Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

test.exe / virtumonde?


  • This topic is locked This topic is locked
9 replies to this topic

#1 peteaus

peteaus

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 01 February 2009 - 09:03 PM

Hi all,

having a few problems with computer here.. spybot is showing a clean scan after having removed a trojan that appeared (i think it was either vundo or virtu)

checking the spybot logs ive seen hundreds of entries of 'test.exe' being executed and stopped by spybot, but keeps popping up

anyway, here are my hijack logs, hopefully something shows up in there that will help!

thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:34 AM, on 02-Feb-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Test.exe
P:\Test.exe
P:\Test.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
P:\Test.exe
C:\Test.exe
C:\Program Files\sqldbatips\SQL2005 Service Manager\SQL2005 Service Manager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
P:\Test.exe
C:\Documents and Settings\Peter\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Test2] D:\Test.exe
O4 - HKLM\..\Run: [Test3] P:\Test.exe
O4 - HKLM\..\Run: [Test1] C:\Test.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Test2] D:\Test.exe
O4 - HKCU\..\Run: [Test3] P:\Test.exe
O4 - HKCU\..\Run: [Test1] C:\Test.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD3637] cmd.exe /c del "C:\WINDOWS\system32\gpresult.exe_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SQL2005 Service Manager.lnk = C:\Program Files\sqldbatips\SQL2005 Service Manager\SQL2005 Service Manager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8BA97C7-B953-4338-9CE5-7A483A6247A9}: NameServer = 203.21.20.20,203.10.1.9
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5565 bytes

BC AdBot (Login to Remove)

 


#2 peteaus

peteaus
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 01 February 2009 - 11:24 PM

OTviewit scans


OTViewIt logfile created on: 02-Feb-2009 13:21:13 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Peter\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd-MMM-yyyy

1.94 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 80.93% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): P:\pagefile.sys 2974 2974;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 8.02 Gb Total Space | 2.30 Gb Free Space | 28.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 74.53 Gb Total Space | 25.86 Gb Free Space | 34.70% Space Free | Partition Type: NTFS

Computer Name: PETE
Current User Name: Peter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

========== Processes ==========

[2007-11-14 22:46:00 | 00,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
[2005-03-09 04:33:28 | 00,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
[2004-04-01 10:52:06 | 01,368,064 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
[2006-04-14 08:07:20 | 28,933,976 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
[2008-03-15 13:14:22 | 00,069,632 | RHS- | M] (Computer Vocational Center) -- C:\Test.exe
[2008-03-15 13:14:22 | 00,069,632 | RHS- | M] (Computer Vocational Center) -- P:\Test.exe
[2008-03-15 13:14:22 | 00,069,632 | RHS- | M] (Computer Vocational Center) -- P:\Test.exe
[2008-03-15 13:14:22 | 00,069,632 | RHS- | M] (Computer Vocational Center) -- C:\Test.exe
[2007-01-19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
[2007-04-04 09:52:06 | 00,094,208 | ---- | M] (sqldbatips.com) -- C:\Program Files\sqldbatips\SQL2005 Service Manager\SQL2005 Service Manager.exe
[2002-09-20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
[2006-04-14 08:05:58 | 00,240,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2009-02-02 11:47:59 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007-10-24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007-10-24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007-11-14 22:46:00 | 00,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize [Auto | Running])
[2006-04-14 08:07:20 | 28,933,976 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$PANELSQL [Auto | Running])
[2005-10-14 01:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
[2006-10-26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006-10-26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004-10-07 23:24:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE -- (Pml Driver HPZ12 [Disabled | Stopped])
[2002-09-20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
[2006-04-14 08:05:58 | 00,240,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
[2006-04-14 11:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
[2007-01-19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

========== Driver Services ==========

[2004-04-08 08:41:38 | 00,116,176 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2004-05-08 11:21:44 | 00,035,840 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2004-08-03 22:58:30 | 00,207,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dot4.sys -- (Dot4 [On_Demand | Stopped])
[2001-08-17 14:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2004-12-16 14:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])
[2006-02-28 21:00:00 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gagp30kx.sys -- (gagp30kx [Boot | Running])
[2006-02-02 10:58:27 | 00,460,800 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock [Auto | Stopped])
[2002-09-21 11:53:34 | 00,235,100 | ---- | M] (Analog Devices Inc) -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn [On_Demand | Stopped])
[2004-08-14 11:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2006-02-28 21:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007-11-13 19:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004-04-27 10:49:56 | 00,381,056 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
[2004-06-07 17:26:56 | 00,266,880 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2001-08-17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2008-12-03 19:58:51 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2005-05-19 15:55:12 | 00,227,200 | R--- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Running])
[2005-04-27 12:22:40 | 00,060,928 | R--- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid [Boot | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com.au/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-790525478-688789844-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com.au/

[HKEY_USERS\S-1-5-21-790525478-688789844-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-790525478-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime File not found
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
"Test1"=C:\Test.exe (Computer Vocational Center)
"Test2"=D:\Test.exe File not found
"Test3"=P:\Test.exe (Computer Vocational Center)
"VTTimer"=VTTimer.exe (S3 Graphics, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (Alcohol Soft Development Team)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"Test1"=C:\Test.exe (Computer Vocational Center)
"Test2"=D:\Test.exe File not found
"Test3"=P:\Test.exe (Computer Vocational Center)

[HKEY_USERS\S-1-5-21-790525478-688789844-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (Alcohol Soft Development Team)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"Test1"=C:\Test.exe (Computer Vocational Center)
"Test2"=D:\Test.exe File not found
"Test3"=P:\Test.exe (Computer Vocational Center)

