12/14/2008 2:01:14 PM | Computer Name = MIKE1 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 12/14/2008 2:01:14 PM | Computer Name = MIKE1 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 12/14/2008 2:01:14 PM | Computer Name = MIKE1 | Source = Service Control Manager | ID = 7001
Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends
on the TCP/IP Protocol Driver service which failed to start because of the following
error: %%31

Error - 12/14/2008 2:01:14 PM | Computer Name = MIKE1 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 12/14/2008 2:01:14 PM | Computer Name = MIKE1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK7 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SAVRT SYMTDI Tcpip WS2IFSL

Error - 12/14/2008 2:01:57 PM | Computer Name = MIKE1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/24/2008 3:28:10 PM | Computer Name = MIKE1 | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer hp deskjet 960c share name
color.


< End of report >

KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, December 24, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 24, 2008 17:30:45
Records in database: 1510191
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
Z:\

Scan statistics:
Files scanned: 162263
Threat name: 1
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 03:12:01


File name / Threat name / Threats count
C:\RECYCLER\S-1-5-21-1275210071-573735546-682003330-1003\Dc1.IE5\0LYNGHAV\movie4[1].htm Infected: Trojan-Downloader.HTML.Agent.lq 1
C:\RECYCLER\S-1-5-21-1275210071-573735546-682003330-1003\Dc1.IE5\K96R4TYZ\movie3[1].htm Infected: Trojan-Downloader.HTML.Agent.lq 1
C:\RECYCLER\S-1-5-21-1275210071-573735546-682003330-1003\Dc1.IE5\OTYVC5QZ\movie3[1].htm Infected: Trojan-Downloader.HTML.Agent.lq 1

The selected area was scanned.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 PM

Posted 25 December 2008 - 10:27 AM

Hello.

From what I see you look fine. There are some leftover files and registry keys we can remove now, however do you have any specfic problems you have with your computer right now? SAS flagged some registry itmes of vundo and also some tracking cookies.. Those vundo weren't active, so you can let it remove them.

Let's continue..

Download and Run OTMoveIT3
  • Please download OTMoveIt3 by OldTimer and save it to your desktop. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\WINDOWS\system32\defupabo.dll 
    c:\windows\system32\lolanayo.dll
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"=""
    
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c9321d8-a114-4f3c-b102-fa23166bf9de}]
    
    [HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
    
    :commands
    [Reboot]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Let's run Malwarebytes Anti-Malware once more and see if it finds anything else..

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop if you haven't already installed it.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Please post back with:
-OTMoveIT log
-Malwarebytes Anti-Malware log
-Fresh OTViewIT log


With Regards,
Extremboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 mjm044

mjm044
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:evergreen park
  • Local time:10:01 PM

Posted 26 December 2008 - 01:19 PM

Correct, my computer seems fine but both SAS and MBAB show infected files. They both find them but can not delete them, that was the reason for my post. Attached are the updated files, as you can see the files are still there. Thanks for your help.

Logs

========== FILES ==========
File/Folder C:\WINDOWS\system32\defupabo.dll not found.
File/Folder c:\windows\system32\lolanayo.dll not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_Dlls"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c9321d8-a114-4f3c-b102-fa23166bf9de}\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
========== COMMANDS ==========

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12252008_122231









Malwarebytes' Anti-Malware 1.31
Database version: 1546
Windows 5.1.2600 Service Pack 3

12/25/2008 12:57:42 PM
mbam-log-2008-12-25 (12-57-42).txt

Scan type: Quick Scan
Objects scanned: 53882
Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{22ef8ba1-a18c-4ad3-ad84-01b95b581c5c} (Trojan.Zlob) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)








OTViewIt logfile created on: 12/26/2008 12:15:40 PM - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.49 Mb Total Physical Memory | 186.79 Mb Available Physical Memory | 36.52% Memory free
1.22 Gb Paging File | 0.79 Gb Available in Paging File | 65.15% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 26.72 Gb Free Space | 35.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 189.92 Gb Total Space | 118.38 Gb Free Space | 62.33% Space Free | Partition Type: NTFS

Computer Name: MIKE1
Current User Name: mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2004/06/09 19:31:14 | 00,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
[2004/06/09 19:31:08 | 00,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/08/11 11:15:36 | 00,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
[2008/09/09 09:58:10 | 00,353,680 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
[2004/10/06 16:56:36 | 00,030,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
[2008/12/10 12:45:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2006/10/19 12:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2004/10/06 16:56:44 | 01,275,216 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
[2007/01/18 19:04:04 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[2004/10/06 16:56:52 | 00,161,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
[2004/01/08 12:54:06 | 00,065,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2003/10/31 18:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2008/07/07 12:12:26 | 00,675,935 | ---- | M] ( ) -- C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
[2004/06/09 19:31:06 | 00,066,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2008/12/10 12:45:46 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/12/10 08:39:12 | 01,809,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[2007/12/22 17:03:28 | 00,916,240 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
[2008/04/13 18:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2004/12/17 08:00:00 | 00,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
[2007/08/30 16:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[2008/12/24 14:28:20 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike\Desktop\OTViewIt.exe
[2008/04/13 18:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2008/04/13 18:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe

