Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win.32.Agent.plz


  • Please log in to reply
14 replies to this topic

#1 Nosinik

Nosinik

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 27 March 2009 - 06:15 PM

Spybot showed that this trojan was on my computer but said it removed it. Everyplace I looked online on how to remove suggested ComboFix. At the ComboFix webpage it says not to use without the use of a helper. I am here for this purpose. I would also like to know if there is anything else that needs to be removed.

See below DDS.txt.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Chad Banzhaf at 17:55:50.09 on Fri 03/27/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.194 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\MMKeybd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Chad Banzhaf\Local Settings\Temporary Internet Files\Content.IE5\D4ZRHJ6S\dds[1].scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe" --force_start_minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [SpybotDeletingB5960] command /c del "c:\windows\system32\twain_32\local.ds"
uRunOnce: [SpybotDeletingD8221] cmd /c del "c:\windows\system32\twain_32\local.ds"
uRunOnce: [SpybotDeletingB9003] command /c del "c:\windows\system32\twain_32\user.ds"
uRunOnce: [SpybotDeletingD9462] cmd /c del "c:\windows\system32\twain_32\user.ds"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [DellTouch] c:\windows\MMKeybd.exe
mRun: [POINTER] point32.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NexusServer] "c:\program files\common files\grass valley\procoder 3\kernel\PNXSERVR.exe" -SelfLaunch
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRunOnce: [SpybotDeletingA3352] command /c del "c:\windows\system32\twain_32\local.ds"
mRunOnce: [SpybotDeletingC5988] cmd /c del "c:\windows\system32\twain_32\local.ds"
mRunOnce: [SpybotDeletingA4613] command /c del "c:\windows\system32\twain_32\user.ds"
mRunOnce: [SpybotDeletingC9944] cmd /c del "c:\windows\system32\twain_32\user.ds"
uExplorerRun: [System Patcher] BTCPatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182476889375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1217377529926&h=884ac172e063952493d0046d3023e181/&filename=jinstall-6u7-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.116.125;85.255.112.109
TCP: {8FC1A602-5E0D-40CC-BB28-4797F48E570D} = 85.255.116.125;85.255.112.109
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 hpt302;hpt302;c:\windows\system32\drivers\hpt302.sys [2007-6-21 72320]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-18 64160]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2007-6-30 13560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2007-6-21 28672]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2007-6-21 6942]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090320.003\NAVENG.sys [2009-3-20 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090320.003\NAVEX15.sys [2009-3-20 876144]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\documents and settings\chad banzhaf\desktop\ether\everesthome_build_0466\kerneld.wnt --> c:\documents and settings\chad banzhaf\desktop\ether\everesthome_build_0466\kerneld.wnt [?]

=============== Created Last 30 ================

2009-03-27 17:39 <DIR> --d----- c:\program files\Trend Micro
2009-03-19 21:26 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-18 18:04 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-18 18:04 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-18 18:04 <DIR> --d----- c:\program files\Lavasoft

==================== Find3M ====================

2009-02-22 14:34 71,108 a---h--- c:\windows\system32\mlfcache.dat
2009-02-18 09:24 5,632 a------- C:\nscagent.exe
2009-01-24 11:15 1,682 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-07-02 14:38 95,088 a------- c:\docume~1\chadba~1\applic~1\GDIPFONTCACHEV1.DAT
2007-09-12 19:59 79,328 a------- c:\documents and settings\chad banzhaf\mqdmserd.sys
2007-09-12 19:59 5,936 a------- c:\documents and settings\chad banzhaf\mqdmwhnt.sys
2007-09-12 19:59 92,064 a------- c:\documents and settings\chad banzhaf\mqdmmdm.sys
2007-09-12 19:59 66,656 a------- c:\documents and settings\chad banzhaf\mqdmbus.sys
2007-09-12 19:59 25,600 a------- c:\documents and settings\chad banzhaf\usbsermptxp.sys
2007-09-12 19:59 22,768 a------- c:\documents and settings\chad banzhaf\usbsermpt.sys
2007-09-12 19:59 9,232 a------- c:\documents and settings\chad banzhaf\mqdmmdfl.sys
2007-09-12 19:59 6,208 a------- c:\documents and settings\chad banzhaf\mqdmcmnt.sys
2007-09-12 19:59 4,048 a------- c:\documents and settings\chad banzhaf\mqdmcr.sys

============= FINISH: 17:56:32.40 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:53 PM

Posted 27 March 2009 - 06:43 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.

I like to work around Combofix if at all possible. No reason to use a bigger gun that you need if we can clean it up just as easily with another tool.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Nosinik

Nosinik
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 27 March 2009 - 06:47 PM

Thanks Sam.