========== (O4) RunOnce Keys ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD3637"=cmd.exe /c del "C:\WINDOWS\system32\gpresult.exe_old" (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-790525478-688789844-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD3637"=cmd.exe /c del "C:\WINDOWS\system32\gpresult.exe_old" (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2008-04-23 04:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2007-04-04 09:52:06 | 00,094,208 | ---- | M] (sqldbatips.com) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SQL2005 Service Manager.lnk = C:\Program Files\sqldbatips\SQL2005 Service Manager\SQL2005 Service Manager.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoPropertiesMyDocuments"=0
"Nodrives"=0
"NoPrinters"=0
"NoSMHelp"=0
"NoPropertiesMyComputer"=0
"NoViewOnDrive"=0
"LockTaskbar"=0
"NoPropertiesRecycleBin"=0
"NoSharedDocuments"=0
"NoSetaskbar"=0
"NoAddPrinter"=0
"NoDeletePrinter"=0
"NoPrinterTabs"=0
"NoNetHood"=0
"NoSimpleStartMenu"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"Nofolderoptions"=0
"NoClose"=0
"NoSetFolders"=0
"NoControlPanel"=0
"NoRun"=0
"NoFind"=0
"NoDesktop"=0
"StartMenuLogoff"=0
"NoTrayContextMenu"=0
"NoViewContextMenu"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun]
"Kim Chanchariya"=C:\WINDOWS\regedit.exe -- [2006-02-28 21:00:00 | 00,146,432 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0
"NoDispSettingsPage"=0
"NoDispAppearancePage"=0
"NoDispScrSavPage"=0
"NoDispBackgroundPage"=0
"NoDispcpl"=0
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-790525478-688789844-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\S-1-5-21-790525478-688789844-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun]
"Kim Chanchariya"=C:\WINDOWS\regedit.exe -- [2006-02-28 21:00:00 | 00,146,432 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-790525478-688789844-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0
"NoDispSettingsPage"=0
"NoDispAppearancePage"=0
"NoDispScrSavPage"=0
"NoDispBackgroundPage"=0
"NoDispcpl"=0
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE File not found

[HKEY_USERS\S-1-5-21-790525478-688789844-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008-06-10 05:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- P:\Microsoft Office\Office12\REFIEBAR.DLL [2006-10-26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006-10-10 21:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004-10-14 01:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004-10-14 01:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008-06-10 05:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> P:\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004-10-14 01:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008-06-10 05:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004-10-14 01:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008-06-10 05:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004-10-14 01:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-790525478-688789844-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008-06-10 05:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> P:\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004-10-14 01:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-790525478-688789844-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{33564D57-0000-0010-8000-00AA00389B71}: http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{B8BA97C7-B953-4338-9CE5-7A483A6247A9} (Servers: 203.21.20.20,203.10.1.9 | Description: VIA Rhine II Fast Ethernet Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
WgaLogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006-02-01 16:59:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf [[autorun] | open=Test.exe | shellexecute=Test.exe | shell\Auto\command=Test.exe | shell=Auto[autorun] | open=Test.exe | shellexecute=Test.exe | shell\Auto\command=Test.exe | shell=Auto[autorun] | open=Test.exe | shellexecute=Test.exe | shell\Auto\command=Test.exe | shell=Auto | ]
[2009-02-02 11:26:19 | 00,000,264 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]