========== (O23) Win32 Services ==========

[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2006/08/11 11:15:36 | 00,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])
[2004/06/09 19:31:08 | 00,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
[2004/06/09 19:31:12 | 00,087,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
[2004/06/09 19:31:14 | 00,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
[2008/09/09 09:58:10 | 00,353,680 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender [Auto | Running])
[2004/10/06 16:56:36 | 00,030,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
[2008/06/03 19:03:20 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2005/02/24 14:30:50 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/12/10 12:45:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/10/19 12:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
File not found -- -- (NMIndexingService [Disabled | Stopped])
[2004/10/06 16:56:48 | 00,173,392 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
[2004/06/11 17:28:30 | 00,201,944 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
[2004/10/06 16:56:44 | 01,275,216 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
[2007/01/18 19:04:04 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2003/12/11 09:54:14 | 00,391,424 | ---- | M] (Sensaura Ltd) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Running])
[2004/01/09 09:17:02 | 00,601,100 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2008/04/13 12:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [System | Running])
[2004/12/16 12:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])
[2001/08/17 06:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
[2003/09/03 20:37:04 | 00,041,984 | R--- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB [On_Demand | Stopped])
[2008/04/13 12:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/04/13 12:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/12/19 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081219.005\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/12/19 03:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081219.005\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2003/07/17 02:10:06 | 00,007,040 | R--- | M] (VIA Networking Technologies, Inc. ) -- C:\WINDOWS\system32\ntsim.sys -- (NTSIM [On_Demand | Stopped])
[2004/08/03 23:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/17 06:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4 [On_Demand | Stopped])
[2001/08/18 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/06/10 18:07:16 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2008/05/21 16:03:28 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
[2006/02/16 16:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
[2008/05/21 16:03:28 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2004/02/09 14:43:56 | 00,301,200 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
[2004/02/09 14:43:56 | 00,037,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [Auto | Running])
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/03/04 22:46:46 | 00,082,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2004/06/11 17:28:08 | 00,016,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2004/06/11 17:28:10 | 00,263,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2003/07/01 14:42:00 | 00,027,904 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [Boot | Running])
[2001/10/17 22:00:00 | 00,006,144 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\viaidexp.sys -- (ViaIde [Boot | Running])
[2008/09/09 09:58:10 | 00,120,976 | ---- | M] (Check Point Software Technologies) -- C:\WINDOWS\system32\drivers\vna.sys -- (VNA [On_Demand | Running])
[2001/08/18 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://google.com/

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
"Name of App"=C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r ( )
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN (FUJI PHOTO FILM CO., LTD.)
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"=C:\Program Files\Eraser\Eraser.exe -hide (The Eraser Project)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"=C:\Program Files\Eraser\Eraser.exe -hide (The Eraser Project)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)

========== (O4) Startup Folders ==========

[2000/01/21 02:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
[2004/12/17 08:00:00 | 00,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [2008/12/10 12:45:47 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [Sun Java Console] -> [2008/12/10 12:45:47 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Messenger] -> File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [Sun Java Console] -> [2008/12/10 12:45:47 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Messenger] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [Sun Java Console] -> [2008/12/10 12:45:47 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Messenger] -> File not found

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [Sun Java Console] -> [2008/12/10 12:45:47 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Messenger] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
2 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
2 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://www.apple.com/qtactivex/qtplugin.cab -- QuickTime Object
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1182212092389 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}: https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx -- Get_ActiveX Control
{B4CB50E4-0309-4906-86EA-10B6641C8392}: https://portal.connect.cps.edu//SNX/CSHELL/extender.cab -- SlimClient Class
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{1A281F24-AA95-4DD8-A71A-3043FDCB599A} (Servers: | Description: VIA Rhine II Fast Ethernet Adapter)
{F17F3222-855A-49BB-B4D1-071FC6AF65D0} (Servers: | Description: )

