Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected malware on computer


  • This topic is locked This topic is locked
15 replies to this topic

#1 jeremycomp

jeremycomp

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 26 February 2009 - 10:36 PM

Our computer has started to run slow. Let me clarify. In Firefox (and I believe IE), pages will take a very long time to load, if they ever do, and hyperlinks seem to redirect you, most of the time to a Topeeka? website that looks similar to Google search results. Other computer function seems normal. At first Firefox 2 wouldn't update and AVG didn't seem to activate. For some reason I thought I would update both to the newer versions. (Firefox 3, AVG free 8)

I suspected malware, so I downloaded Spybot and HijackThis. Spybot installed fine, but the HijackThis file wouldn't install. The install just didn't do anything. When running Spybot, it also just didn't seem to even start.

For some unknown reason, after trying to install HijackThis in SafeMode and being unsuccessful, it installed today in regular startup. So I was able to get a log. For some reason, I think as of right now, the computer also seems to be working better. I also ran the DDS script. I decided to visit the BC website before doing anything more, and now I'm just trying my best to follow the forum malware removal guidelines. DDS is below and Attach is zipped.

Before coming here, I also tried running ComboFix. It successfully went through whatever it does but I didn't proceed with any action beyond the test. So I have a log from that as well.

Additionally, Windows wants to update to SP3 just as I'm doing this but I've held off so far.
By the way, I was losing hope and thinking it might be a reformat, but now I'm optimistic!

Thanks so much for any help!
Jeremy



DDS (Ver_09-02-01.01) - NTFSx86
Run by Home at 22:17:27.43 on Thu 02/26/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.479.86 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\update\update.exe
C:\Documents and Settings\Home\Desktop\Fixing Computer\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [VTTimer] VTTimer.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164593207515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\home\applic~1\mozilla\firefox\profiles\e8ouhqpb.default\
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

============= SERVICES / DRIVERS ===============

R0 ptpd;Disk Filter Driver;c:\windows\system32\drivers\ptpd.sys [2002-1-1 6656]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-24 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-24 27656]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-24 298264]
R2 Machnm32;Machnm32 Driver;c:\windows\system32\Machnm32.sys [2002-1-1 2304]
R3 PhnxVcd;PhnxVcd;c:\windows\system32\drivers\phnxvcd.sys [2002-1-1 36096]
R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;c:\windows\system32\drivers\wbms.sys [2004-12-7 36224]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\wbsd.sys [2004-12-7 27904]

=============== Created Last 30 ================

2009-02-26 21:47 <DIR> a-dshr-- C:\cmdcons
2009-02-26 21:42 161,792 a------- c:\windows\SWREG.exe
2009-02-26 21:42 98,816 a------- c:\windows\sed.exe
2009-02-26 21:39 <DIR> --d----- C:\SDFix
2009-02-26 21:11 <DIR> --d----- c:\program files\Trend Micro
2009-02-26 20:19 1,409 a------- c:\windows\QTFont.for
2009-02-26 20:19 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-25 23:01 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-24 22:27 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-24 22:27 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-24 22:27 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-24 22:27 <DIR> --d----- c:\program files\AVG
2009-02-24 22:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-24 21:23 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-02-24 21:21 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-02-24 21:21 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-02-22 13:26 5,162 a------- c:\windows\system32\uacinit.dll

==================== Find3M ====================

2009-01-05 17:33 3,751,995 a------- c:\windows\system32\GPhotos.scr
2005-04-03 04:11 0 a------- c:\docume~1\home\applic~1\wklnhst.dat

============= FINISH: 22:18:54.18 ===============

Attached Files


Edited by jeremycomp, 26 February 2009 - 10:42 PM.


BC AdBot (Login to Remove)

 


#2 jeremycomp

jeremycomp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 05 March 2009 - 10:10 AM

I mentioned this in the other thread, but here is more information. See attachments. Hopefully this will save some time.
AVG Alert: fastalert.hc
Spybot Search Results

Attached Files


Edited by jeremycomp, 05 March 2009 - 10:12 AM.