autorun.inf [[autorun] | open=Test.exe | shellexecute=Test.exe | shell\Auto\command=Test.exe | shell=Auto | ]
[2009-02-02 11:26:19 | 00,000,088 | RHS- | M] () -- P:\autorun.inf -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ea89a1b-2d26-11dd-b62e-0013d4ef78a9}\Shell\Auto\command]
""=E:\Test.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ea89a1b-2d26-11dd-b62e-0013d4ef78a9}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ea89a1b-2d26-11dd-b62e-0013d4ef78a9}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2007-10-26 12:34:01 | 08,460,288 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[12 C:\WINDOWS\*.tmp files]
[2009-02-02 13:12:30 | 00,130,679 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\DSCF1030 (Large).jpg
[2009-02-02 11:47:44 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Peter\Desktop\OTViewIt.exe
[2009-02-02 11:26:16 | 00,000,264 | RHS- | C] () -- C:\autorun.inf
[2009-02-02 11:22:54 | 00,053,248 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2009-02-02 11:21:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009-02-02 11:19:50 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009-02-02 11:19:43 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009-02-02 11:19:35 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009-02-02 11:14:30 | 00,286,720 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-02-02 11:14:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-02-02 11:14:30 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-02-02 11:14:30 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-02-02 11:14:30 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009-02-02 11:14:30 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-02-02 11:14:30 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-02-02 11:14:30 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009-02-02 11:14:30 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-02-02 11:14:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-02-02 11:14:23 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-02-02 11:14:22 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009-02-02 11:14:21 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF22431.exe
[2009-02-02 11:12:03 | 03,307,596 | R--- | C] () -- C:\Documents and Settings\Peter\Desktop\ComboFix.exe
[2009-02-02 09:33:46 | 00,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009-01-28 19:16:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Desktop\backups
[2009-01-28 19:11:41 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Peter\Desktop\HiJackThis.exe
[2009-01-28 18:00:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009-01-28 18:00:30 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009-01-28 18:00:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Application Data\SUPERAntiSpyware.com
[2009-01-28 17:09:52 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009-01-28 17:09:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009-01-28 16:55:52 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Peter\Desktop\spybotsd162.exe
[2009-01-28 09:08:54 | 00,143,135 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\DSCF1023 (Large).jpg
[2009-01-28 09:08:53 | 00,146,745 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\DSCF1024 (Large).jpg
[2009-01-28 09:08:51 | 00,124,142 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\DSCF1022 (Large).jpg
[2009-01-27 08:38:51 | 00,069,632 | RHS- | C] (Computer Vocational Center) -- C:\Test.exe
[2009-01-27 08:34:10 | 00,000,000 | ---D | C] -- C:\.ScratchLIVEBackup
[2009-01-23 16:08:56 | 00,000,723 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Server Query.lnk
[2009-01-23 16:08:55 | 00,000,000 | ---D | C] -- C:\Program Files\Server Query
[2009-01-23 16:08:29 | 00,213,555 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\SQ-v1.94.02-beta-setup.exe
[2009-01-23 11:08:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Desktop\uncle d pic
[2009-01-21 14:29:16 | 00,044,503 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\steve.jpg
[2009-01-21 14:05:06 | 00,151,686 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\R_SJLF09_PER_PT_HORI.pdf
[2009-01-19 16:47:03 | 00,010,199 | ---- | C] () -- C:\Copy of QUOTES.xlsx
[2009-01-19 09:58:51 | 00,213,165 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\ALL MEMBERS State Awards - Adjustment to Allowances 061108.pdf
[2009-01-14 13:24:20 | 00,013,464 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\picture.JPG
[2009-01-12 12:35:57 | 00,002,397 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\stinvoice.pdf
[2009-01-05 12:38:52 | 00,031,929 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Authority to Collect and Disclose Credit.pdf
[2009-01-05 12:31:21 | 00,048,635 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\RAC Personal Finance Application Form.pdf
[2009-01-05 12:30:29 | 00,048,635 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\Personal%20Application%20Form.pdf
[2008-12-30 15:14:54 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\Shortcut (2) to Heroes - 03x07 - Eris Quod Sum [5.1, 720p].vob.lnk
[2008-12-30 15:14:54 | 00,000,601 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\Shortcut (2) to Heroes - 03x08 - Villains [5.1, 720p].vob.lnk
[2008-12-30 15:14:45 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\Shortcut to Heroes - 03x07 - Eris Quod Sum [5.1, 720p].vob.lnk
[2008-12-30 15:14:45 | 00,000,601 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\Shortcut to Heroes - 03x08 - Villains [5.1, 720p].vob.lnk
[2008-12-30 14:59:47 | 00,130,596 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\DSCF0846 (Large).jpg
[2008-12-30 14:59:47 | 00,120,585 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\DSCF0845 (Large).jpg
[2008-12-30 14:59:47 | 00,099,247 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\DSCF0847 (Large).jpg
[2008-12-30 14:59:47 | 00,092,801 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\DSCF0848 (Large).jpg
[2008-12-30 14:59:47 | 00,091,426 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\DSCF0849 (Large).jpg
[2008-12-30 14:59:47 | 00,081,476 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\DSCF0850 (Large).jpg
[2008-12-16 12:12:56 | 00,002,006 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\air con for G & L Kidson.eml
[2008-12-15 12:08:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Desktop\PN
[2008-12-12 08:45:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter\My Documents\Alcohol 120%
[2008-12-05 17:54:38 | 00,000,000 | ---D | C] -- C:\Program Files\Haali
[2008-12-05 17:54:29 | 00,000,000 | ---D | C] -- C:\Program Files\CoreCodec
[2008-12-05 15:11:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Application Data\U3
[2008-12-03 20:03:47 | 00,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2008-12-03 19:58:50 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-12-03 18:29:19 | 00,070,135 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\camelot.JPG
[2008-12-03 16:03:22 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2008-12-01 16:07:59 | 00,000,000 | ---D | C] -- C:\Program Files\Amazon
[2008-11-13 13:20:46 | 00,058,030 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\untitled.JPG
[2008-11-11 12:39:09 | 00,036,072 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\invoice1.JPG

