Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recycler/USB infection


  • This topic is locked This topic is locked
15 replies to this topic

#1 lannie

lannie

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:02:02 AM

Posted 06 April 2009 - 12:44 PM

My husband inserted a flash disk into desktop computer and AVG flashed for a second that it was infected with "Recycler Virus" but gave no option to remove, quarantine, etc. I followed online instructions and moved all the files from the flash to a floppy and then reformatted the flash. I noticed it had a bunch of odd files on it: Recycler, text files, and autorun. The flash is fine and appears clean, but the computer is running slow. I scanned with AVG and Malawarbytes, but the computer still seems infected. I decided to disable my firewall and virus program and run DDS, but after I disabled them, I realized that AVG was still running when I looked in Task Manager. I tried to unistall AVG, but I keep getting an error message that it can't be unistalled. I ran the DDS program eventhough I can't disable AVG. Here are the results.



==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 107 GiB total, 58.015 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.692 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1105: 1/7/2009 12:19:08 AM - System Checkpoint
RP1106: 1/7/2009 4:38:46 PM - Installed Opera 9.63
RP1107: 1/7/2009 9:51:26 PM - Removed Opera 9.63
RP1108: 1/9/2009 12:19:07 AM - System Checkpoint
RP1109: 1/10/2009 12:35:17 AM - System Checkpoint
RP1110: 1/11/2009 10:08:28 AM - System Checkpoint
RP1111: 1/12/2009 6:04:31 PM - System Checkpoint
RP1112: 1/14/2009 1:59:18 AM - System Checkpoint
RP1113: 1/15/2009 3:33:16 AM - System Checkpoint
RP1114: 1/16/2009 11:47:43 AM - System Checkpoint
RP1115: 1/17/2009 8:01:45 PM - System Checkpoint
RP1116: 1/17/2009 11:36:29 PM - Installed Windows Installer KB893803v2.
RP1117: 1/17/2009 11:39:48 PM - Configured ACI Collection 32
RP1118: 1/18/2009 6:11:12 PM - Installed Windows Installer KB893803v2.
RP1119: 1/18/2009 6:13:27 PM - Configured ACI Collection 32
RP1120: 1/19/2009 8:46:30 PM - System Checkpoint
RP1121: 1/20/2009 6:32:21 PM - Configured ACI Collection 32
RP1122: 1/21/2009 8:08:38 PM - System Checkpoint
RP1123: 1/22/2009 3:18:16 PM - Installed Pando.
RP1124: 1/22/2009 7:33:58 PM - Removed Pando.
RP1125: 1/23/2009 8:56:27 PM - System Checkpoint
RP1126: 1/25/2009 3:30:12 AM - System Checkpoint
RP1127: 1/26/2009 11:30:13 AM - System Checkpoint
RP1128: 1/26/2009 3:03:41 PM - Installed Adobe Reader 9.
RP1129: 1/27/2009 9:30:22 PM - System Checkpoint
RP1130: 1/29/2009 5:07:05 AM - System Checkpoint
RP1131: 1/30/2009 9:42:51 AM - System Checkpoint
RP1132: 1/30/2009 4:25:01 PM - Removed Apple Mobile Device Support
RP1133: 1/31/2009 5:42:07 PM - Installed Opera 9.63
RP1134: 1/31/2009 6:34:44 PM - Revo Uninstaller's restore point - Kodak EasyShare software
RP1135: 1/31/2009 6:37:48 PM - Revo Uninstaller's restore point - Kodak EasyShare printer dock
RP1136: 1/31/2009 6:40:20 PM - Revo Uninstaller's restore point - Pivot Stickfigure Animator
RP1137: 1/31/2009 6:41:41 PM - Revo Uninstaller's restore point - The Yellows of Autum Screen Saver
RP1138: 1/31/2009 6:44:19 PM - Revo Uninstaller's restore point - Adobe Reader 6.0