Here is the report:

OTListIt logfile created on: 3/27/2009 6:45:38 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Chad Banzhaf\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 376.15 Mb Available Physical Memory | 36.77% Memory free
2.40 Gb Paging File | 1.49 Gb Available in Paging File | 61.89% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 21.98 Gb Free Space | 14.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.28 Gb Total Space | 401.87 Gb Free Space | 43.15% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHAD-DESKTOP
Current User Name: Chad Banzhaf
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/07/27 22:21:16 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2007/07/27 22:21:16 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009/01/18 16:34:37 | 00,921,936 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2001/08/06 13:41:48 | 00,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe
PRC - [2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2003/05/21 01:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/04/05 21:35:40 | 01,543,614 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe
PRC - [2003/05/21 01:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/08/08 13:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2003/12/04 16:21:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2002/10/12 21:00:00 | 00,294,912 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2003/05/21 01:21:18 | 00,090,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
PRC - [2001/12/17 11:18:06 | 00,483,394 | ---- | M] (BroadJump, Inc.) -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
PRC - [2001/09/05 13:28:40 | 00,163,840 | ---- | M] (Netropa Corp.) -- C:\WINDOWS\MMKeybd.exe
PRC - [2001/11/07 13:44:19 | 00,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
PRC - [2001/09/17 12:48:42 | 00,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\OSD.exe
PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/03/26 18:45:12 | 00,389,120 | ---- | M] () -- C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
PRC - [2009/01/18 16:34:48 | 00,506,712 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2007/03/01 18:11:22 | 00,043,008 | ---- | M] () -- C:\Program Files\BitTorrent\bittorrent.exe
PRC - [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/09/16 13:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2002/09/03 12:08:01 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2004/08/04 02:56:57 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2004/08/04 02:56:57 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/05/11 03:06:38 | 00,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2008/07/07 10:42:04 | 04,891,472 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/01/11 11:23:38 | 00,050,184 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
PRC - [2008/10/28 16:40:48 | 10,742,608 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
PRC - [2008/10/28 17:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
PRC - [2009/03/27 18:45:06 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chad Banzhaf\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/07/27 22:21:16 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2007/07/27 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2003/05/21 01:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2006/10/04 12:49:02 | 00,892,928 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Stopped])
SRV - [2006/10/20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/04 02:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/10/30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/04/05 21:35:40 | 01,543,614 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe [Auto | Running])
SRV - [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/01/18 16:34:37 | 00,921,936 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2006/10/30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2001/08/06 13:41:48 | 00,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv [Auto | Running])
SRV - [2003/05/21 01:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server [Auto | Running])
SRV - [2005/08/08 13:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2003/12/04 16:21:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/08/04 01:10:10 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\61883.sys -- (61883 [On_Demand | Running])
DRV - [2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2007/07/27 22:30:27 | 02,371,584 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2004/08/04 00:29:30 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinrvxx.sys -- (atinrvxx [On_Demand | Stopped])
DRV - [2004/08/04 00:29:31 | 00,073,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atintuxx.sys -- (ATITUNEP [Auto | Stopped])
DRV - [2004/08/04 00:29:29 | 00,052,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinraxx.sys -- (ativraxx [On_Demand | Stopped])
DRV - [2004/08/04 00:29:31 | 00,063,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinxsxx.sys -- (ATIXSAudio [Auto | Stopped])
DRV - [2004/08/04 01:10:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\avc.sys -- (Avc [On_Demand | Running])
DRV - [2007/03/14 10:30:32 | 00,165,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/07/28 09:18:40 | 00,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock [Auto | Running])
DRV - [2007/08/16 18:33:04 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt [Auto | Running])
DRV - [2007/03/30 10:40:00 | 00,072,320 | ---- | M] (HighPoint Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\hpt302.sys -- (hpt302 [Boot | Running])
DRV - [2009/01/18 16:30:13 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2004/08/04 01:09:58 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Running])
DRV - [2000/10/03 15:18:24 | 00,006,942 | ---- | M] (Netropa Corporation) -- C:\WINDOWS\System32\DRIVERS\msikbd2k.sys -- (Msikbd2k [On_Demand | Running])
DRV - [2004/08/04 00:29:28 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinmdxx.sys -- (MVDCODEC [Auto | Stopped])
DRV - [2003/05/02 21:08:18 | 00,224,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP [On_Demand | Running])
DRV - [2003/05/02 21:08:22 | 00,030,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS -- (NAVAPEL [Auto | Running])
DRV - [2009/03/20 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090320.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/03/20 03:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090320.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2002/10/15 15:59:24 | 00,017,153 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (OMCI [System | Running])
DRV - [2004/08/04 00:29:29 | 00,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinpdxx.sys -- (PCDCODEC [Auto | Stopped])
DRV - [2003/03/05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2002/09/03 11:53:10 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2002/12/19 17:48:48 | 00,539,008 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2007/08/23 17:49:48 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007/06/19 21:12:53 | 00,073,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2007/09/12 19:59:54 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys -- (usbsermptxp [On_Demand | Stopped])
DRV - [2006/11/02 16:51:58 | 00,013,560 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B} [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-839522115-362288127-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-839522115-362288127-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-839522115-362288127-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-839522115-362288127-725345543-1004\S-1-5-21-839522115-362288127-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-839522115-362288127-725345543-1004\S-1-5-21-839522115-362288127-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe (BroadJump, Inc.)
O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe (Netropa Corp.)
O4 - HKLM..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" (Diskeeper Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch ()
O4 - HKLM..\Run: [POINTER] point32.exe File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-839522115-362288127-725345543-1004..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized ()
O4 - HKU\S-1-5-21-839522115-362288127-725345543-1004..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-839522115-362288127-725345543-1004..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - HKU\S-1-5-21-839522115-362288127-725345543-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-839522115-362288127-725345543-1004..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found
O4 - HKLM..\RunOnce: [SpybotDeletingA3352] command /c del "C:\WINDOWS\system32\twain_32\local.ds" ()
O4 - HKLM..\RunOnce: [SpybotDeletingA4613] command /c del "C:\WINDOWS\system32\twain_32\user.ds" ()
O4 - HKLM..\RunOnce: [SpybotDeletingC5988] cmd /c del "C:\WINDOWS\system32\twain_32\local.ds" (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC9944] cmd /c del "C:\WINDOWS\system32\twain_32\user.ds" (Microsoft Corporation)
O4 - HKU\S-1-5-21-839522115-362288127-725345543-1004..\RunOnce: [SpybotDeletingB5960] command /c del "C:\WINDOWS\system32\twain_32\local.ds" ()
O4 - HKU\S-1-5-21-839522115-362288127-725345543-1004..\RunOnce: [SpybotDeletingB9003] command /c del "C:\WINDOWS\system32\twain_32\user.ds" ()
O4 - HKU\S-1-5-21-839522115-362288127-725345543-1004..\RunOnce: [SpybotDeletingD8221] cmd /c del "C:\WINDOWS\system32\twain_32\local.ds" (Microsoft Corporation)
O4 - HKU\S-1-5-21-839522115-362288127-725345543-1004..\RunOnce: [SpybotDeletingD9462] cmd /c del "C:\WINDOWS\system32\twain_32\user.ds" (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-362288127-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1182476889375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.125;85.255.112.109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{8FC1A602-5E0D-40CC-BB28-4797F48E570D}\\NameServer = 85.255.116.125;85.255.112.109
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/19 20:58:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/01 13:53:24 | 00,000,071 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/08/04 16:06:00 | 00,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\Open\command - "" = resycled\boot.com f:
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/03/27 18:45:06 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chad Banzhaf\Desktop\OTListIt2.exe
[2009/03/27 17:39:52 | 00,001,743 | ---- | C] () -- C:\Documents and Settings\Chad Banzhaf\Desktop\HijackThis.lnk
[2009/03/27 17:39:52 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/27 17:17:54 | 16,283,032 | ---- | C] () -- C:\Documents and Settings\Chad Banzhaf\Desktop\jre-6u13-windows-i586-p.exe
[2009/03/26 20:07:34 | 94,243,124 | ---- | C] () -- C:\Documents and Settings\Chad Banzhaf\My Documents\Big_Breasts_blonde_girl_bleeped_on_the_bed.avi
[2009/03/25 17:50:09 | 05,361,359 | ---- | C] () -- C:\Documents and Settings\Chad Banzhaf\My Documents\Making Millions For Dummies.pdf
[2009/03/25 06:42:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chad Banzhaf\My Documents\Torrents
[2009/03/19 21:26:16 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/18 18:05:16 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/18 18:04:56 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/18 18:04:29 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/03/18 18:04:26 | 00,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/18 18:04:15 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/03/18 18:04:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/18 18:02:29 | 34,543,112 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Chad Banzhaf\Desktop\Ad-AwareAE.exe