========== Files - Modified Within 90 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[12 C:\WINDOWS\*.tmp files]
[2009-02-02 13:12:30 | 00,130,679 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\DSCF1030 (Large).jpg
[2009-02-02 11:47:59 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter\Desktop\OTViewIt.exe
[2009-02-02 11:35:50 | 00,000,456 | ---- | M] () -- C:\WINDOWS\MYOBP.INI
[2009-02-02 11:35:44 | 00,000,042 | ---- | M] () -- C:\WINDOWS\MYOB.INI
[2009-02-02 11:31:37 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-02-02 11:31:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-02-02 11:31:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-02-02 11:26:37 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-02-02 11:26:19 | 00,000,264 | RHS- | M] () -- C:\autorun.inf
[2009-02-02 11:25:55 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-02-02 11:22:54 | 00,053,248 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2009-02-02 11:19:50 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009-02-02 11:14:17 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF22431.exe
[2009-02-02 11:14:04 | 03,307,596 | R--- | M] () -- C:\Documents and Settings\Peter\Desktop\ComboFix.exe
[2009-02-02 10:34:16 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\My Sharing Folders.lnk
[2009-02-02 09:33:46 | 00,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009-01-30 13:39:57 | 00,010,199 | ---- | M] () -- C:\Copy of QUOTES.xlsx
[2009-01-28 19:11:53 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Peter\Desktop\HiJackThis.exe
[2009-01-28 17:16:31 | 00,291,684 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090128-172811.backup
[2009-01-28 17:06:47 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Peter\Desktop\spybotsd162.exe
[2009-01-28 09:08:55 | 00,143,135 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\DSCF1023 (Large).jpg
[2009-01-28 09:08:53 | 00,146,745 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\DSCF1024 (Large).jpg
[2009-01-28 09:08:51 | 00,124,142 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\DSCF1022 (Large).jpg
[2009-01-27 14:08:32 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlexiQuote VNC.lnk
[2009-01-27 14:08:32 | 00,000,649 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PanelSQL.lnk
[2009-01-27 14:05:06 | 00,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SQL2005 Service Manager.lnk
[2009-01-27 14:03:19 | 00,004,328 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009-01-27 09:12:36 | 00,000,083 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009-01-23 16:08:56 | 00,000,723 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Server Query.lnk
[2009-01-23 16:08:47 | 00,213,555 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\SQ-v1.94.02-beta-setup.exe
[2009-01-22 08:47:15 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-01-21 14:29:17 | 00,044,503 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\steve.jpg
[2009-01-21 14:05:13 | 00,151,686 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\R_SJLF09_PER_PT_HORI.pdf
[2009-01-19 09:59:00 | 00,213,165 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\ALL MEMBERS State Awards - Adjustment to Allowances 061108.pdf
[2009-01-14 13:24:20 | 00,013,464 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\picture.JPG
[2009-01-13 09:01:29 | 00,109,056 | ---- | M] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-01-12 13:08:14 | 00,002,397 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\stinvoice.pdf
[2009-01-09 17:35:30 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-01-09 12:42:44 | 00,000,666 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\EasyCars.lnk
[2009-01-07 10:43:21 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-01-05 12:38:53 | 00,031,929 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Authority to Collect and Disclose Credit.pdf
[2009-01-05 12:31:22 | 00,048,635 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\RAC Personal Finance Application Form.pdf
[2009-01-05 12:30:29 | 00,048,635 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\Personal%20Application%20Form.pdf
[2008-12-30 15:14:54 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\Shortcut (2) to Heroes - 03x07 - Eris Quod Sum [5.1, 720p].vob.lnk
[2008-12-30 15:14:54 | 00,000,601 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\Shortcut (2) to Heroes - 03x08 - Villains [5.1, 720p].vob.lnk
[2008-12-30 15:14:45 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\Shortcut to Heroes - 03x07 - Eris Quod Sum [5.1, 720p].vob.lnk
[2008-12-30 15:14:45 | 00,000,601 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\Shortcut to Heroes - 03x08 - Villains [5.1, 720p].vob.lnk
[2008-12-30 14:59:47 | 00,130,596 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\DSCF0846 (Large).jpg
[2008-12-30 14:59:47 | 00,120,585 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\DSCF0845 (Large).jpg
[2008-12-30 14:59:47 | 00,099,247 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\DSCF0847 (Large).jpg
[2008-12-30 14:59:47 | 00,092,801 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\DSCF0848 (Large).jpg
[2008-12-30 14:59:47 | 00,091,426 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\DSCF0849 (Large).jpg
[2008-12-30 14:59:47 | 00,081,476 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\DSCF0850 (Large).jpg
[2008-12-16 12:12:56 | 00,002,006 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\air con for G & L Kidson.eml
[2008-12-13 15:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008-12-13 15:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008-12-11 20:57:21 | 00,333,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv.sys
[2008-12-11 20:57:21 | 00,333,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008-12-03 19:58:51 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-12-03 18:29:19 | 00,070,135 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\camelot.JPG
[2008-11-17 09:20:30 | 00,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008-11-13 13:20:46 | 00,058,030 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\untitled.JPG
[2008-11-11 12:39:09 | 00,036,072 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\invoice1.JPG
[2008-11-07 18:32:20 | 02,109,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WMVCore.dll
[2008-11-07 18:32:20 | 02,109,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMVCore.dll
[2008-11-05 15:28:56 | 00,474,078 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008-11-05 15:28:55 | 00,089,354 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008-11-05 15:28:52 | 00,573,264 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
< End of report >



OTViewIt Extras logfile created on: 02-Feb-2009 13:21:13 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Peter\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd-MMM-yyyy

1.94 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 80.93% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): P:\pagefile.sys 2974 2974;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 8.02 Gb Total Space | 2.30 Gb Free Space | 28.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 74.53 Gb Total Space | 25.86 Gb Free Space | 34.70% Space Free | Partition Type: NTFS

Computer Name: PETE
Current User Name: Peter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006-02-28 21:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006-10-10 21:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007-01-19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007-01-04 17:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006-02-28 21:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006-10-27 16:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation) -- P:\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2006-10-10 21:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007-01-19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007-01-04 17:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2005-04-18 07:08:10 | 03,112,960 | ---- | M] () -- C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek
[2002-10-07 23:08:12 | 00,905,216 | ---- | M] () -- P:\q\3.exe:*:Enabled:3
[2009-01-05 09:16:08 | 38,912,000 | ---- | M] (Jeal Computer Services Pty Ltd) -- C:\Program Files\EasyCars\EasyCars.exe:*:Enabled:EasyCars 2000 for Windows
[2006-04-14 08:07:20 | 28,933,976 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:*:Enabled:(FlexiQuote) SQL Server
[2009-01-22 13:42:16 | 01,845,760 | ---- | M] (Cinix 1 Pty Ltd) -- P:\FlexiQuote\Panel32\Panel32.exe:*:Enabled:(FlexiQuote) FlexiQuote Program
[2008-12-10 06:57:34 | 00,055,808 | ---- | M] (Cinix 1 Pty Ltd) -- P:\FlexiQuote\Panel32\PanelWeb.exe:*:Enabled:(FlexiQuote) PanelWEB Program
[2008-04-14 16:39:00 | 15,503,008 | ---- | M] () -- P:\Premier 11\Myobp.exe:*:Enabled:MYOB Premier
[2008-08-07 14:43:38 | 20,287,136 | ---- | M] () -- P:\Premier12\Myobp.exe:*:Enabled:MYOB Premier
[2009-01-09 07:13:02 | 00,054,272 | ---- | M] (Cinix 1 Pty Ltd) -- P:\FlexiQuote\Panel32\PNETWeb.exe:*:Enabled:(FlexiQuote) PNET Program
[2008-05-13 10:28:56 | 00,028,672 | ---- | M] (Sterling Commerce) -- P:\FlexiQuote\Panel32\Tranagnt.exe:*:Enabled:(FlexiQuote) ORM Transfer Agent