#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:17 AM

Posted 10 March 2009 - 05:23 PM

Hi jeremycomp,

Welcome to Bleeping Computer. I'm m0le and I will be helping you with your log. :thumbup2:

We apologise for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.
  • Please avoid changing anything on your computer (ie, downloading software) or taking unsupervised steps to remove any malware as this can make helping you much more difficult.
  • Please also try and reply regularly as long waits between instructions can make the fix much more difficult. I will bump the topic after 2 days without a reply and will close it on the third day.
So give me some time to go through your log and, in the meantime, let me know if you have already solved the issues or no longer need my help.

Thanks.
Posted Image
m0le is a proud member of UNITE

#4 jeremycomp

jeremycomp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 11 March 2009 - 07:53 AM

Thanks m0le!
I will try to help you by being as brief and quick as possible.
Jeremy

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:17 AM

Posted 11 March 2009 - 01:49 PM

Hi jeremycomp,

Your log looks fine but just to be sure we'll run a tool that can have a really good look.

First, let's update your Java.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 12.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Please also Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#6 jeremycomp

jeremycomp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 11 March 2009 - 07:37 PM

I wasn't sure if you wanted the text copied or the files as attachments. The files are so lengthy that I thought I'd put them up as attachments. Sorry if this isn't correct!

Also, I mentioned earlier that the newer AVG caught fastalert.hc. Not sure if you noticed that. I'm just not sure if there's anything that I would need to do in relation to that (besides AVG quarantine). I saw an expert mention she liked Avira over AVG. Would you recommend going to that instead of the newer version of AVG 8.0?

Also, go to XP SP3?

Thanks!

EDIT: Nevermind, see below.

OTViewIt logfile created on: 3/11/2009 8:16:49 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Home\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.36 Mb Total Physical Memory | 188.17 Mb Available Physical Memory | 39.25% Memory free
1.10 Gb Paging File | 0.90 Gb Available in Paging File | 81.86% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.68 Gb Total Space | 43.80 Gb Free Space | 61.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FROG
Current User Name: Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2009/02/24 23:27:05 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2009/03/11 20:09:24 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2007/12/06 18:20:56 | 01,024,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2004/11/09 22:27:00 | 00,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
[2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[2009/02/24 23:27:08 | 01,601,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2009/03/11 20:09:24 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2009/02/24 23:27:07 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2004/08/24 20:00:00 | 00,057,344 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe
[2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008/10/16 15:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/10/16 15:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2009/03/11 20:04:51 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2009/02/24 23:27:05 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/01/03 21:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2006/10/30 10:36:32 | 00,492,608 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2009/03/11 20:09:24 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2004/10/12 17:29:58 | 00,049,152 | ---- | M] (Phoenix Technologies Ltd.) -- C:\WINDOWS\system32\PhnxCDSvr.exe -- (PhnxVCDService [Disabled | Stopped])
[2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
[2004/08/24 20:00:00 | 00,057,344 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe -- (SLService [Auto | Running])
[2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services ==========

[2004/08/04 00:10:12 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2004/05/08 14:21:44 | 00,035,840 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2004/08/04 00:10:12 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2009/02/24 23:27:33 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2009/02/24 23:27:31 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2003/07/16 18:58:30 | 00,013,056 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd [System | Running])
[2001/08/17 08:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
[2004/11/09 22:08:00 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB [On_Demand | Running])
[2004/08/03 19:07:44 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\GAGP30KX.SYS -- (gagp30kx [Boot | Running])
[2006/09/19 16:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/07/08 00:55:01 | 00,051,088 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412 [On_Demand | Stopped])
[2005/07/08 00:55:01 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2005/07/08 00:55:01 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2004/09/10 02:30:56 | 00,212,096 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\M2500.sys -- (M2500 [On_Demand | Stopped])
[2003/08/13 03:27:00 | 00,002,304 | ---- | M] () -- C:\WINDOWS\system32\Machnm32.sys -- (Machnm32 [Auto | Running])
[2001/08/17 17:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
[2004/08/04 00:10:00 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2004/08/24 20:00:00 | 00,229,720 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Stopped])
[2004/08/24 20:00:00 | 01,395,376 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])
[2004/11/09 22:13:00 | 00,007,040 | ---- | M] (VIA Networking Technologies, Inc. ) -- C:\WINDOWS\system32\ntsim.sys -- (NTSIM [On_Demand | Stopped])
[2003/12/05 06:46:36 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/10/12 18:35:40 | 00,036,096 | R--- | M] (Phoenix Technologies Ltd.) -- C:\WINDOWS\system32\drivers\phnxvcd.sys -- (PhnxVcd [On_Demand | Running])
[2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/07/16 14:21:38 | 00,006,656 | ---- | M] (Phoenix Technologies Ltd.) -- C:\WINDOWS\system32\drivers\ptpd.sys -- (ptpd [Boot | Running])
[2008/07/31 18:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/24 20:00:00 | 00,014,520 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent [Boot | Running])
[2005/09/07 16:49:56 | 00,243,200 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500 [On_Demand | Running])
[2004/08/04 08:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/24 20:00:00 | 00,653,600 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr [On_Demand | Stopped])
[2004/08/24 20:00:00 | 00,100,240 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal [On_Demand | Stopped])
[2004/08/24 20:00:00 | 00,013,216 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup [On_Demand | Stopped])
[2007/12/06 18:41:42 | 00,220,032 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2007/11/16 11:30:32 | 00,026,912 | ---- | M] (RapidSolution Software AG) -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd [On_Demand | Stopped])
[2003/07/02 08:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [Boot | Running])
[2004/11/09 22:31:00 | 00,171,392 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Running])
[2006/10/09 14:58:48 | 00,203,648 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio [On_Demand | Running])
[2004/11/10 14:49:52 | 00,036,224 | ---- | M] (Winbond Electronics Corp.) -- C:\WINDOWS\system32\drivers\wbms.sys -- (WBMS [On_Demand | Running])
[2004/11/16 19:32:02 | 00,027,904 | ---- | M] (Winbond Electronics Corp.) -- C:\WINDOWS\system32\drivers\wbsd.sys -- (WBSD [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.averatec.com