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/03/27 18:45:06 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chad Banzhaf\Desktop\OTListIt2.exe
[2009/03/27 18:42:32 | 00,080,896 | ---- | M] () -- C:\Documents and Settings\Chad Banzhaf\My Documents\Movie List.xls
[2009/03/27 17:39:52 | 00,001,743 | ---- | M] () -- C:\Documents and Settings\Chad Banzhaf\Desktop\HijackThis.lnk
[2009/03/27 17:18:53 | 00,000,154 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/03/27 17:17:54 | 16,283,032 | ---- | M] () -- C:\Documents and Settings\Chad Banzhaf\Desktop\jre-6u13-windows-i586-p.exe
[2009/03/27 15:40:00 | 00,123,392 | ---- | M] () -- C:\Documents and Settings\Chad Banzhaf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/26 20:23:16 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/26 20:22:30 | 00,000,269 | ---- | M] () -- C:\WINDOWS\MSIOSD.INI
[2009/03/26 20:22:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2009/03/26 20:21:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/26 20:21:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/26 20:08:11 | 94,243,124 | ---- | M] () -- C:\Documents and Settings\Chad Banzhaf\My Documents\Big_Breasts_blonde_girl_bleeped_on_the_bed.avi
[2009/03/25 18:05:05 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/25 10:32:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/21 12:36:17 | 05,361,359 | ---- | M] () -- C:\Documents and Settings\Chad Banzhaf\My Documents\Making Millions For Dummies.pdf
[2009/03/18 18:04:26 | 00,000,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/16 18:32:57 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/15 14:54:30 | 00,522,208 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/15 14:54:30 | 00,441,184 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/15 14:54:30 | 00,071,250 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/13 18:57:35 | 00,000,297 | ---- | M] () -- C:\Documents and Settings\Chad Banzhaf\Application Data\iPod Access v4 Prefs
< End of report >