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006-10-26 20:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007-01-19 13:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006-10-26 20:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006-10-26 20:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006-10-26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007-01-19 13:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006-02-28 21:00:00 | 00,844,314 | ---- | M] () C:\WINDOWS\system32\msdxm.ocx (vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} (HKLM) [AsyncPProt Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006-10-26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1CB92574-96F2-467B-B793-5CEB35C40C29}"=Image Resizer Powertoy for Windows XP
"{20D4A895-748C-4D88-871C-FDB1695B0169}"=Platform
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}"=Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}"=Microsoft SQL Server 2005 Express Edition (PANELSQL)
"{2B43252C-A1E3-4C47-927C-9F2C276D3515}"=S3GSetup
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3BDFCF84-67A3-4C52-A708-FDD4135CF64C}"=Scratch LIVE 1.8 (18048)
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}"=Microsoft SQL Server Setup Support Files (English)
"{56A27C76-F24A-49BD-BA67-A969ABF954B4}"=MYOB Premier v11
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{5B09BD67-4C99-46A1-8161-B7208CE18121}"=QuickTime
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}"=Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BD409B19-FAEA-4BBF-87C0-C683858EAAC5}"=MYOB Premier v12
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}"=Microsoft SQL Server VSS Writer
"{C151CE54-E7EA-4804-854B-F515368B0798}"=Athlon 64 Processor Driver
"{C71F2873-3229-4A9E-A2A2-F14DCBF63F56}"=MYOB ODBC Direct v7
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D1565BD9-6E66-4292-90C6-5FC70A98A428}"=MYOB ODBC Direct v8 AUS
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}"=Microsoft SQL Server Native Client
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}"=Folder Size for Windows
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"AudioShell_is1"=AudioShell 1.3.5
"Azureus Vuze"=Azureus Vuze
"CDex"=CDex extraction audio
"CoreAVC Professional Edition"=CoreAVC Professional Edition (remove only)
"CueListTool_is1"=CueListTool 1.7
"DVD Decrypter"=DVD Decrypter (Remove Only)
"EasyCars 2000_is1"=EasyCars 2000
"Foxit PDF Editor"=Foxit PDF Editor
"Foxit Reader"=Foxit Reader
"Glasses Guide Database_is1"=Glasses Guide Database
"HaaliMkx"=Haali Media Splitter
"Hardlock Device Driver"=Hardlock Device Driver
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}"=VIA Platform Device Manager
"InstallShield_{56A27C76-F24A-49BD-BA67-A969ABF954B4}"=MYOB Premier v11
"InstallShield_{BD409B19-FAEA-4BBF-87C0-C683858EAAC5}"=MYOB Premier v12
"InstallShield_{C71F2873-3229-4A9E-A2A2-F14DCBF63F56}"=MYOB ODBC Direct v7
"InstallShield_{D1565BD9-6E66-4292-90C6-5FC70A98A428}"=MYOB ODBC Direct v8 AUS
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005"=Microsoft SQL Server 2005
"mIRC"=mIRC
"Mixed In Key 3"=Mixed In Key 3
"Mixed In Key 4"=Mixed In Key 4
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey"=Nero Suite
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Nucleus Kernel for FAT and NTFS Demo_is1"=Nucleus Kernel for FAT and NTFS Demo ver 4.03
"Nucleus Kernel for FAT and NTFS_is1"=Nucleus Kernel for FAT and NTFS ver 4.03
"PanelSQL"=FlexiQuote PanelSQL v3.2.0.6
"Platinum Notes"=Platinum Notes 2.0
"PROPLUS"=Microsoft Office Professional Plus 2007
"Server Query"=Server Query
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"Smart WAV Converter_is1"=Smart WAV Converter
"Soulseek"=SoulSeek Client 156c
"Soulseek2"=SoulSeek Client 157 test 8
"Tag&Rename_is1"=Tag&Rename 3.4.6
"Tweak UI 2.10"=Tweak UI
"Ultra-Lite EasyCars_is1"=Ultra-Lite EasyCars
"VIA/S3G UniChrome Family Win2K/XP Display"=VIA/S3G Display Driver
"VLC media player"=VLC media player 0.9.2
"VN_VUIns_Rhine_VIA"=VIA Rhine-Family Fast Ethernet Adapter
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"WinRAR archiver"=WinRAR archiver
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01-Feb-2009 21:35:48 | Computer Name = PETE | Source = Application Error | ID = 1000
Description = Faulting application EasyCars.exe, version 4.2.0.126, faulting module
oleaut32.dll, version 5.1.2600.3266, fault address 0x00004d06.

Error - 01-Feb-2009 21:37:24 | Computer Name = PETE | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Program Files\EasyCars\EasyCars.exe
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program EasyCars 2000 for Windows because
of this error. Program: EasyCars 2000 for Windows File: C:\Program Files\EasyCars\EasyCars.exe

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 01-Feb-2009 21:37:28 | Computer Name = PETE | Source = Application Error | ID = 1000
Description = Faulting application EasyCars.exe, version 4.2.0.126, faulting module
oleaut32.dll, version 5.1.2600.3266, fault address 0x00004d06.

Error - 01-Feb-2009 21:39:51 | Computer Name = PETE | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Program Files\EasyCars\EasyCars.exe
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program EasyCars 2000 for Windows because
of this error. Program: EasyCars 2000 for Windows File: C:\Program Files\EasyCars\EasyCars.exe

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 01-Feb-2009 21:39:54 | Computer Name = PETE | Source = Application Error | ID = 1000
Description = Faulting application EasyCars.exe, version 4.2.0.126, faulting module
oleaut32.dll, version 5.1.2600.3266, fault address 0x00004d06.