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.averatec.com

[HKEY_USERS\S-1-5-21-3542780596-2817554143-1502406390-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-3542780596-2817554143-1502406390-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-3542780596-2817554143-1502406390-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3542780596-2817554143-1502406390-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1

========== (O1) Hosts File ==========

HOSTS File = (302562 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
10430 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3542780596-2817554143-1502406390-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3542780596-2817554143-1502406390-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3542780596-2817554143-1502406390-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
"VTTimer"=VTTimer.exe (S3 Graphics, Inc.)

========== (O4) Startup Folders ==========

[1999/02/17 16:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3542780596-2817554143-1502406390-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr [2009/01/05 18:33:03 | 03,751,995 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr [2009/01/05 18:33:03 | 03,751,995 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr [2009/01/05 18:33:03 | 03,751,995 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-3542780596-2817554143-1502406390-1006\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr [2009/01/05 18:33:03 | 03,751,995 | ---- | M] (Google Inc.)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre6\bin\npjpi160_12.dll [2009/03/11 20:09:24 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3542780596-2817554143-1502406390-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1164593207515 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_12
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_12
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_12
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{9B381F51-DACA-4DB8-8EF6-C6A5ACE636B6} (Servers: | Description: 1394 Net Adapter)
{B244D396-B2DB-4145-BE7D-54B89B8F8877} (Servers: | Description: 802.11g MiniPCI Wireless Network Adapter)
{E109FF44-5A6B-4F29-8436-11F7BFD51928} (Servers: | Description: VIA Rhine II Fast Ethernet Adapter)
{E505DEEB-5B4B-4FD6-8ED0-1D14E1568421} (Servers: | Description: )