RP1139: 1/31/2009 6:45:13 PM - Revo Uninstaller's restore point - Adobe Reader 6.0
RP1140: 1/31/2009 6:45:38 PM - Revo Uninstaller's restore point - Adobe Reader 6.0
RP1141: 1/31/2009 6:47:24 PM - Revo Uninstaller's restore point - Adobe Atmosphere Player for Acrobat and Adobe Reader
RP1142: 1/31/2009 6:48:07 PM - Revo Uninstaller's restore point - Adobe AIR
RP1143: 2/1/2009 1:02:32 PM - Avg8 Update
RP1144: 2/1/2009 1:06:12 PM - Avg8 Update
RP1145: 2/2/2009 3:34:06 PM - System Checkpoint
RP1146: 2/3/2009 9:31:05 PM - System Checkpoint
RP1147: 2/5/2009 2:39:34 PM - System Checkpoint
RP1148: 2/6/2009 9:52:42 PM - System Checkpoint
RP1149: 2/8/2009 4:50:46 AM - System Checkpoint
RP1150: 2/9/2009 10:26:21 AM - System Checkpoint
RP1151: 2/10/2009 8:06:43 AM - Avg8 Update
RP1152: 2/11/2009 2:37:27 PM - System Checkpoint
RP1153: 2/12/2009 4:59:15 PM - System Checkpoint
RP1154: 2/13/2009 8:09:31 AM - Avg8 Update
RP1155: 2/14/2009 9:19:16 AM - System Checkpoint
RP1156: 2/15/2009 11:55:57 AM - System Checkpoint
RP1157: 2/16/2009 4:45:12 PM - System Checkpoint
RP1158: 2/17/2009 5:14:55 PM - System Checkpoint
RP1159: 2/19/2009 1:14:52 AM - System Checkpoint
RP1160: 2/20/2009 4:06:14 AM - System Checkpoint
RP1161: 2/21/2009 12:37:09 PM - System Checkpoint
RP1162: 2/21/2009 3:37:11 PM - Installed Rosetta Stone 2.2.0.0A
RP1163: 2/22/2009 8:05:18 PM - System Checkpoint
RP1164: 2/23/2009 10:26:49 PM - System Checkpoint
RP1165: 2/25/2009 12:32:08 AM - System Checkpoint
RP1166: 2/26/2009 5:42:11 AM - System Checkpoint
RP1167: 2/27/2009 1:45:40 PM - System Checkpoint
RP1168: 2/28/2009 2:10:54 PM - System Checkpoint
RP1169: 3/2/2009 12:43:29 AM - System Checkpoint
RP1170: 3/3/2009 5:42:56 AM - System Checkpoint
RP1171: 3/4/2009 9:20:04 AM - Avg8 Update
RP1172: 3/5/2009 3:00:57 PM - System Checkpoint
RP1173: 3/7/2009 12:24:06 AM - System Checkpoint
RP1174: 3/8/2009 12:42:35 AM - System Checkpoint
RP1175: 3/9/2009 1:57:34 AM - System Checkpoint
RP1176: 3/10/2009 10:37:13 AM - System Checkpoint
RP1177: 3/10/2009 11:28:26 PM - Removed Acrobat.com
RP1178: 3/12/2009 1:42:35 AM - System Checkpoint
RP1179: 3/13/2009 9:43:23 AM - System Checkpoint
RP1180: 3/14/2009 9:34:57 PM - System Checkpoint
RP1181: 3/15/2009 11:47:55 PM - System Checkpoint
RP1182: 3/17/2009 4:51:01 AM - System Checkpoint
RP1183: 3/18/2009 7:06:28 AM - System Checkpoint
RP1184: 3/18/2009 12:36:40 PM - Avg8 Update
RP1185: 3/19/2009 12:38:25 PM - System Checkpoint
RP1186: 3/20/2009 8:51:53 PM - System Checkpoint
RP1187: 3/22/2009 11:45:40 AM - System Checkpoint
RP1188: 3/23/2009 6:02:15 PM - System Checkpoint
RP1189: 3/24/2009 6:09:46 PM - System Checkpoint
RP1190: 3/25/2009 7:21:44 PM - System Checkpoint
RP1191: 3/26/2009 1:10:29 PM - Avg8 Update
RP1192: 3/27/2009 1:45:35 PM - System Checkpoint
RP1193: 3/28/2009 2:31:58 PM - System Checkpoint
RP1194: 3/30/2009 12:03:24 AM - System Checkpoint
RP1195: 3/31/2009 5:12:07 AM - System Checkpoint
RP1196: 4/1/2009 1:19:48 PM - System Checkpoint
RP1197: 4/2/2009 4:27:41 PM - Microsoft Backup Utility Recovery
RP1198: 4/2/2009 5:04:09 PM - Restore Operation
RP1199: 4/2/2009 5:14:40 PM - Avg8 Update
RP1200: 4/3/2009 11:09:00 PM - System Checkpoint
RP1201: 4/5/2009 6:57:09 AM - System Checkpoint
RP1202: 4/5/2009 11:15:42 PM - Removed AVG 8.0
RP1203: 4/5/2009 11:17:04 PM - Removed AVG 8.0