Error - 01-Feb-2009 22:07:14 | Computer Name = PETE | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Program Files\EasyCars\EasyCars.exe
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program EasyCars 2000 for Windows because
of this error. Program: EasyCars 2000 for Windows File: C:\Program Files\EasyCars\EasyCars.exe

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 01-Feb-2009 22:07:23 | Computer Name = PETE | Source = Application Error | ID = 1000
Description = Faulting application EasyCars.exe, version 4.2.0.126, faulting module
oleaut32.dll, version 5.1.2600.3266, fault address 0x00004d06.

Error - 01-Feb-2009 22:34:46 | Computer Name = PETE | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.4.26, faulting module
teatimer.exe, version 1.6.4.26, fault address 0x0006e60e.

Error - 01-Feb-2009 22:47:16 | Computer Name = PETE | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Program Files\EasyCars\EasyCars.exe
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program EasyCars 2000 for Windows because
of this error. Program: EasyCars 2000 for Windows File: C:\Program Files\EasyCars\EasyCars.exe

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 01-Feb-2009 22:47:22 | Computer Name = PETE | Source = Application Error | ID = 1000
Description = Faulting application EasyCars.exe, version 4.2.0.126, faulting module
oleaut32.dll, version 5.1.2600.3266, fault address 0x00004d06.

[ Application Events ]
Error - 01-Feb-2009 21:35:48 | Computer Name = PETE | Source = Application Error | ID = 1000
Description = Faulting application EasyCars.exe, version 4.2.0.126, faulting module
oleaut32.dll, version 5.1.2600.3266, fault address 0x00004d06.

Error - 01-Feb-2009 21:37:24 | Computer Name = PETE | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Program Files\EasyCars\EasyCars.exe
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program EasyCars 2000 for Windows because
of this error. Program: EasyCars 2000 for Windows File: C:\Program Files\EasyCars\EasyCars.exe

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 01-Feb-2009 21:37:28 | Computer Name = PETE | Source = Application Error | ID = 1000
Description = Faulting application EasyCars.exe, version 4.2.0.126, faulting module
oleaut32.dll, version 5.1.2600.3266, fault address 0x00004d06.

Error - 01-Feb-2009 21:39:51 | Computer Name = PETE | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Program Files\EasyCars\EasyCars.exe
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program EasyCars 2000 for Windows because
of this error. Program: EasyCars 2000 for Windows File: C:\Program Files\EasyCars\EasyCars.exe

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 01-Feb-2009 21:39:54 | Computer Name = PETE | Source = Application Error | ID = 1000
Description = Faulting application EasyCars.exe, version 4.2.0.126, faulting module
oleaut32.dll, version 5.1.2600.3266, fault address 0x00004d06.

Error - 01-Feb-2009 22:07:14 | Computer Name = PETE | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Program Files\EasyCars\EasyCars.exe
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program EasyCars 2000 for Windows because
of this error. Program: EasyCars 2000 for Windows File: C:\Program Files\EasyCars\EasyCars.exe

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 01-Feb-2009 22:07:23 | Computer Name = PETE | Source = Application Error | ID = 1000
Description = Faulting application EasyCars.exe, version 4.2.0.126, faulting module
oleaut32.dll, version 5.1.2600.3266, fault address 0x00004d06.

Error - 01-Feb-2009 22:34:46 | Computer Name = PETE | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.4.26, faulting module
teatimer.exe, version 1.6.4.26, fault address 0x0006e60e.

Error - 01-Feb-2009 22:47:16 | Computer Name = PETE | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Program Files\EasyCars\EasyCars.exe
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program EasyCars 2000 for Windows because
of this error. Program: EasyCars 2000 for Windows File: C:\Program Files\EasyCars\EasyCars.exe

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 01-Feb-2009 22:47:22 | Computer Name = PETE | Source = Application Error | ID = 1000
Description = Faulting application EasyCars.exe, version 4.2.0.126, faulting module
oleaut32.dll, version 5.1.2600.3266, fault address 0x00004d06.

[ System Events ]
Error - 01-Feb-2009 22:07:14 | Computer Name = PETE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 01-Feb-2009 22:07:19 | Computer Name = PETE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 01-Feb-2009 22:07:56 | Computer Name = PETE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 01-Feb-2009 22:08:00 | Computer Name = PETE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 01-Feb-2009 22:25:23 | Computer Name = PETE | Source = Service Control Manager | ID = 7000
Description = The hardlock service failed to start due to the following error: %%1117

Error - 01-Feb-2009 22:33:08 | Computer Name = PETE | Source = Service Control Manager | ID = 7000
Description = The hardlock service failed to start due to the following error: %%1117

Error - 01-Feb-2009 22:47:08 | Computer Name = PETE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 01-Feb-2009 22:47:15 | Computer Name = PETE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 01-Feb-2009 22:47:30 | Computer Name = PETE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 01-Feb-2009 22:47:34 | Computer Name = PETE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:37 PM

Posted 02 February 2009 - 05:34 AM

Hi,

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.
After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
Doubleclick ResetTeaTimer.bat and let it run.
This will only take a few seconds.