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
avgrsstarter: "DllName" = avgrsstx.dll -- C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/12/07 05:20:14 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{971400ef-6804-11d9-b690-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{971400ef-6804-11d9-b690-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{971400ef-6804-11d9-b690-806d6172696f}\Shell\AutoRun\command]
""=D:\CDStart.Exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{971400ef-6804-11d9-b690-806d6172696f}\Shell\Install\Command]
""=C:\WINDOWS\system32\setup.exe -- [2004/08/04 08:00:00 | 00,023,040 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2009/03/11 20:04:46 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTViewIt.exe
[2009/03/11 20:04:06 | 16,278,936 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\jre-6u12-windows-i586-p.exe
[2009/02/28 20:58:04 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Home\My Documents\Power usage.xls
[2009/02/28 20:57:44 | 00,083,838 | ---- | C] () -- C:\Documents and Settings\Home\My Documents\Kill A Watt p4400_manual.pdf
[2009/02/27 14:18:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\sarah-please save
[2009/02/27 14:14:05 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/02/26 23:00:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/02/26 22:47:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\Fixing Computer
[2009/02/26 22:47:06 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/02/26 22:47:03 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/02/26 22:47:00 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/02/26 22:42:24 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/02/26 22:42:24 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/02/26 22:42:24 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/02/26 22:42:24 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/02/26 22:42:24 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/02/26 22:42:24 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/02/26 22:42:24 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/02/26 22:42:24 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/02/26 22:42:24 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/02/26 22:41:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/02/26 22:41:07 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/02/26 22:39:15 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/02/26 22:11:00 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/26 22:08:05 | 00,724,480 | ---- | C] () -- C:\Documents and Settings\Home\My Documents\Computer Settings.doc
[2009/02/26 20:44:17 | 50,271,4368 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/26 00:01:25 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/02/25 21:42:27 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/02/24 23:27:41 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/02/24 23:27:33 | 00,325,128 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/02/24 23:27:31 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/02/24 23:27:18 | 33,970,620 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/02/24 23:27:18 | 00,401,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/24 23:27:18 | 00,033,349 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/02/24 23:27:17 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/02/24 23:27:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/02/24 23:27:05 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/02/24 23:27:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/02/24 23:17:23 | 00,689,543 | ---- | C] () -- C:\Documents and Settings\Home\My Documents\bookmarks-2009-02-24.html
[2009/02/24 22:23:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/02/22 14:26:41 | 00,005,162 | ---- | C] () -- C:\WINDOWS\System32\uacinit.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2009/03/11 20:16:00 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/03/11 20:13:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/11 20:13:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/11 20:13:38 | 50,271,4368 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/11 20:07:54 | 16,278,936 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\jre-6u12-windows-i586-p.exe
[2009/03/11 20:04:51 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTViewIt.exe
[2009/03/11 11:55:08 | 33,970,620 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/03/11 11:55:08 | 00,033,349 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/04 23:12:19 | 00,302,562 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/04 22:02:21 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Home\My Documents\Power usage.xls
[2009/02/28 20:57:44 | 00,083,838 | ---- | M] () -- C:\Documents and Settings\Home\My Documents\Kill A Watt p4400_manual.pdf
[2009/02/26 22:58:04 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/26 22:47:06 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/02/26 22:26:26 | 00,005,162 | ---- | M] () -- C:\WINDOWS\System32\uacinit.dll
[2009/02/26 22:09:56 | 00,724,480 | ---- | M] () -- C:\Documents and Settings\Home\My Documents\Computer Settings.doc
[2009/02/26 21:48:58 | 00,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2009/02/26 21:19:18 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/25 21:42:27 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/02/24 23:29:11 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/24 23:27:41 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/02/24 23:27:33 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/02/24 23:27:31 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/02/24 23:27:18 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/02/24 23:15:04 | 00,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/24 23:13:57 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/23 23:02:16 | 00,689,543 | ---- | M] () -- C:\Documents and Settings\Home\My Documents\bookmarks-2009-02-24.html
[2009/02/11 21:56:18 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >









OTViewIt Extras logfile created on: 3/11/2009 8:16:49 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Home\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.36 Mb Total Physical Memory | 188.17 Mb Available Physical Memory | 39.25% Memory free
1.10 Gb Paging File | 0.90 Gb Available in Paging File | 81.86% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.68 Gb Total Space | 43.80 Gb Free Space | 61.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FROG
Current User Name: Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"MaxScriptStatements"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 08:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 08:00:00 | 00,815,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
[2006/10/30 10:36:32 | 15,338,560 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2004/08/04 08:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2006/02/05 16:26:30 | 00,200,704 | ---- | M] () -- C:\UT2004Demo\System\UT2004.exe:*:Enabled:UT2004
[2006/10/13 18:20:08 | 20,058,152 | ---- | M] () -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2009/02/24 23:27:08 | 01,032,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/12/22 08:38:40 | 00,081,920 | ---- | M] (Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} (HKLM) [CZipHandler Object])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 16:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 16:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 16:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"=PowerStarter
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}"=Java™ 6 Update 12
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}"=Virtual Earth 3D (Beta)
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}"=Google Earth
"{40BF1E83-20EB-11D8-97C5-0009C5020658}"=Power2Go 3.0
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}"=iTunes
"{49FC50FC-F965-40D9-89B4-CBFF80941033}"=Windows Movie Maker 2.0
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}"=QuickTime
"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}"=Photosmart 140,240,7200,7600,7700,7900 Series
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}"=msxml4
"{621FCD24-4498-4324-A81E-07D331376EDF}"=PixiePack Codec Pack
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}"=HP Photo and Imaging 2.0 - All-in-One Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{8364CB46-44D7-42B3-B9EC-9420B74AB25F}"=Phoenix Core Managed Environment (cME)
"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder
"{93FB47FB-4FDF-4131-B5FD-7A37883868E7}"=hp psc 2170 series
"{9867A917-5D17-40DE-83BA-BEA5293194B1}"=HP Photo and Imaging 2.0 - All-in-One
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}"=PowerProducer
"{C151CE54-E7EA-4804-854B-F515368B0798}"=Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD815603-AB71-4CFB-B3AC-522298037ACC}"=W83L518D
"{DC5A3749-4535-4EAD-842A-DDE976CC6B38}"=PS7900
"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}"=HP Software Update
"{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}"=PSShortcutsP
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}"=PSUsage
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop Elements 2.0"=Adobe Photoshop Elements 2.0
"Audacity_is1"=Audacity 1.2.0
"AVG8Uninstall"=AVG Free 8.0
"BookSmart™ 1.9.5 1.9.5"=BookSmart™ 1.9.5 1.9.5
"DVD Flick_is1"=DVD Flick
"ExtractNow_is1"=ExtractNow
"HijackThis"=HijackThis 2.0.2
"HP PSC 2170 Series"=HP Photo and Imaging 2.0 - hp psc 2170 series
"InstallShield_{8364CB46-44D7-42B3-B9EC-9420B74AB25F}"=Phoenix Core Managed Environment (cME)
"KONICA MINOLTA magicolor 2400W"=KONICA MINOLTA magicolor 2400W
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Motocross Madness 2 Trial"=Microsoft Motocross Madness 2 Trial
"Mozilla Firefox (3.0.6)"=Mozilla Firefox (3.0.6)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MyPublisher BookMaker"=MyPublisher BookMaker
"Nero - Burning Rom!UninstallKey"=Nero 6 Enterprise Edition
"Picasa 3"=Picasa 3
"S3"=UniChrome Pro IGP Display Driver and Utilities
"Shutterfly Plugin"=Shutterfly Plugin
"Skype_is1"=Skype 2.5
"SLAMRNTV"=Smart Link 56K Modem
"Super DX-Ball_is1"=Super DX-Ball v1.00
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"ToneGen"=NCH Tone Generator Uninstall
"UT2004-Demo"=Unreal Tournament 2004 Demo
"VTDisplay"=S3 S3Display
"VTGamma2"=S3 S3Gamma2
"VTInfo2"=S3 S3Info2
"VTOverlay"=S3 S3Overlay
"VTTrayPlus"=S3 S3TrayPlus
"VUInstRhine"=VIA Rhine Family Fast Ethernet Adapter
"WIC"=Windows Imaging Component
"Winamp"=Winamp (remove only)
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"WinZip"=WinZip
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions"=Adobe Digital Editions

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3542780596-2817554143-1502406390-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions"=Adobe Digital Editions

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/21/2009 10:49:06 AM | Computer Name = FROG | Source = Application Error | ID = 1000
Description = Faulting application avginet.exe, version 7.5.0.541, faulting module
avgupd.dll, version 7.5.0.529, fault address 0x000459e9.

Error - 1/22/2009 10:46:25 AM | Computer Name = FROG | Source = Application Error | ID = 1000
Description = Faulting application avginet.exe, version 7.5.0.541, faulting module
avgupd.dll, version 7.5.0.529, fault address 0x000459e9.

Error - 1/22/2009 11:21:31 AM | Computer Name = FROG | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/22/2009 8:23:14 PM | Computer Name = FROG | Source = Application Hang | ID = 1002
Description = Hanging application avgcc.exe, version 7.5.0.545, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/17/2009 9:45:32 PM | Computer Name = FROG | Source = Application Error | ID = 1000
Description = Faulting application avginet.exe, version 7.5.0.541, faulting module
avgupd.dll, version 7.5.0.529, fault address 0x000459e9.

Error - 2/18/2009 10:01:48 AM | Computer Name = FROG | Source = Application Error | ID = 1000
Description = Faulting application avginet.exe, version 7.5.0.541, faulting module
avgupd.dll, version 7.5.0.529, fault address 0x000459e9.