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/06/15 20:50:12 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/12/25 12:22:31 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/12/25 12:21:00 | 01,033,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mike\Desktop\OTMoveIt3.exe
[2008/12/24 14:28:17 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mike\Desktop\OTViewIt.exe
[2008/12/17 20:22:45 | 00,407,287 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\90 jo.jpg
[2008/12/14 23:24:23 | 00,013,584 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\cc_20081214_232421.reg
[2008/12/14 12:02:57 | 53,640,3968 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/14 11:42:36 | 00,000,490 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\cc_20081214_1142.reg
[2008/12/14 10:24:51 | 00,001,772 | ---- | C] () -- C:\Documents and Settings\mike\Desktop\HijackThis.lnk
[2008/12/14 10:24:50 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/14 00:44:02 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/12/14 00:23:14 | 00,035,954 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\cc_20081214_0023.reg
[2008/12/14 00:20:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2008/12/14 00:20:18 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/12/14 00:19:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mike\Local Settings\Application Data\Apple
[2008/12/14 00:19:13 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2008/12/14 00:19:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/12/14 00:15:22 | 00,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2008/12/14 00:13:20 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/12/13 19:07:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mike\Application Data\Malwarebytes
[2008/12/13 19:07:29 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/13 19:07:28 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/13 19:07:26 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/13 19:07:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/13 19:07:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/13 14:08:02 | 00,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/13 13:43:40 | 00,006,994 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\cc_20081213_1343.reg
[2008/12/13 13:17:56 | 00,585,122 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\cc_20081213_1317.reg
[2008/12/10 19:00:44 | 00,000,000 | ---D | C] -- C:\New Folder
[2008/12/04 21:52:46 | 00,000,000 | ---D | C] -- C:\Program Files\ill
[2008/12/04 21:28:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mike\My Documents\Version Cue
[2008/12/04 21:28:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mike\My Documents\AdobeStockPhotos
[2008/11/30 21:24:10 | 00,091,136 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msls2.dll
[2008/11/30 21:19:55 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\mike\Desktop\xmas gift list 08.wps
[2008/11/28 12:52:23 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\mike\Desktop\848E0C0C4CD70A80

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/12/26 11:18:16 | 00,000,439 | ---- | M] () -- C:\Documents and Settings\mike\Application Data\SamsungLiveUpdateConfig.ini
[2008/12/26 11:14:55 | 00,013,086 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/26 10:09:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/26 10:09:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/26 10:09:23 | 53,640,3968 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/25 12:21:02 | 01,033,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike\Desktop\OTMoveIt3.exe
[2008/12/25 11:54:21 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/24 14:28:20 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike\Desktop\OTViewIt.exe
[2008/12/24 12:02:49 | 00,002,471 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\Excel.lnk
[2008/12/20 11:52:53 | 00,001,856 | -H-- | M] () -- C:\Documents and Settings\mike\My Documents\Default.rdp
[2008/12/17 20:22:45 | 00,407,287 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\90 jo.jpg
[2008/12/14 23:24:36 | 00,013,584 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\cc_20081214_232421.reg
[2008/12/14 23:22:54 | 00,001,586 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\CCleaner.lnk
[2008/12/14 11:42:39 | 00,000,490 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\cc_20081214_1142.reg
[2008/12/14 10:24:52 | 00,001,772 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\HijackThis.lnk
[2008/12/14 00:23:17 | 00,035,954 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\cc_20081214_0023.reg
[2008/12/14 00:19:18 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/14 00:16:55 | 00,001,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/14 00:15:22 | 00,001,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2008/12/13 19:07:29 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/13 14:08:02 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/13 13:43:44 | 00,006,994 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\cc_20081213_1343.reg
[2008/12/13 13:18:08 | 00,585,122 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\cc_20081213_1317.reg
[2008/12/13 12:24:49 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\videmeyo
[2008/12/04 21:40:47 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\Word.lnk
[2008/12/03 19:53:40 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:53:36 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/30 21:19:55 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\xmas gift list 08.wps
< End of report >



OTViewIt Extras logfile created on: 12/26/2008 12:15:40 PM - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.49 Mb Total Physical Memory | 186.79 Mb Available Physical Memory | 36.52% Memory free
1.22 Gb Paging File | 0.79 Gb Available in Paging File | 65.15% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 26.72 Gb Free Space | 35.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 189.92 Gb Total Space | 118.38 Gb Free Space | 62.33% Space Free | Partition Type: NTFS