Also,

I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 peteaus

peteaus
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 02 February 2009 - 08:03 PM

Hi.......!
thanks a lot for getting back to me, legend

i suppose it was a bit silly for me to not have any antivirus software, especially when you can get something good for free! never really had any problems up until now so didn't think i needed anything.

i've done a scan with avira - 23 viruses found, 15 deleted, here is the log:

Avira AntiVir Personal
Report file date: 2009-02-03 08:39

Scanning for 1309531 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PETE

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 2008-11-18 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-18 00:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-25 23:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 04:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-25 23:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 03:30:36
ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 2009-01-14 23:27:25
ANTIVIR2.VDF : 7.1.1.207 1359360 Bytes 2009-01-30 23:28:17
ANTIVIR3.VDF : 7.1.1.216 110592 Bytes 2009-02-02 23:28:22
Engineversion : 8.2.0.71
AEVDF.DLL : 8.1.1.0 106868 Bytes 2009-02-02 23:29:30
AESCRIPT.DLL : 8.1.1.39 344443 Bytes 2009-02-02 23:29:26
AESCN.DLL : 8.1.1.6 127348 Bytes 2009-02-02 23:29:21
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-04 05:58:38
AEPACK.DLL : 8.1.3.6 393589 Bytes 2009-02-02 23:29:18
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 2009-02-02 23:29:08
AEHEUR.DLL : 8.1.0.89 1569143 Bytes 2009-02-02 23:29:04
AEHELP.DLL : 8.1.2.0 119159 Bytes 2009-02-02 23:28:37
AEGEN.DLL : 8.1.1.12 328053 Bytes 2009-02-02 23:28:34
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 02:05:56
AECORE.DLL : 8.1.6.4 176501 Bytes 2009-02-02 23:28:27
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 02:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 00:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 01:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-07-31 04:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 03:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 00:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 04:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 09:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 04:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 04:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 05:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 05:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, P:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2009-02-03 08:39

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
Scan process 'SQL2005 Service Manager.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'Test.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Test.exe'
Scan process 'Test.exe' - '1' Module(s) have been scanned
Module is infected -> 'P:\Test.exe'
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Test.exe' - '1' Module(s) have been scanned
Module is infected -> 'P:\Test.exe'
Scan process 'Test.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Test.exe'
Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned
Scan process 'VTTimer.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'FolderSizeSvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'Test.exe' has been terminated
Process 'Test.exe' has been terminated
Process 'Test.exe' has been terminated
Process 'Test.exe' has been terminated
C:\Test.exe
[DETECTION] Contains recognition pattern of the WORM/Autorun.teq worm
[NOTE] The file was deleted!
P:\Test.exe
[DETECTION] Contains recognition pattern of the WORM/Autorun.teq worm
[NOTE] The file was deleted!

45 processes with 41 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'P:\'
[INFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '57' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\ComboFix\Tail.com
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Peter\Desktop\ComboFix.exe
[DETECTION] Is the TR/Murdak.A.31 Trojan
C:\Documents and Settings\Peter\Desktop\ComboFix.exe
[0] Archive type: RAR SFX (self extracting)
--> 32788R22FWJFW\Prep.com
[DETECTION] Is the TR/Dropper.Gen Trojan
--> 32788R22FWJFW\Tail.com
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
C:\Program Files\Java\jre1.6.0_07\lib\rt.jar
[0] Archive type: ZIP
--> com/sun/corba/se/impl/orb/ORBImpl.class
[WARNING] The file could not be read!
--> com/sun/corba/se/impl/presentation/rmi/IDLTypesUtil.class
[WARNING] The file could not be read!
C:\Program Files\Server Query\query.exe
[DETECTION] Is the TR/Agent.ECS Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{DA2FBFEF-4483-4925-9F51-203A8CE21835}\RP703\A0092050.com
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{DA2FBFEF-4483-4925-9F51-203A8CE21835}\RP705\A0095131.exe
[DETECTION] Contains recognition pattern of the WORM/Autorun.teq worm
[NOTE] The file was deleted!
C:\System Volume Information\_restore{DA2FBFEF-4483-4925-9F51-203A8CE21835}\RP705\A0095133.com
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{DA2FBFEF-4483-4925-9F51-203A8CE21835}\RP705\A0095134.exe
[DETECTION] Is the TR/Murdak.A.31 Trojan
C:\System Volume Information\_restore{DA2FBFEF-4483-4925-9F51-203A8CE21835}\RP705\A0095134.exe
[0] Archive type: RAR SFX (self extracting)
--> 32788R22FWJFW\Prep.com
[DETECTION] Is the TR/Dropper.Gen Trojan
--> 32788R22FWJFW\Tail.com
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{DA2FBFEF-4483-4925-9F51-203A8CE21835}\RP705\A0095135.exe
[DETECTION] Is the TR/Agent.ECS Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'P:\'
P:\autorun.inf
[DETECTION] Is the TR/Autorun.AEW Trojan
[NOTE] The file was deleted!
P:\pagefile.sys
[WARNING] The file could not be opened!
P:\System Volume Information\_restore{DA2FBFEF-4483-4925-9F51-203A8CE21835}\RP704\A0092059.inf
[DETECTION] Is the TR/Autorun.AEW Trojan
[NOTE] The file was deleted!
P:\System Volume Information\_restore{DA2FBFEF-4483-4925-9F51-203A8CE21835}\RP704\A0092070.inf
[DETECTION] Is the TR/Autorun.AEW Trojan
[NOTE] The file was deleted!
P:\System Volume Information\_restore{DA2FBFEF-4483-4925-9F51-203A8CE21835}\RP705\A0095132.exe
[DETECTION] Contains recognition pattern of the WORM/Autorun.teq worm
[NOTE] The file was deleted!
P:\System Volume Information\_restore{DA2FBFEF-4483-4925-9F51-203A8CE21835}\RP705\A0095136.inf
[DETECTION] Is the TR/Autorun.AEW Trojan
[NOTE] The file was deleted!


End of the scan: 2009-02-03 09:49
Used time: 1:10:19 Hour(s)

The scan has been done completely.

4656 Scanning directories
263088 Files were scanned
23 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
15 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
263063 Files not concerned
2018 Archives were scanned
4 Warnings
15 Notes








and here is the new HJT log....................