==== Installed Programs ======================


360Share(remove only)
AccuChef
ACI Collection 32
ACI Desktop Additional Components
Acrobat.com
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 5.0
Adobe Acrobat 6.0.1 Standard
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe AIR
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player ActiveX
Adobe Reader 9
Adobe Shockwave Player
AIM 6
AOL Toolbar 2.0
Apple Mobile Device Support
Apple Software Update
AQUAZONE DESKTOP GARDEN
ArcSoft Picture Software
ArcSoft Software Suite
aspi
ATI Display Driver
AusLogics Disk Defrag
AVG Free 8.0
AWC v85 SP
AWC v861 Service Pack
BadCopy Pro
BitTorrent 3.4.2
Bonjour
CCHelp
CCleaner (remove only)
CCScore
CleanUp!
COMODO Firewall Pro
CR2
DivX
DVD Decrypter (Remove Only)
DVD Shrink 3.2
E-Prime 1.1 (1.1.4.1)
Emoticons Mail 3.2
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSvpaht
ESSvpot
ExtractNow
Find Junk Files
Free PDF to Word Doc Converter v1.1
Glary Utilities 2.7.268
HijackThis 2.0.2
HLPCCTR
HLPIndex
HLPPDOCK
Hotfix for Windows XP (KB915865)
HotSPOT-Client-SP6
HP Instant Support
hp LaserJet 1150 / 1300
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
hp psc 2170 series
HpSdpAppCoreApp
ImgBurn (Remove Only)
IMsecure
Intel® Extreme Graphics Driver
InterVideo WinDVD Player
iPod for Windows 2006-03-23
iTunes
Java™ 6 Update 10
Karen's Replicator
KBD
KSU
LaCie Backup Software v1.5.2215
Lernout & Hauspie TruVoice American English TTS Engine
LJ Comment Stats Wizard 1.2
Mail PassView
Malwarebytes' Anti-Malware
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Premium
Microsoft Office Converter Pack
Microsoft Office Sounds
Microsoft PhotoDraw 2000
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
MobileMe Control Panel
MP3 Cutter Joiner 1.17
MPIO Manager 2
MPIO Plugins Pack
MRU-Blaster v1.5 (Database 3/28/2004)
MSN Music Assistant
Musicmatch® Jukebox
Network Play System (Patching)
Notifier
NVIDIA Windows 2000/XP Display Drivers
Opera 9.63
Outlook Express Key Demo
PC-Doctor for Windows
PCDLNCH
PhotoFinish® 4
Picasa 3
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
REA's TESTware
RecordNow
RipIt4Me
Rosetta Stone 2.2.0.0A
S3Display
S3Gamma2
S3Info2
S3Overlay
SFR
SFR2
Shockwave
ShowBiz DVD
Simple Backup for My Pictures
Simple Installer - Multilanguage Version
Sonic Update Manager
Sony Picture Utility
Sony USB Driver
SPSS 11.0 for Windows Student Version
SPSS 11.0.1 for Windows
StickyNote 9
Street Atlas USA 2004
SUPERAntiSpyware Free Edition
toolkit
Updates from HP
VCAMCEN
Viewpoint Manager (Remove Only)
Weather Watcher
WebFldrs XP
Windows Backup Utility
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
WordPerfect Productivity Pack