#4 Nosinik

Nosinik
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 27 March 2009 - 06:49 PM

I forgot this:

OTListIt Extras logfile created on: 3/27/2009 6:45:38 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Chad Banzhaf\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 376.15 Mb Available Physical Memory | 36.77% Memory free
2.40 Gb Paging File | 1.49 Gb Available in Paging File | 61.89% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 21.98 Gb Free Space | 14.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.28 Gb Total Space | 401.87 Gb Free Space | 43.15% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHAD-DESKTOP
Current User Name: Chad Banzhaf
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallOverride" = 0
"AntiVirusOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/24 06:33:54 | 05,494,272 | ---- | M] () -- C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++
[2007/05/13 09:57:46 | 05,308,416 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule
[2007/03/01 18:11:22 | 00,043,008 | ---- | M] () -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\nSvcAppFlt.exe:*:Enabled:Win32load
[2009/02/18 09:24:03 | 00,005,632 | ---- | M] () -- C:\nscagent.exe:*:Enabled:Win32load
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour
File not found -- C:\Program Files\MobTime Cell Phone Manager\MobFldSvr.exe:*:Disabled:MobFldSvr

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01BDFB08-EE88-4E5E-94A6-AE9EDCFA40C5}" = Microsoft IntelliPoint 4.0
"{07D97136-A219-41FE-9FF9-E18C8A312A7E}" = ProCoder 3
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{181956E4-279D-4C9B-B7C7-6A99AE69B867}" = TMPGEnc Plus 2.5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java™ SE Development Kit 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = HydraVision
"{438D221C-5B5B-4E4B-B7BD-A86512E5B6C1}" = DAO
"{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = BACS
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A70D9E8-C51B-4196-BD1F-137E6EF6AEBB}" = Canopus ProCoder 2
"{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{772E9146-D676-4869-A298-047FF2A2B92D}" = Canopus Codec Option
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7F46E168-E0F4-45EA-81F5-80488334B609}" = Usb to Serial Driver 1.12.25
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8C0302AB-28E3-43F4-8414-10B8E0954ED9}" = Setup
"{8C1932E3-8555-4B03-B2CC-AE86DC6673E4}" = Ulead Drop Spot
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9869D4DD-D553-40D3-8859-F8911D406C69}" = Ulead DVD Workshop 2
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE8008D5-BDEE-4D29-A84C-A85F234ED14E}" = AtomicParselyGUI
"{B1D8CAE1-62E8-4259-8B57-1755629F71EC}" = Diskeeper 2007 Pro Premier
"{B36C4994-A563-4339-8754-CCCE51314A4C}" = Visual Pinball
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = B57Inst
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F101C58C-15CC-42B3-83D1-536CFB960634}" = Ulead PhotoImpact 8
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVIcodec" = AVIcodec (remove only)
"AviSynth" = AviSynth 2.5
"BitTorrent" = BitTorrent 5.0.7
"BroadJump Client Foundation" = BroadJump Client Foundation
"CDisplay_is1" = CDisplay 1.8
"DC++" = DC++ 0.706
"DivX Codec" = Remove DivX Pro Codec
"DivX Player" = DivX Player
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab HD Decrypter_is1" = DVDFab HD Decrypter 3.1.4.0
"eMule" = eMule
"ffdshow_is1" = ffdshow [rev 1325] [2007-07-01]
"Font Viewer_is1" = Font Viewer 2.0
"Gordian Knot" = Gordian Knot Rip Pack 0.35.0
"HijackThis" = HijackThis 2.0.2
"hp deskjet 960c series" = hp deskjet 960c series (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{181956E4-279D-4C9B-B7C7-6A99AE69B867}" = TMPGEnc Plus 2.5
"InstallShield_{438D221C-5B5B-4E4B-B7BD-A86512E5B6C1}" = DAO
"InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = Broadcom Advanced Control Suite
"InstallShield_{8C1932E3-8555-4B03-B2CC-AE86DC6673E4}" = Ulead Drop Spot 1.0
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Driver Installer
"InstallShield_{F101C58C-15CC-42B3-83D1-536CFB960634}" = Ulead PhotoImpact 8
"iPod Access for Windows_is1" = iPod Access for Windows v4.2.2
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Monkey's Audio_is1" = Monkey's Audio
"MPEG Video Wizard DVD" = MPEG Video Wizard DVD
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ScenalyzerLive" = ScenalyzerLive (remove)
"Secured eMule" = Secured eMule
"setup" = setup (Remove only)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Videora iPod Converter" = Videora iPod Converter 4.04
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.2 final uninstall
"YouTube Downloader App" = YouTube Downloader App 1.01