Computer Name: MIKE1
Current User Name: mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/09/09 09:58:10 | 00,353,680 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe:*:Enabled:SSL Network Extender Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/02/09 08:52:56 | 00,119,808 | ---- | M] () -- C:\Program Files\BitZip\bitzip.exe:*:Disabled:bitzip
File not found -- C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2007/08/30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 16:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/09/09 09:58:10 | 00,353,680 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe:*:Enabled:SSL Network Extender Service
[2008/04/13 18:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore
[2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer
[2008/04/13 18:12:24 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Professional
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}"=Serif PhotoPlus 6.0
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{09ebf106-5b48-4975-a0a9-5bf62bf17276}"=Check Point SSL Network Extender Service
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}"=FW LiveUpdate
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{24ED4D80-8294-11D5-96CD-0040266301AD}"=FinePixViewer Ver.4.3
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{3466a026-f6b6-4df5-a1e3-2354f5deff1b}"=Check Point Deployment Shell
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3F9B2FD2-1C83-4401-9967-C3636638E958}"=Adobe SING CS3
"{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}"=StuffIt Standard
"{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}"=TaxCut Premium 2007
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}"=InterVideo DeviceService
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{5490882C-6961-11D5-BAE5-00E0188E010B}"=FUJIFILM USB Driver
"{56B8B892-317E-4FDE-9E4D-44B189848A27}"=Adobe Setup
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1"=Moyea FLV Player version 1.5.2.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{848AC794-8B81-440A-81AE-6474337DB527}"=Symantec AntiVirus
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B53422A7-10EC-4156-BCF3-550E82D4F363}"=OrangeWare USB2.0 Driver
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}"=Adobe InDesign CS3
"{CCC4E428-411E-4605-B515-317D50ABD477}"=Ulead DVD MovieFactory 6
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D680C913-5955-469D-9D88-C1940F7506D6}"=RAW FILE CONVERTER LE
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}"=LightScribe 1.4.124.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}"=Eraser
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5"=Adobe InDesign CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"BitZip"=BitZip (remove only)
"CCleaner"=CCleaner (remove only)
"Data Viewer_is1"=Data Viewer 3.1.6.8
"Enable S3 for USB Device"=Enable S3 for USB Device
"Eraser"=Eraser
"Ewisoft Website Builder (include eCommerce Builder)_is1"=Ewisoft Website Builder (include eCommerce Builder)
"Free RAR Extract Frog 1.00"=Free RAR Extract Frog 1.00
"HijackThis"=HijackThis 2.0.2
"hp deskjet 960c series"=hp deskjet 960c series (Remove only)
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}"=StuffIt Standard
"InstallShield_{CCC4E428-411E-4605-B515-317D50ABD477}"=Ulead DVD MovieFactory 6
"IrfanView"=IrfanView (remove only)
"LiveUpdate"=LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mozilla Firefox (2.0.0.18)"=Mozilla Firefox (2.0.0.18)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MVApplication1"=Memorex exPressit Label Design Studio
"Nero - Burning Rom!UninstallKey"=Nero OEM
"NeroVision!UninstallKey"=NeroVision Express 2
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NMPUninstallKey"=Nero Media Player
"Recover My Files_is1"=Recover My Files
"Security Task Manager"=Security Task Manager 1.7e
"VN_VUIns_Rhine_VIA"=VIA Rhine-Family Fast Ethernet Adapter
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger"=Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2008 3:42:17 PM | Computer Name = MIKE1 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Zlob in File: C:\Documents and Settings\mike\Application
Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-03-2008 -
20-12-41\{E6D9AA15-5CE6-4F5E-ACE8-E97EAD68E943} by: Auto-Protect scan. Action:
Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description:
The file was deleted successfully.

Error - 12/13/2008 3:42:17 PM | Computer Name = MIKE1 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Fakeavalert in File: C:\Documents and
Settings\mike\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine
- 04-03-2008 - 20-12-41\{ED671E09-0EC7-403D-9C0A-711B87DD88CA} by: Auto-Protect
scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied.
Action Description: The file was deleted successfully.

Error - 12/13/2008 3:42:17 PM | Computer Name = MIKE1 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Zlob in File: C:\Documents and Settings\mike\Application
Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-03-2008 -
20-12-41\{FD573599-BC1E-4A97-A82C-50C238B2A896} by: Auto-Protect scan. Action:
Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description:
The file was deleted successfully.

Error - 12/13/2008 8:20:08 PM | Computer Name = MIKE1 | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2008 8:20:09 PM | Computer Name = MIKE1 | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2008 8:21:01 PM | Computer Name = MIKE1 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.23.0.1006, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/14/2008 2:50:08 AM | Computer Name = MIKE1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/16/2008 7:41:16 PM | Computer Name = MIKE1 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Bloodhound.Exploit.196 in File: C:\Documents
and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\2DAR0LQN\file[1].pdf
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 12/18/2008 12:27:11 PM | Computer Name = MIKE1 | Source = Application Error | ID = 1000
Description = Faulting application fwmanager.exe, version 2.0.2.2, faulting module
fwmanager.exe, version 2.0.2.2, fault address 0x00035afd.

Error - 12/24/2008 2:55:38 PM | Computer Name = MIKE1 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Bloodhound.Exploit.196 in File: C:\Documents
and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\4PM3G96J\pdf[1].pdf
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

[ System Events ]
Error - 12/14/2008 2:00:29 PM | Computer Name = MIKE1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/14/2008 2:01:14 PM | Computer Name = MIKE1 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 12/14/2008 2:01:14 PM | Computer Name = MIKE1 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 12/14/2008 2:01:14 PM | Computer Name = MIKE1 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 12/14/2008 2:01:14 PM | Computer Name = MIKE1 | Source = Service Control Manager | ID = 7001
Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends
on the TCP/IP Protocol Driver service which failed to start because of the following
error: %%31

Error - 12/14/2008 2:01:14 PM | Computer Name = MIKE1 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 12/14/2008 2:01:14 PM | Computer Name = MIKE1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK7 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SAVRT SYMTDI Tcpip WS2IFSL

Error - 12/14/2008 2:01:57 PM | Computer Name = MIKE1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/24/2008 3:28:10 PM | Computer Name = MIKE1 | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer hp deskjet 960c share name
color.