==== Event Viewer Messages From Past Week ========

4/2/2009 6:44:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/2/2009 6:35:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgArCln AvgLdx86 AvgMfx86 cmdGuard cmdHlp Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL
4/2/2009 6:35:38 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2009 6:35:38 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2009 6:35:38 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2009 6:35:38 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2009 6:35:38 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2009 6:35:38 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2009 6:35:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/2/2009 6:35:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/2/2009 5:11:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgArCln
4/2/2009 5:11:25 PM, error: Service Control Manager [7024] - The Java Quick Starter service terminated with service-specific error 1 (0x1).
4/2/2009 4:52:48 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/2/2009 4:52:38 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 3 time(s).
4/2/2009 3:47:35 PM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library Simple Bonzai Xpress USB Device.
4/2/2009 7:29:40 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/2/2009 9:27:02 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/2/2009 9:41:53 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/3/2009 1:06:17 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 000C76014FEA has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/5/2009 11:07:08 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
4/5/2009 11:10:17 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/2/2009 5:03:09 PM, information: Windows File Protection [64005] - The protected system file ctfmon.exe was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is Owner. The file version of the bad file is unknown.

==== End Of File ===========================

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:02 AM

Posted 06 April 2009 - 07:18 PM

Hi lannie,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will also let you know that I am a trainee so each stage of the fix will need to be checked by an expert coach before I post so there may be a slight delay. Don't worry I won't abandon you.
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 2 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:02 AM

Posted 07 April 2009 - 06:09 AM

Hi lannie,

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 lannie

lannie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:02:02 AM

Posted 07 April 2009 - 12:23 PM

I was able to download DDS.scr and DDS.pif, but the link to DDS.com took me to a missing page. I didn't run anything yet because I didn't know if I needed all three. I also wanted to let you know that I no longer have AVG. I could not disable it to run any scans, so I decided to remove it and found out I couldn't do that either. I read AVG support files at their site and found a tool to remove AVG. I did that and it will not let me reinstall - I get an error message about NT/Windows....etc. (I will post the exact massage later). I installed Avast in the meantime until I can get help reinstalling AVG (I have always liked AVG free). Let me know what to do about DDS.com. Thanks for your help

#5 lannie

lannie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:02:02 AM

Posted 07 April 2009 - 12:37 PM

just ingnore that last really stupid reply about DDS.com - I totally misread your first set of instructions. I am NOW doing what you said. And will reply again when I am done!

#6 lannie

lannie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:02:02 AM

Posted 07 April 2009 - 12:43 PM

Here are the results - and I really appreciate your help

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 13:41:49.62 on Tue 04/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.257 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090407-0] *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\Emoticons Mail\Emoticons Mail\emomail.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Owner\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;<local>;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [WeatherWatcher] c:\program files\weather watcher\ww.exe
uRun: [Emoticons Mail] c:\program files\emoticons mail\emoticons mail\emomail.exe
mRun: [HPLJ Config] c:\program files\hewlett-packard\hp laserjet 1150_1300\SetConfig.exe -c Direct -p DOT4_002 -pn "hp LaserJet 1150 PCL 5e" -n 0 -l 1033 -sl 120000
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [StatusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -s
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\imsecure.lnk - c:\program files\imsecure\IMsecure.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-system: DisableRegedit = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: imslsp.dll
Trusted Zone: quantrixvaluation.com\vvs
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-6 114768]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2007-11-23 79096]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2007-11-23 23672]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-6 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-6 138680]
R2 cmdAgent;COMODO Firewall Pro Helper Service;c:\program files\comodo\firewall\cmdagent.exe [2007-11-23 544512]
S1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\avgclean.sys --> c:\windows\system32\drivers\avgclean.sys [?]
S1 DW;DW; [x]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-6 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-6 352920]
S3 dwusbdnt;dwusbdnt;c:\windows\system32\drivers\dwusbdnt.sys [2003-12-30 10368]
S3 PCDRDRV;Pcdr Helper Driver; [x]
S3 PortDRv;PST Port I/O Driver;c:\windows\system32\drivers\PortDRv.sys [2005-1-20 7168]
S3 RapFile;RapFile;c:\windows\system32\drivers\RapFile.sys [2003-10-12 36644]
S3 RapNet;RapNet;c:\windows\system32\drivers\RapNet.sys [2003-10-12 24344]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S3 SRBoxDRv;PST Serial Response Box Driver;c:\windows\system32\drivers\SRBoxDRv.sys [2002-10-25 14848]