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/19/2009 10:28:37 PM | Computer Name = CHAD-DESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/19/2009 10:28:41 PM | Computer Name = CHAD-DESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/19/2009 10:28:41 PM | Computer Name = CHAD-DESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/19/2009 10:28:42 PM | Computer Name = CHAD-DESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/19/2009 10:28:43 PM | Computer Name = CHAD-DESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/20/2009 2:00:11 AM | Computer Name = CHAD-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application DkService.exe, version 11.0.686.0, faulting module
msvcr80.dll, version 8.0.50727.1433, fault address 0x00008aa0.

Error - 3/20/2009 11:44:28 PM | Computer Name = CHAD-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module unknown, version 0.0.0.0, fault address 0x10008835.

Error - 3/20/2009 11:44:46 PM | Computer Name = CHAD-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module unknown, version 0.0.0.0, fault address 0x10008835.

Error - 3/26/2009 9:20:03 PM | Computer Name = CHAD-DESKTOP | Source = Userenv | ID = 1512
Description = Windows cannot unload your registry file. The memory used by the registry
has not been freed. This is often caused by services running as a user account,
try configuring the services to run in either the LocalService or NetworkService
account. If this problem persists, contact your administrator. DETAIL - Insufficient
system resources exist to complete the requested service.

Error - 3/27/2009 2:00:10 AM | Computer Name = CHAD-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application DkService.exe, version 11.0.686.0, faulting module
msvcr80.dll, version 8.0.50727.1433, fault address 0x00008aa0.

[ System Events ]
Error - 3/23/2009 3:54:31 PM | Computer Name = CHAD-DESKTOP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 3/25/2009 3:54:32 PM | Computer Name = CHAD-DESKTOP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 3/26/2009 9:21:57 PM | Computer Name = CHAD-DESKTOP | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 3/26/2009 9:22:59 PM | Computer Name = CHAD-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ATI WDM TV Tuner service failed to start due to the following
error: %%1058

Error - 3/26/2009 9:22:59 PM | Computer Name = CHAD-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ATI WDM TV Audio Crossbar service failed to start due to the following
error: %%1058

Error - 3/26/2009 9:22:59 PM | Computer Name = CHAD-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized MVD Codec service failed to start due to the
following error: %%1058

Error - 3/26/2009 9:22:59 PM | Computer Name = CHAD-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized PCD Codec service failed to start due to the
following error: %%1058

Error - 3/26/2009 9:23:48 PM | Computer Name = CHAD-DESKTOP | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00021418, parameter2 00000002, parameter3
00000000, parameter4 8050af20.

Error - 3/27/2009 2:05:13 AM | Computer Name = CHAD-DESKTOP | Source = Service Control Manager | ID = 7034
Description = The Diskeeper service terminated unexpectedly. It has done this 1
time(s).

Error - 3/27/2009 3:54:33 PM | Computer Name = CHAD-DESKTOP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:53 PM

Posted 27 March 2009 - 07:00 PM

How about the Gmer log?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 Nosinik

Nosinik
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 27 March 2009 - 07:03 PM

It didn't output a log titled Gmer. Would it pop up in notepad? Where should I look?

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:53 PM

Posted 27 March 2009 - 07:11 PM

It's possible that it didn't create a log. We'll assume that for now.

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [SpybotDeletingA3352] command /c del "C:\WINDOWS\system32\twain_32\local.ds" ()
    O4 - HKLM..\RunOnce: [SpybotDeletingA4613] command /c del "C:\WINDOWS\system32\twain_32\user.ds" ()
    O4 - HKLM..\RunOnce: [SpybotDeletingC5988] cmd /c del "C:\WINDOWS\system32\twain_32\local.ds" (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [SpybotDeletingC9944] cmd /c del "C:\WINDOWS\system32\twain_32\user.ds" (Microsoft Corporation)
    O4 - HKU\S-1-5-21-839522115-362288127-725345543-1004..\RunOnce: [SpybotDeletingB5960] command /c del "C:\WINDOWS\system32\twain_32\local.ds" ()
    O4 - HKU\S-1-5-21-839522115-362288127-725345543-1004..\RunOnce: [SpybotDeletingB9003] command /c del "C:\WINDOWS\system32\twain_32\user.ds" ()
    O4 - HKU\S-1-5-21-839522115-362288127-725345543-1004..\RunOnce: [SpybotDeletingD8221] cmd /c del "C:\WINDOWS\system32\twain_32\local.ds" (Microsoft Corporation)
    O4 - HKU\S-1-5-21-839522115-362288127-725345543-1004..\RunOnce: [SpybotDeletingD9462] cmd /c del "C:\WINDOWS\system32\twain_32\user.ds" (Microsoft Corporation)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.125;85.255.112.109
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{8FC1A602-5E0D-40CC-BB28-4797F48E570D}\\NameServer = 85.255.116.125;85.255.112.109
    O33 - MountPoints2\F\Shell\Open\command - "" = resycled\boot.com f:
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

==================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.