Error - 12/26/2008 12:09:53 PM | Computer Name = MIKE1 | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer hp deskjet 960c share name
color.


< End of report >

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 PM

Posted 26 December 2008 - 01:55 PM

Hello.

Correct, my computer seems fine but both SAS and MBAB show infected files. They both find them but can not delete them, that was the reason for my post. Attached are the updated files, as you can see the files are still there. Thanks for your help.

I see now. We'll see if we can take care of that now :thumbsup:

Run OTMoveIt
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [-HKEY_CLASSES_ROOT\CLSID\{22ef8ba1-a18c-4ad3-ad84-01b95b581c5c}]
    [-HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}]
    :commands
    [EmptyTemp]
    [Reboot]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re-run with malwarebytes Anti-Malware using the Quick-Scan option and see if it still flags anything. Post back with the results. Also does SAS still flag anything? If so, did SAS delete it?

Please post back with:
-OTmoveIT log
-Malwarebytes log
-New OTViewIT log
-Any Problems?


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 mjm044

mjm044
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:evergreen park
  • Local time:10:01 PM

Posted 26 December 2008 - 04:15 PM

Thanks again...this time it removed the files. Both SAS and Malware scan were clean. Have a nice Holiday!


Malwarebytes' Anti-Malware 1.31
Database version: 1546
Windows 5.1.2600 Service Pack 3

12/26/2008 3:10:33 PM
mbam-log-2008-12-26 (15-10-33).txt

Scan type: Quick Scan
Objects scanned: 53549
Time elapsed: 10 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 PM

Posted 26 December 2008 - 04:23 PM

Hello.

Great to hear that! However, I still want to see the OTMoveIT log and a fresh OTViewIT log please.

Post back with:
-OTMoveIT log
-OTViewIT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 mjm044

mjm044
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:evergreen park
  • Local time:10:01 PM

Posted 26 December 2008 - 04:48 PM

logs

OTViewIt logfile created on: 12/26/2008 3:46:03 PM - Run 5
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.49 Mb Total Physical Memory | 133.48 Mb Available Physical Memory | 26.10% Memory free
1.22 Gb Paging File | 0.78 Gb Available in Paging File | 64.42% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 26.79 Gb Free Space | 35.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 189.92 Gb Total Space | 118.38 Gb Free Space | 62.33% Space Free | Partition Type: NTFS

Computer Name: MIKE1
Current User Name: mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2004/06/09 19:31:14 | 00,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
[2004/06/09 19:31:08 | 00,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/08/11 11:15:36 | 00,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
[2008/09/09 09:58:10 | 00,353,680 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
[2004/10/06 16:56:36 | 00,030,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
[2008/12/10 12:45:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2006/10/19 12:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2004/10/06 16:56:44 | 01,275,216 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
[2007/01/18 19:04:04 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[2004/10/06 16:56:52 | 00,161,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
[2004/01/08 12:54:06 | 00,065,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2003/10/31 18:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2008/07/07 12:12:26 | 00,675,935 | ---- | M] ( ) -- C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
[2004/06/09 19:31:06 | 00,066,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2008/12/10 12:45:46 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/12/10 08:39:12 | 01,809,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[2007/12/22 17:03:28 | 00,916,240 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
[2004/12/17 08:00:00 | 00,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
[2007/08/30 16:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[2008/04/13 18:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/12/24 14:28:20 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2006/08/11 11:15:36 | 00,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])
[2004/06/09 19:31:08 | 00,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
[2004/06/09 19:31:12 | 00,087,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
[2004/06/09 19:31:14 | 00,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
[2008/09/09 09:58:10 | 00,353,680 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender [Auto | Running])
[2004/10/06 16:56:36 | 00,030,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
[2008/06/03 19:03:20 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2005/02/24 14:30:50 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/12/10 12:45:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/10/19 12:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
File not found -- -- (NMIndexingService [Disabled | Stopped])
[2004/10/06 16:56:48 | 00,173,392 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
[2004/06/11 17:28:30 | 00,201,944 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
[2004/10/06 16:56:44 | 01,275,216 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
[2007/01/18 19:04:04 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2003/12/11 09:54:14 | 00,391,424 | ---- | M] (Sensaura Ltd) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Running])
[2004/01/09 09:17:02 | 00,601,100 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2008/04/13 12:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [System | Running])
[2004/12/16 12:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])
[2001/08/17 06:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
[2003/09/03 20:37:04 | 00,041,984 | R--- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB [On_Demand | Stopped])
[2008/04/13 12:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/04/13 12:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/12/19 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081219.005\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/12/19 03:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081219.005\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2003/07/17 02:10:06 | 00,007,040 | R--- | M] (VIA Networking Technologies, Inc. ) -- C:\WINDOWS\system32\ntsim.sys -- (NTSIM [On_Demand | Stopped])
[2004/08/03 23:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/17 06:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4 [On_Demand | Stopped])
[2001/08/18 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/06/10 18:07:16 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2008/05/21 16:03:28 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
[2006/02/16 16:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
[2008/05/21 16:03:28 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2004/02/09 14:43:56 | 00,301,200 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
[2004/02/09 14:43:56 | 00,037,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [Auto | Running])
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/03/04 22:46:46 | 00,082,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2004/06/11 17:28:08 | 00,016,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2004/06/11 17:28:10 | 00,263,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2003/07/01 14:42:00 | 00,027,904 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [Boot | Running])
[2001/10/17 22:00:00 | 00,006,144 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\viaidexp.sys -- (ViaIde [Boot | Running])
[2008/09/09 09:58:10 | 00,120,976 | ---- | M] (Check Point Software Technologies) -- C:\WINDOWS\system32\drivers\vna.sys -- (VNA [On_Demand | Running])
[2001/08/18 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://google.com/