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:59, on 03-Feb-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\sqldbatips\SQL2005 Service Manager\SQL2005 Service Manager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Documents and Settings\Peter\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Test1] C:\Test.exe
O4 - HKLM\..\Run: [Test2] D:\Test.exe
O4 - HKLM\..\Run: [Test3] P:\Test.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Test2] D:\Test.exe
O4 - HKCU\..\Run: [Test3] P:\Test.exe
O4 - HKCU\..\Run: [Test1] C:\Test.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SQL2005 Service Manager.lnk = C:\Program Files\sqldbatips\SQL2005 Service Manager\SQL2005 Service Manager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8BA97C7-B953-4338-9CE5-7A483A6247A9}: NameServer = 203.21.20.20,203.10.1.9
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5294 bytes



many thanks again

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:37 PM

Posted 03 February 2009 - 02:20 AM

Hi,

never really had any problems up until now so didn't think i needed anything.

Ehm, wrong way of thinking.. You may want to read this:
http://miekiemoes.blogspot.com/2008/08/i-d...use-i-have.html

Anyway, remember to change all your passwords afterwards as well, because they are known.

Anyway, we're not finished yet, because leftovers may still be present.
Also, since you are dealing with a flashdrive infection, please do the following first as well..

* Download next removal tool to your desktop:
http://www.techsupportforum.com/sectools/s...Disinfector.exe
If you have any flashdrives being used previously, since this is a flashdrive infection, insert your flashdrive as well, because above tool will disinfect it as well.
Then doubleclick the Flash_Disinfector.exe to run the tool.
Your desktop and icons will disappear afterwards. This is normal.
When the tool has finished, reboot your computer.

Then, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..this because the scanners may delete some components Combofix uses. Please visit HERE if you don't know how.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 peteaus

peteaus
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 06 February 2009 - 06:50 PM

hi, just tried to download the flash scanner and it pops up with a virus!

WORM/generic. something
sorry for the late reply!

#7 peteaus

peteaus
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 06 February 2009 - 07:03 PM

ComboFix 09-02-06.01 - Administrator 2009-02-07 8:57:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1649 [GMT 8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.

2009-02-06 12:48 . 2009-02-06 12:48 <DIR> d-------- c:\program files\Avira
2009-02-06 12:48 . 2009-02-06 12:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-28 20:46 . 2009-01-28 20:46 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-28 20:46 . 2009-01-28 20:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-16 17:50 . 2009-01-16 17:50 <DIR> d-------- c:\program files\Serato

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 08:33 --------- d-----w c:\program files\Soulseek
2009-01-31 06:06 --------- d-----w c:\program files\Mixed In Key 4
2008-12-08 11:11 --------- d-----w c:\program files\Viewpoint
2008-12-08 11:11 --------- d-----w c:\program files\Common Files\AOL
2008-12-08 11:11 --------- d-----w c:\program files\AIM6
2008-12-08 11:11 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-08 11:11 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2008-12-08 11:11 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-08 11:11 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-08 11:11 --------- d-----w c:\documents and settings\Administrator\Application Data\acccore
2008-02-22 08:57 2,702,064 ----a-w c:\documents and settings\Administrator\backup.reg
.

------- Sigcheck -------

2006-08-06 20:00 360576 c7be59b07c6eb74bea6fd67c1b164015 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-20 7561216]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Resume copy"="copyfstq.exe" [2002-03-24 c:\windows\COPYFSTQ.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-18 2752512]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-16 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoPrinters"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"NoSetaskbar"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 14:51 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 oxfwlf;oxfwlf;c:\windows\system32\drivers\OxFWLF.sys [2008-04-13 12043]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-12-08 24652]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-02-16 36608]
R3 SeratoUsb;SeratoUsb driver;c:\windows\system32\drivers\SeratoUsb.sys [2008-02-16 35712]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2008-03-08 30976]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2008-02-16 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-02-16 808448]
S3 TTM57SLUsb;TTM 57SL USB driver;c:\windows\system32\drivers\TTM57SLUsb.sys [2008-03-20 34944]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SSMDRV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch REG_MULTI_SZ DcomLaunch

NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Schedule
Seclogon
SENS
Sharedaccess
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
wuauserv
ShellHWDetection
WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5820d841-f7f0-11dc-b0af-0013a9fae423}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-CTFMON.EXE - c:\windows\system32\CTFMON.EXE
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKCU-Run-Test1 - C:\Test.exe
HKCU-Run-Test2 - D:\Test.exe
HKCU-Run-Test3 - E:\Test.exe
HKCU-Run-Test4 - F:\Test.exe
HKCU-Run-Test5 - G:\Test.exe
HKCU-Run-Test6 - H:\Test.exe
HKCU-Run-Test7 - I:\Test.exe
HKCU-Run-Test8 - J:\Test.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-Test1 - C:\Test.exe
HKLM-Run-Test2 - D:\Test.exe
HKLM-Run-Test3 - E:\Test.exe
HKLM-Run-Test4 - F:\Test.exe
HKLM-Run-Test5 - H:\Test.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://bankwest.com.au/
TCP: {AFF4B565-7E0D-4CAD-9B3A-16AEA152A365} = 203.0.178.191
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uir8lzfa.default\
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uir8lzfa.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 08:58:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2009-02-07 8:59:19
ComboFix-quarantined-files.txt 2009-02-07 00:59:18

Pre-Run: 19,279,630,336 bytes free
Post-Run: 20,509,409,280 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

200

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:37 PM

Posted 07 February 2009 - 04:56 AM

Hi,

hi, just tried to download the flash scanner and it pops up with a virus!

WORM/generic. something

This is a false positive. Your Antivirus is flagging one of the command line tools like this.
So please download and run it.

Then, Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.


Then,

Download the following file: http://download.bleepingcomputer.com/sUBs/...SP2_netsvcs.zip
Unzip it.
Then doubleclick the XPSP2_netsvcs & allow it to merge into the Registry.

Then, I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Then, * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:37 PM

Posted 11 February 2009 - 07:29 AM

Still with us?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:37 PM

Posted 17 February 2009 - 09:52 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users