How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 Nosinik

Nosinik
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 27 March 2009 - 08:28 PM

Sam,

I did the steps you laid out and the Malware removal program rebooted my machine in order to remove the 2 trojans it found. But upon reboot, my Internet Explorer does not have connection to the internet. I'm using my laptop to type this as there is still an internet connection (modem is running fine) but the Internet Explorer on my main computer won't connect.

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:53 PM

Posted 28 March 2009 - 10:39 AM

Lets check some settings on your system.
  • Enter your Control Panel and double-click on Network Connections
  • Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL
  • Left click on Properties
  • Double-Click on the Internet Protocol (TCP/IP) item
  • Select the radio dial that says Obtain DNS Servers Automatically
  • Press OK twice to get out of the properties screen and reboot if it asks
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)


Does that get you back online.
Is there another program (email, IM, or another browser) that you can check to see if the connection problem is isolated to IE or the whole system?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Nosinik

Nosinik
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 28 March 2009 - 07:45 PM

Sam,

Okay, I'm back online. I had to do the following:

Reset TCP/IP stack to installation defaults, type: netsh int ip reset reset.log
Reset WINSOCK entries to installation defaults, type: netsh winsock reset catalog

Anyway, first the OTList log:

========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA3352 deleted successfully.
C:\WINDOWS\System32\command.com moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA4613 deleted successfully.
File command /c del "C:\WINDOWS\system32\twain_32\user.ds" not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC5988 deleted successfully.
C:\WINDOWS\System32\cmd.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC9944 deleted successfully.
File cmd /c del "C:\WINDOWS\system32\twain_32\user.ds" not found.
Registry value HKEY_USERS\S-1-5-21-839522115-362288127-725345543-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB5960 deleted successfully.
File command /c del "C:\WINDOWS\system32\twain_32\local.ds" not found.
Registry value HKEY_USERS\S-1-5-21-839522115-362288127-725345543-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB9003 deleted successfully.
File command /c del "C:\WINDOWS\system32\twain_32\user.ds" not found.
Registry value HKEY_USERS\S-1-5-21-839522115-362288127-725345543-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD8221 deleted successfully.
File cmd /c del "C:\WINDOWS\system32\twain_32\local.ds" not found.
Registry value HKEY_USERS\S-1-5-21-839522115-362288127-725345543-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD9462 deleted successfully.
File cmd /c del "C:\WINDOWS\system32\twain_32\user.ds" not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8FC1A602-5E0D-40CC-BB28-4797F48E570D}\\NameServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
File not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Chad Banzhaf\Local Settings\Temp\~DF8316.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chad Banzhaf\Local Settings\Temp\~DF831B.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.7.2 log created on 03272009_193846

Files moved on Reboot...
File C:\Documents and Settings\Chad Banzhaf\Local Settings\Temp\~DF8316.tmp not found!
File C:\Documents and Settings\Chad Banzhaf\Local Settings\Temp\~DF831B.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...


And the Malwarebytes Anti-Malware log:

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.125;85.255.112.109 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.125;85.255.112.109 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8fc1a602-5e0d-40cc-bb28-4797f48e570d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.125;85.255.112.109 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8fc1a602-5e0d-40cc-bb28-4797f48e570d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.125;85.255.112.109 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.125;85.255.112.109 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.125;85.255.112.109 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8fc1a602-5e0d-40cc-bb28-4797f48e570d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.125;85.255.112.109 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8fc1a602-5e0d-40cc-bb28-4797f48e570d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.125;85.255.112.109 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.125;85.255.112.109 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.125;85.255.112.109 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{8fc1a602-5e0d-40cc-bb28-4797f48e570d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.125;85.255.112.109 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{8fc1a602-5e0d-40cc-bb28-4797f48e570d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.125;85.255.112.109 -> Quarantined and deleted successfully.

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\msqpdxmtvearxx.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\msqpdxmxstoitt.sys (Trojan.Agent) -> Quarantined and deleted successfully.

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:53 PM

Posted 29 March 2009 - 08:25 AM

Good!
Please post a new log from OTListIt2.

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Nosinik

Nosinik
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 29 March 2009 - 08:31 AM

It seems to be running without incident now. I just want to make sure there are no other malware lurking about.