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
"Name of App"=C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r ( )
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN (FUJI PHOTO FILM CO., LTD.)
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"=C:\Program Files\Eraser\Eraser.exe -hide (The Eraser Project)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"=C:\Program Files\Eraser\Eraser.exe -hide (The Eraser Project)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)

========== (O4) Startup Folders ==========

[2000/01/21 02:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
[2004/12/17 08:00:00 | 00,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [2008/12/10 12:45:47 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [Sun Java Console] -> [2008/12/10 12:45:47 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Messenger] -> File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [Sun Java Console] -> [2008/12/10 12:45:47 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Messenger] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [Sun Java Console] -> [2008/12/10 12:45:47 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Messenger] -> File not found

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [Sun Java Console] -> [2008/12/10 12:45:47 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Messenger] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
2 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1275210071-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
2 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://www.apple.com/qtactivex/qtplugin.cab -- QuickTime Object
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1182212092389 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}: https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx -- Get_ActiveX Control
{B4CB50E4-0309-4906-86EA-10B6641C8392}: https://portal.connect.cps.edu//SNX/CSHELL/extender.cab -- SlimClient Class
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{1A281F24-AA95-4DD8-A71A-3043FDCB599A} (Servers: | Description: VIA Rhine II Fast Ethernet Adapter)
{F17F3222-855A-49BB-B4D1-071FC6AF65D0} (Servers: | Description: )

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/06/15 20:50:12 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/12/25 12:22:31 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/12/25 12:21:00 | 01,033,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mike\Desktop\OTMoveIt3.exe
[2008/12/24 14:28:17 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mike\Desktop\OTViewIt.exe
[2008/12/17 20:22:45 | 00,407,287 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\90 jo.jpg
[2008/12/14 23:24:23 | 00,013,584 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\cc_20081214_232421.reg
[2008/12/14 12:02:57 | 53,640,3968 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/14 11:42:36 | 00,000,490 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\cc_20081214_1142.reg
[2008/12/14 10:24:51 | 00,001,772 | ---- | C] () -- C:\Documents and Settings\mike\Desktop\HijackThis.lnk
[2008/12/14 10:24:50 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/14 00:44:02 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/12/14 00:23:14 | 00,035,954 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\cc_20081214_0023.reg
[2008/12/14 00:20:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2008/12/14 00:20:18 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/12/14 00:19:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mike\Local Settings\Application Data\Apple
[2008/12/14 00:19:13 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2008/12/14 00:19:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/12/14 00:15:22 | 00,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2008/12/14 00:13:20 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/12/13 19:07:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mike\Application Data\Malwarebytes
[2008/12/13 19:07:29 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/13 19:07:28 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/13 19:07:26 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/13 19:07:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/13 19:07:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/13 14:08:02 | 00,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/13 13:43:40 | 00,006,994 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\cc_20081213_1343.reg
[2008/12/13 13:17:56 | 00,585,122 | ---- | C] () -- C:\Documents and Settings\mike\My Documents\cc_20081213_1317.reg
[2008/12/10 19:00:44 | 00,000,000 | ---D | C] -- C:\New Folder
[2008/12/04 21:52:46 | 00,000,000 | ---D | C] -- C:\Program Files\ill
[2008/12/04 21:28:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mike\My Documents\Version Cue
[2008/12/04 21:28:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mike\My Documents\AdobeStockPhotos
[2008/11/30 21:24:10 | 00,091,136 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msls2.dll
[2008/11/28 12:52:23 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\mike\Desktop\848E0C0C4CD70A80