Error - 2/18/2009 10:01:59 AM | Computer Name = FROG | Source = Application Error | ID = 1001
Description = Fault bucket 971533942.

Error - 2/23/2009 10:17:31 AM | Computer Name = FROG | Source = Application Error | ID = 1000
Description = Faulting application avginet.exe, version 7.5.0.541, faulting module
avgupd.dll, version 7.5.0.529, fault address 0x000459e9.

Error - 2/24/2009 12:41:28 PM | Computer Name = FROG | Source = Application Error | ID = 1000
Description = Faulting application avginet.exe, version 7.5.0.541, faulting module
avgupd.dll, version 7.5.0.529, fault address 0x000459e9.

Error - 2/24/2009 9:42:36 PM | Computer Name = FROG | Source = Application Hang | ID = 1002
Description = Hanging application avgcc.exe, version 7.5.0.545, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/11/2009 8:11:53 PM | Computer Name = FROG | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2009 8:11:54 PM | Computer Name = FROG | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2009 8:11:54 PM | Computer Name = FROG | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2009 8:11:54 PM | Computer Name = FROG | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2009 8:11:54 PM | Computer Name = FROG | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2009 8:11:54 PM | Computer Name = FROG | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2009 8:11:54 PM | Computer Name = FROG | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2009 8:11:54 PM | Computer Name = FROG | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2009 8:11:54 PM | Computer Name = FROG | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2009 8:14:16 PM | Computer Name = FROG | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep


< End of report >

Edited by jeremycomp, 11 March 2009 - 07:42 PM.


#7 jeremycomp

jeremycomp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 11 March 2009 - 09:11 PM

I received this same window maybe 3 times over the last week and each time clicked "Move to Vault".
FYI

Attached Files



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:17 AM

Posted 12 March 2009 - 04:51 PM

Hi jeremycomp,

Yes, it's better to cut and paste rather than attach the logs.

AVG seems to be out of favour at the moment. This is partly due to the free version losing its support meaning that it may not be up to date. Avira, Antivir or Avast are all recommended as good free versions.

The logs are looking good but we'll try an online scan and then check for sneakier malware.

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Download gmer.zip and save to your desktop.
alternate download site 1
alternate download site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    *System Protection and Tracing
    *Processes
    *Save created processes to the log
    *Drivers
    *Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

Please post a new DDS log as well.
Posted Image
m0le is a proud member of UNITE

#9 jeremycomp

jeremycomp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 12 March 2009 - 07:23 PM

For some reason, the Kaspersky site kept giving me this error. See attachment. I completely stopped AVG, and tried Firefox and IE and get the same thing. I decided to wait to run gmer.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:17 AM

Posted 13 March 2009 - 12:57 PM

Okay, Jeremy, let's try BitDefender.

BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
If you have problems come back to me, otherwise continue with the Gmer and DDS scans.

:thumbup2:
Posted Image
m0le is a proud member of UNITE

#11 jeremycomp

jeremycomp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 14 March 2009 - 09:22 AM

Did BitDefender in IE.
Followed previous Gmer instructions but no "Settings" to click. Ran DDS. All logs are below.

BitDefender

Also attached as it's in a nicer table.

BitDefender Online Scanner


Scan report generated at: Fri, Mar 13, 2009 - 22:16:34


Scan path: C:\;D:\;

Statistics

Time


01:02:21

Files


217411

Folders


6458

Boot Sectors


0

Archives


7470

Packed Files


9918







Results

Identified Viruses


6

Infected Files


8

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


8







Engines Info

Virus Definitions


2791744

Engine build


AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins


17

Archive plugins


45

Unpack plugins


7

E-mail plugins


6

System plugins


4







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_UACpouuhsnt_.sys.zip=>UACpouuhsnt.sys


Infected with: Rootkit.12547

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_UACpouuhsnt_.sys.zip=>UACpouuhsnt.sys


Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_UACpouuhsnt_.sys.zip


Updated

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACcxrumqpm.dll.vir


Infected with: Rootkit.12504

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACcxrumqpm.dll.vir


Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACfntamtnn.dll.vir


Infected with: Gen:Trojan.Heur.TDSS.2048B7A7A7

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACfntamtnn.dll.vir


Disinfection failed

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACfntamtnn.dll.vir


Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACidmdbwqw.dll.vir


Infected with: Rootkit.12555

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACidmdbwqw.dll.vir


Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACmjfuymfs.dll.vir


Infected with: Trojan.Packed.59023

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACmjfuymfs.dll.vir


Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACseosfhqp.dll.vir


Infected with: Rootkit.12520

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACseosfhqp.dll.vir


Deleted

C:\System Volume Information\_restore{180DE92A-FB38-4C59-9AE0-5A60CBAA6F99}\RP291\A0150531.dll


Infected with: Gen:Trojan.Heur.TDSS.2048B7A7A7

C:\System Volume Information\_restore{180DE92A-FB38-4C59-9AE0-5A60CBAA6F99}\RP291\A0150531.dll


Disinfection failed

C:\System Volume Information\_restore{180DE92A-FB38-4C59-9AE0-5A60CBAA6F99}\RP291\A0150531.dll


Deleted

C:\System Volume Information\_restore{180DE92A-FB38-4C59-9AE0-5A60CBAA6F99}\RP291\A0150532.dll


Infected with: Trojan.Packed.59023

C:\System Volume Information\_restore{180DE92A-FB38-4C59-9AE0-5A60CBAA6F99}\RP291\A0150532.dll


Deleted




Gmer

GMER 1.0.15.14878 - http://www.gmer.net
Rootkit scan 2009-03-14 08:17:10
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Fastfat \Fat F031EC8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR

---- EOF - GMER 1.0.15 ----


DDS Attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/3/2005 4:53:42 AM
System Uptime: 3/14/2009 3:39:58 AM (5 hours ago)

Motherboard: To be filled by O.E.M. | | To be filled by O.E.M.
Processor: Mobile AMD Sempron™ Processor 2800+ | CPU 1 | 1603/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 72 GiB total, 43.518 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP282: 12/12/2008 9:36:13 PM - System Checkpoint
RP283: 12/20/2008 9:57:45 AM - System Checkpoint
RP284: 12/27/2008 10:40:19 AM - System Checkpoint
RP285: 1/1/2009 2:18:55 PM - System Checkpoint
RP286: 1/8/2009 1:18:30 PM - System Checkpoint
RP287: 1/10/2009 9:22:54 PM - System Checkpoint
RP288: 1/26/2009 6:54:25 PM - System Checkpoint
RP289: 2/18/2009 2:46:07 PM - System Checkpoint
RP290: 2/19/2009 8:13:46 PM - System Checkpoint
RP291: 2/24/2009 10:27:04 PM - Installed AVG Free 8.0
RP292: 2/26/2009 10:12:42 PM - Software Distribution Service 3.0
RP293: 2/26/2009 10:16:55 PM - Software Distribution Service 3.0
RP294: 3/4/2009 12:59:15 PM - Avg8 Update
RP295: 3/10/2009 3:06:54 PM - System Checkpoint
RP296: 3/11/2009 7:09:14 PM - Installed Java™ 6 Update 12
RP297: 3/11/2009 7:11:23 PM - Removed J2SE Runtime Environment 5.0 Update 6

==== Installed Programs ======================

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Digital Editions
Adobe Flash Player Plugin
Adobe Photoshop Elements 2.0
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Athlon 64 Processor Driver
Audacity 1.2.0
AVG Free 8.0
BookSmart™ 1.9.5 1.9.5
DVD Flick
ExtractNow
Google Earth
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2170 series
hp psc 2170 series
HP Software Update
iTunes
Java™ 6 Update 12
KONICA MINOLTA magicolor 2400W
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Motocross Madness 2 Trial
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
msxml4
MyPublisher BookMaker
NCH Tone Generator Uninstall
Nero 6 Enterprise Edition
Phoenix Core Managed Environment (cME)
Photosmart 140,240,7200,7600,7700,7900 Series
Picasa 3
PixiePack Codec Pack
Power2Go 3.0
PowerDVD
PowerProducer
PowerStarter
PS7900
PSShortcutsP
PSUsage
QFolder
QuickTime
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
S3 S3TrayPlus
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Shutterfly Plugin
Skype 2.5
Smart Link 56K Modem
Spybot - Search & Destroy
Super DX-Ball v1.00
Synaptics Pointing Device Driver
UniChrome Pro IGP Display Driver and Utilities
Unreal Tournament 2004 Demo
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VIA Rhine Family Fast Ethernet Adapter
Virtual Earth 3D (Beta)
W83L518D
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Movie Maker 2.0
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinZip

==== Event Viewer Messages From Past Week ========

3/11/2009 7:11:48 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/9/2009 7:39:56 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
3/8/2009 4:14:13 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001109F87F34. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
3/11/2009 7:14:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
3/12/2009 7:14:03 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
3/12/2009 7:16:45 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the AVG Free8 WatchDog service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================

DDS DDS

DDS (Ver_09-02-01.01) - NTFSx86
Run by Home at 8:18:06.15 on Sat 03/14/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.479.201 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Home\Desktop\Fixing Computer\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [VTTimer] VTTimer.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164593207515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\home\applic~1\mozilla\firefox\profiles\e8ouhqpb.default\
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

============= SERVICES / DRIVERS ===============

R0 ptpd;Disk Filter Driver;c:\windows\system32\drivers\ptpd.sys [2002-1-1 6656]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-24 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-24 27656]
R2 Machnm32;Machnm32 Driver;c:\windows\system32\Machnm32.sys [2002-1-1 2304]
R3 PhnxVcd;PhnxVcd;c:\windows\system32\drivers\phnxvcd.sys [2002-1-1 36096]
R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;c:\windows\system32\drivers\wbms.sys [2004-12-7 36224]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\wbsd.sys [2004-12-7 27904]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-24 298264]

=============== Created Last 30 ================

2009-03-11 20:09 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-11 20:09 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-26 22:47 <DIR> a-dshr-- C:\cmdcons
2009-02-26 22:42 161,792 a------- c:\windows\SWREG.exe
2009-02-26 22:42 98,816 a------- c:\windows\sed.exe
2009-02-26 22:39 <DIR> --d----- C:\SDFix
2009-02-26 22:11 <DIR> --d----- c:\program files\Trend Micro
2009-02-26 00:01 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-24 23:27 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-24 23:27 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-24 23:27 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-24 23:27 <DIR> --d----- c:\program files\AVG
2009-02-24 23:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-24 22:23 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-02-24 22:21 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-02-24 22:21 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-02-22 14:26 5,162 a------- c:\windows\system32\uacinit.dll

==================== Find3M ====================

2009-01-05 18:33 3,751,995 a------- c:\windows\system32\GPhotos.scr
2005-04-03 05:11 0 a------- c:\docume~1\home\applic~1\wklnhst.dat

============= FINISH: 8:18:30.62 ===============

Attached Files



#12 jeremycomp

jeremycomp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 14 March 2009 - 12:14 PM

For some reason, Kaspersky ran in IE. The results are below:

KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, March 14, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, March 14, 2009 14:31:59
Records in database: 1901341
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 64281
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:40:40

No malware has been detected. The scan area is clean.
The selected area was scanned.

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:17 AM

Posted 14 March 2009 - 08:00 PM

Okay, your log is clean jeremycomp. Good stuff! :thumbup2:

Let's firstly do some essential housekeeping

Please download OTCleanIt and save it to Desktop.

Make sure you have internet connection.
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes

Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Please disable System Restore:

1. Right-click My Computer, and then click Properties.
2. On the Performance tab, click File System, or press ALT+F.
3. On the Troubleshooting tab, click to select the Disable System Restore check box.
4. Click OK twice, and then click Yes when you are prompted to restart the computer.
5. Now re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box.

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Here's a list of ways you can avoid problems in the future:

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

That's it, happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#14 jeremycomp

jeremycomp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 15 March 2009 - 01:49 PM

m0le,
Thanks for all your help. We should be malware free then? It almost feels like I should run hijack this or something just to make sure.

Did you see the BitDefender report? Just wondering if the results look okay to you with the identified, infected, disinfected, etc. And you noticed the Kaspersky report too?

Finally, if we decide to donate for this help, where can we send too? This site? You?
Thanks so much!
Jeremy

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:17 AM

Posted 16 March 2009 - 07:28 AM

Hi jeremycomp,

Yes, you're malware-free. The BitDefender results should now be clear. If you want to be sure just run BitDefender again.

If there's any problems just post back.

Bleeping Computer does not take donations and neither do me or my coach so just a thank you will be fine :thumbup2:

Happy surfing!
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users