OTList log:

OTListIt logfile created on: 3/29/2009 8:28:56 AM - Run 3
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Chad Banzhaf\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 188.21 Mb Available Physical Memory | 18.40% Memory free
2.40 Gb Paging File | 1.84 Gb Available in Paging File | 76.67% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 21.68 Gb Free Space | 14.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.28 Gb Total Space | 401.88 Gb Free Space | 43.15% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHAD-DESKTOP
Current User Name: Chad Banzhaf
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/07/27 22:21:16 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2007/07/27 22:21:16 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009/01/18 16:34:37 | 00,921,936 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2001/08/06 13:41:48 | 00,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe
PRC - [2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2003/05/21 01:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2006/10/04 12:49:02 | 00,892,928 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2007/04/05 21:35:40 | 01,543,614 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe
PRC - [2003/05/21 01:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/08/08 13:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2003/12/04 16:21:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2002/09/03 12:08:01 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2004/08/04 02:56:57 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/01/18 16:34:48 | 00,506,712 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2004/08/04 02:56:57 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2002/10/12 21:00:00 | 00,294,912 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2003/05/21 01:21:18 | 00,090,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
PRC - [2001/12/17 11:18:06 | 00,483,394 | ---- | M] (BroadJump, Inc.) -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
PRC - [2001/09/05 13:28:40 | 00,163,840 | ---- | M] (Netropa Corp.) -- C:\WINDOWS\MMKeybd.exe
PRC - [2001/11/07 13:44:19 | 00,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
PRC - [2001/09/17 12:48:42 | 00,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\OSD.exe
PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/03/26 18:45:12 | 00,389,120 | ---- | M] () -- C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
PRC - [2007/03/01 18:11:22 | 00,043,008 | ---- | M] () -- C:\Program Files\BitTorrent\bittorrent.exe
PRC - [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/09/16 13:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/01/11 11:23:38 | 00,050,184 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
PRC - [2008/10/28 16:40:48 | 10,742,608 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
PRC - [2008/12/19 00:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/27 18:45:06 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chad Banzhaf\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/07/27 22:21:16 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2007/07/27 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2003/05/21 01:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2006/10/04 12:49:02 | 00,892,928 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2006/10/20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/04 02:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/10/30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/04/05 21:35:40 | 01,543,614 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe [Auto | Running])
SRV - [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/01/18 16:34:37 | 00,921,936 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2006/10/30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2001/08/06 13:41:48 | 00,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv [Auto | Running])
SRV - [2003/05/21 01:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server [Auto | Running])
SRV - [2005/08/08 13:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2003/12/04 16:21:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/08/04 01:10:10 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\61883.sys -- (61883 [On_Demand | Running])
DRV - [2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2007/07/27 22:30:27 | 02,371,584 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2004/08/04 00:29:30 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinrvxx.sys -- (atinrvxx [On_Demand | Stopped])
DRV - [2004/08/04 00:29:31 | 00,073,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atintuxx.sys -- (ATITUNEP [Auto | Stopped])
DRV - [2004/08/04 00:29:29 | 00,052,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinraxx.sys -- (ativraxx [On_Demand | Stopped])
DRV - [2004/08/04 00:29:31 | 00,063,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinxsxx.sys -- (ATIXSAudio [Auto | Stopped])
DRV - [2004/08/04 01:10:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\avc.sys -- (Avc [On_Demand | Running])
DRV - [2007/03/14 10:30:32 | 00,165,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/07/28 09:18:40 | 00,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock [Auto | Running])
DRV - [2007/08/16 18:33:04 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt [Auto | Running])
DRV - [2007/03/30 10:40:00 | 00,072,320 | ---- | M] (HighPoint Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\hpt302.sys -- (hpt302 [Boot | Running])
DRV - [2009/01/18 16:30:13 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2004/08/04 01:09:58 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Running])
DRV - [2000/10/03 15:18:24 | 00,006,942 | ---- | M] (Netropa Corporation) -- C:\WINDOWS\System32\DRIVERS\msikbd2k.sys -- (Msikbd2k [On_Demand | Running])
DRV - [2004/08/04 00:29:28 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinmdxx.sys -- (MVDCODEC [Auto | Stopped])
DRV - [2003/05/02 21:08:18 | 00,224,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP [On_Demand | Running])
DRV - [2003/05/02 21:08:22 | 00,030,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS -- (NAVAPEL [Auto | Running])
DRV - [2009/03/27 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090327.005\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/03/27 03:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090327.005\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2002/10/15 15:59:24 | 00,017,153 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (OMCI [System | Running])
DRV - [2004/08/04 00:29:29 | 00,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinpdxx.sys -- (PCDCODEC [Auto | Stopped])
DRV - [2003/03/05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2002/09/03 11:53:10 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2002/12/19 17:48:48 | 00,539,008 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2007/08/23 17:49:48 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007/06/19 21:12:53 | 00,073,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2007/09/12 19:59:54 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys -- (usbsermptxp [On_Demand | Stopped])
DRV - [2006/11/02 16:51:58 | 00,013,560 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B} [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe (BroadJump, Inc.)
O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe (Netropa Corp.)
O4 - HKLM..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" (Diskeeper Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch ()
O4 - HKLM..\Run: [POINTER] point32.exe File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe (Symantec Corporation)
O4 - HKCU..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized ()
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1182476889375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/19 20:58:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/01 13:53:24 | 00,000,071 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/08/04 16:06:00 | 00,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/03/29 03:02:15 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/03/27 19:52:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chad Banzhaf\Application Data\Malwarebytes
[2009/03/27 19:52:11 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/27 19:52:11 | 00,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/27 19:52:09 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/27 19:52:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/27 19:52:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/27 19:51:17 | 02,906,216 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chad Banzhaf\Desktop\mbam-setup.exe
[2009/03/27 19:38:46 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/27 18:45:06 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chad Banzhaf\Desktop\OTListIt2.exe
[2009/03/27 17:39:52 | 00,001,743 | ---- | C] () -- C:\Documents and Settings\Chad Banzhaf\Desktop\HijackThis.lnk
[2009/03/27 17:39:52 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/27 17:17:54 | 16,283,032 | ---- | C] () -- C:\Documents and Settings\Chad Banzhaf\Desktop\jre-6u13-windows-i586-p.exe
[2009/03/26 20:07:34 | 94,243,124 | ---- | C] () -- C:\Documents and Settings\Chad Banzhaf\My Documents\Big_Breasts_blonde_girl_bleeped_on_the_bed.avi
[2009/03/25 17:50:09 | 05,361,359 | ---- | C] () -- C:\Documents and Settings\Chad Banzhaf\My Documents\Making Millions For Dummies.pdf
[2009/03/25 06:42:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chad Banzhaf\My Documents\Torrents
[2009/03/19 21:26:16 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/18 18:05:16 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/18 18:04:56 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/18 18:04:29 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/03/18 18:04:26 | 00,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/18 18:04:15 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/03/18 18:04:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/18 18:02:29 | 34,543,112 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Chad Banzhaf\Desktop\Ad-AwareAE.exe