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/12/26 14:46:58 | 00,000,439 | ---- | M] () -- C:\Documents and Settings\mike\Application Data\SamsungLiveUpdateConfig.ini
[2008/12/26 14:43:12 | 00,013,086 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/26 14:42:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/26 14:42:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/26 14:42:39 | 53,640,3968 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/25 12:21:02 | 01,033,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike\Desktop\OTMoveIt3.exe
[2008/12/25 11:54:21 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/24 14:28:20 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike\Desktop\OTViewIt.exe
[2008/12/24 12:02:49 | 00,002,471 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\Excel.lnk
[2008/12/20 11:52:53 | 00,001,856 | -H-- | M] () -- C:\Documents and Settings\mike\My Documents\Default.rdp
[2008/12/17 20:22:45 | 00,407,287 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\90 jo.jpg
[2008/12/14 23:24:36 | 00,013,584 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\cc_20081214_232421.reg
[2008/12/14 23:22:54 | 00,001,586 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\CCleaner.lnk
[2008/12/14 11:42:39 | 00,000,490 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\cc_20081214_1142.reg
[2008/12/14 10:24:52 | 00,001,772 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\HijackThis.lnk
[2008/12/14 00:23:17 | 00,035,954 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\cc_20081214_0023.reg
[2008/12/14 00:19:18 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/14 00:16:55 | 00,001,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/14 00:15:22 | 00,001,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2008/12/13 19:07:29 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/13 14:08:02 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/13 13:43:44 | 00,006,994 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\cc_20081213_1343.reg
[2008/12/13 13:18:08 | 00,585,122 | ---- | M] () -- C:\Documents and Settings\mike\My Documents\cc_20081213_1317.reg
[2008/12/13 12:24:49 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\videmeyo
[2008/12/04 21:40:47 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\Word.lnk
[2008/12/03 19:53:40 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:53:36 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >


OTViewIt Extras logfile created on: 12/26/2008 3:46:03 PM - Run 5
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.49 Mb Total Physical Memory | 133.48 Mb Available Physical Memory | 26.10% Memory free
1.22 Gb Paging File | 0.78 Gb Available in Paging File | 64.42% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 26.79 Gb Free Space | 35.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 189.92 Gb Total Space | 118.38 Gb Free Space | 62.33% Space Free | Partition Type: NTFS

Computer Name: MIKE1
Current User Name: mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/09/09 09:58:10 | 00,353,680 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe:*:Enabled:SSL Network Extender Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/02/09 08:52:56 | 00,119,808 | ---- | M] () -- C:\Program Files\BitZip\bitzip.exe:*:Disabled:bitzip
File not found -- C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2007/08/30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 16:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/09/09 09:58:10 | 00,353,680 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe:*:Enabled:SSL Network Extender Service
[2008/04/13 18:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore
[2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer
[2008/04/13 18:12:24 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Professional
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}"=Serif PhotoPlus 6.0
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{09ebf106-5b48-4975-a0a9-5bf62bf17276}"=Check Point SSL Network Extender Service
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}"=FW LiveUpdate
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{24ED4D80-8294-11D5-96CD-0040266301AD}"=FinePixViewer Ver.4.3
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{3466a026-f6b6-4df5-a1e3-2354f5deff1b}"=Check Point Deployment Shell
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3F9B2FD2-1C83-4401-9967-C3636638E958}"=Adobe SING CS3
"{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}"=StuffIt Standard
"{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}"=TaxCut Premium 2007
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}"=InterVideo DeviceService
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{5490882C-6961-11D5-BAE5-00E0188E010B}"=FUJIFILM USB Driver
"{56B8B892-317E-4FDE-9E4D-44B189848A27}"=Adobe Setup
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1"=Moyea FLV Player version 1.5.2.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{848AC794-8B81-440A-81AE-6474337DB527}"=Symantec AntiVirus
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B53422A7-10EC-4156-BCF3-550E82D4F363}"=OrangeWare USB2.0 Driver
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}"=Adobe InDesign CS3
"{CCC4E428-411E-4605-B515-317D50ABD477}"=Ulead DVD MovieFactory 6
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D680C913-5955-469D-9D88-C1940F7506D6}"=RAW FILE CONVERTER LE
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}"=LightScribe 1.4.124.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}"=Eraser
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5"=Adobe InDesign CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"BitZip"=BitZip (remove only)
"CCleaner"=CCleaner (remove only)
"Data Viewer_is1"=Data Viewer 3.1.6.8
"Enable S3 for USB Device"=Enable S3 for USB Device
"Eraser"=Eraser
"Ewisoft Website Builder (include eCommerce Builder)_is1"=Ewisoft Website Builder (include eCommerce Builder)
"Free RAR Extract Frog 1.00"=Free RAR Extract Frog 1.00
"HijackThis"=HijackThis 2.0.2
"hp deskjet 960c series"=hp deskjet 960c series (Remove only)
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}"=StuffIt Standard
"InstallShield_{CCC4E428-411E-4605-B515-317D50ABD477}"=Ulead DVD MovieFactory 6
"IrfanView"=IrfanView (remove only)
"LiveUpdate"=LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mozilla Firefox (2.0.0.18)"=Mozilla Firefox (2.0.0.18)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MVApplication1"=Memorex exPressit Label Design Studio
"Nero - Burning Rom!UninstallKey"=Nero OEM
"NeroVision!UninstallKey"=NeroVision Express 2
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NMPUninstallKey"=Nero Media Player
"Recover My Files_is1"=Recover My Files
"Security Task Manager"=Security Task Manager 1.7e
"VN_VUIns_Rhine_VIA"=VIA Rhine-Family Fast Ethernet Adapter
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger"=Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2008 3:42:17 PM | Computer Name = MIKE1 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Zlob in File: C:\Documents and Settings\mike\Application
Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-03-2008 -
20-12-41\{E6D9AA15-5CE6-4F5E-ACE8-E97EAD68E943} by: Auto-Protect scan. Action:
Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description:
The file was deleted successfully.

Error - 12/13/2008 3:42:17 PM | Computer Name = MIKE1 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Fakeavalert in File: C:\Documents and
Settings\mike\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine
- 04-03-2008 - 20-12-41\{ED671E09-0EC7-403D-9C0A-711B87DD88CA} by: Auto-Protect
scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied.
Action Description: The file was deleted successfully.

Error - 12/13/2008 3:42:17 PM | Computer Name = MIKE1 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Zlob in File: C:\Documents and Settings\mike\Application
Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-03-2008 -
20-12-41\{FD573599-BC1E-4A97-A82C-50C238B2A896} by: Auto-Protect scan. Action:
Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description:
The file was deleted successfully.

Error - 12/13/2008 8:20:08 PM | Computer Name = MIKE1 | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2008 8:20:09 PM | Computer Name = MIKE1 | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2008 8:21:01 PM | Computer Name = MIKE1 | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.23.0.1006, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/14/2008 2:50:08 AM | Computer Name = MIKE1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/16/2008 7:41:16 PM | Computer Name = MIKE1 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Bloodhound.Exploit.196 in File: C:\Documents
and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\2DAR0LQN\file[1].pdf
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 12/18/2008 12:27:11 PM | Computer Name = MIKE1 | Source = Application Error | ID = 1000
Description = Faulting application fwmanager.exe, version 2.0.2.2, faulting module
fwmanager.exe, version 2.0.2.2, fault address 0x00035afd.

Error - 12/24/2008 2:55:38 PM | Computer Name = MIKE1 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Bloodhound.Exploit.196 in File: C:\Documents
and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\4PM3G96J\pdf[1].pdf
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

[ System Events ]
Error - 12/14/2008 2:00:29 PM | Computer Name = MIKE1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/14/2008 2:01:14 PM | Computer Name = MIKE1 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 12/14/2008 2:01:14 PM | Computer Name = MIKE1 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 12/14/2008 2:01:14 PM | Computer Name = MIKE1 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 12/14/2008 2:01:14 PM | Computer Name = MIKE1 | Source = Service Control Manager | ID = 7001
Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends
on the TCP/IP Protocol Driver service which failed to start because of the following
error: %%31

Error - 12/14/2008 2:01:14 PM | Computer Name = MIKE1 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 12/14/2008 2:01:14 PM | Computer Name = MIKE1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK7 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SAVRT SYMTDI Tcpip WS2IFSL

Error - 12/14/2008 2:01:57 PM | Computer Name = MIKE1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/24/2008 3:28:10 PM | Computer Name = MIKE1 | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer hp deskjet 960c share name
color.

Error - 12/26/2008 12:09:53 PM | Computer Name = MIKE1 | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer hp deskjet 960c share name
color.


< End of report >




========== REGISTRY ==========
Unable to delete registry key HKEY_CLASSES_ROOT\CLSID\{22ef8ba1-a18c-4ad3-ad84-01b95b581c5c}\\ .
Unable to delete registry key HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}\\ .
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_114.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12262008_144006

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_114.dat not found!

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 PM

Posted 26 December 2008 - 05:27 PM

Hello.

Log looks good.

OTMoveIT says unable to delete, but you said MBAM and SAS didn't find anything thing, so it's probably removed already.

One online scan to make sure everything is okay. :thumbsup:

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Post back with:
-kaspersky scan
-New OTViewIT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 mjm044

mjm044
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:evergreen park
  • Local time:10:01 PM

Posted 27 December 2008 - 03:11 PM

Thanks for your help....All the scans are good, job well done.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 PM

Posted 27 December 2008 - 05:08 PM

Thanks for your help....All the scans are good, job well done.

Glad the scan came up clean.

So are you going to post back with the new OTViewIT logs??

Please post those back so I can see if there's anything else that needs to be addressed.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 PM

Posted 02 January 2009 - 10:39 AM

Hi.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding. :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 PM

Posted 07 January 2009 - 03:38 PM

Hello.

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users