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/03/29 07:51:17 | 00,126,464 | ---- | M] () -- C:\Documents and Settings\Chad Banzhaf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/29 07:09:18 | 00,000,269 | ---- | M] () -- C:\WINDOWS\MSIOSD.INI
[2009/03/29 07:08:08 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/29 03:10:16 | 08,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2009/03/29 03:10:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/29 03:09:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/29 03:09:37 | 00,310,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/29 03:03:00 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/27 19:52:11 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/27 19:51:22 | 02,906,216 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chad Banzhaf\Desktop\mbam-setup.exe
[2009/03/27 18:45:06 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chad Banzhaf\Desktop\OTListIt2.exe
[2009/03/27 18:42:32 | 00,080,896 | ---- | M] () -- C:\Documents and Settings\Chad Banzhaf\My Documents\Movie List.xls
[2009/03/27 17:39:52 | 00,001,743 | ---- | M] () -- C:\Documents and Settings\Chad Banzhaf\Desktop\HijackThis.lnk
[2009/03/27 17:18:53 | 00,000,154 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/03/27 17:17:54 | 16,283,032 | ---- | M] () -- C:\Documents and Settings\Chad Banzhaf\Desktop\jre-6u13-windows-i586-p.exe
[2009/03/26 20:08:11 | 94,243,124 | ---- | M] () -- C:\Documents and Settings\Chad Banzhaf\My Documents\Big_Breasts_blonde_girl_bleeped_on_the_bed.avi
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 18:05:05 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/25 10:32:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/21 12:36:17 | 05,361,359 | ---- | M] () -- C:\Documents and Settings\Chad Banzhaf\My Documents\Making Millions For Dummies.pdf
[2009/03/18 18:04:26 | 00,000,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/16 18:32:57 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/15 14:54:30 | 00,522,208 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/15 14:54:30 | 00,441,184 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/15 14:54:30 | 00,071,250 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/13 18:57:35 | 00,000,297 | ---- | M] () -- C:\Documents and Settings\Chad Banzhaf\Application Data\iPod Access v4 Prefs
< End of report >

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:53 PM

Posted 29 March 2009 - 09:20 AM

I'm getting some conflicting info on a file that shows up in your log, so let's just be certain it's ok.

Please visit the online Jotti Virus Scanner
  • Click on Browse button.
  • Navigate to the following file and upload it.


    C:\WINDOWS\System32\wmpns.dll


  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

If Jotti's too busy, try here:
Go here: http://www.virustotal.com/en/virustotalf.html
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 Nosinik

Nosinik
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 29 March 2009 - 09:30 AM

Service
Service load: 0% 100%

File: wmpns.dll
Status: OK
MD5: 275eb0f67c08cd051034be74961eafa2
Packers detected: -

Scanner results
Scan taken on 29 Mar 2009 14:26:11 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:53 PM

Posted 29 March 2009 - 01:26 PM

Looking good! :thumbup2:

Run OTListIt2 and click the CleanUp button.
Reboot when it asks you to.



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:) :step4:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users