=============== Created Last 30 ================

2009-04-05 23:09 <DIR> --d----- C:\ComboFix
2009-04-05 23:09 388,608 a------- c:\windows\system32\CF15103.exe
2009-04-05 23:07 73,728 a------- C:\pv.exe
2009-04-05 23:07 388,608 a------- c:\windows\system32\cmd.execf
2009-04-05 23:02 12,848 a------- C:\stream.bin
2009-04-04 17:31 <DIR> --d----- c:\documents and settings\owner\DoctorWeb
2009-04-03 20:02 <DIR> --d----- c:\docume~1\owner\applic~1\True Sword
2009-04-03 20:00 <DIR> --d----- c:\program files\True Sword 5
2009-04-03 16:30 117,248 a------- c:\windows\system32\ribbons.scr
2009-04-03 16:30 117,248 a------- c:\windows\system32\Mystify.scr
2009-04-03 16:30 773,120 a------- c:\windows\system32\bubbles.scr
2009-04-03 16:30 1,263,616 a------- c:\windows\system32\aurora.scr
2009-04-03 16:18 <DIR> --d----- c:\program files\ExtractNow
2009-04-03 08:34 <DIR> --dsh--- c:\documents and settings\owner\UserData
2009-04-03 02:10 <DIR> --d----- c:\program files\Unlocker
2009-04-01 20:32 <DIR> --d----- c:\windows\system32\Ribbons
2009-04-01 20:32 <DIR> --d----- c:\windows\system32\Bubbles
2009-04-01 20:32 <DIR> --d----- c:\windows\system32\Aurora
2009-03-25 15:30 <DIR> --d----- c:\program files\Free PDF to Word Doc Converter
2009-03-18 21:54 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-03-18 17:25 <DIR> --d----- c:\program files\common files\eSellerate
2009-03-18 17:24 <DIR> --d----- c:\program files\SmashMash
2009-03-18 15:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ElectricSheep
2009-03-17 16:42 233,472 a------- c:\windows\system32\wrap_oal.dll
2009-03-17 16:42 81,920 a------- c:\windows\system32\OpenAL32.dll
2009-03-10 22:17 <DIR> --d----- c:\program files\NCH Software

==================== Find3M ====================

2009-04-03 15:17 54,038 a------- C:\MGlogs.zip
2009-03-29 19:50 5,626 a---h--- C:\hpothb07.dat
2009-03-26 16:49 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 16:49 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-05 15:40 28,672 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphnabs3en\plugin\bin\InetWrap.dll
2009-03-05 15:38 422,802 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphnabs3en\plugin\bin\pchplugin.zip
2009-03-05 15:38 118,784 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphnabs3en\plugin\bin\SearchCtrl.dll
2009-03-05 15:34 126,976 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphnabs3en\plugin\bin\ContentUpdater.exe
2009-03-05 15:34 106,496 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphnabs3en\plugin\bin\PluginCtrl.dll
2009-03-05 15:34 1,306,152 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphnabs3en\plugin\bin\motdeusr.zip
2009-03-05 15:34 77,824 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphnabs3en\plugin\bin\WinVerifyTrust.dll
2009-03-05 15:34 49,152 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphnabs3en\plugin\bin\PCHI18N.dll
2009-03-05 15:34 159,744 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphnabs3en\plugin\bin\PCHButton.exe
2009-03-04 17:06 5,058 a------- c:\windows\help\hhcolreg.dat
2009-02-21 16:52 163,644 a------- c:\windows\system32\drivers\secdrv.sys
2009-01-18 18:52 3,472 a------- c:\windows\AXWDDA1.DAT
2008-12-16 16:42 1,016 a---h--- c:\documents and settings\owner\hpothb07.dat
2008-12-16 16:24 265 a---h--- c:\program files\hpothb07.tif
2008-12-16 16:24 157 a---h--- c:\program files\hpothb07.dat
2008-08-02 02:06 533 a---h--- c:\docume~1\owner\applic~1\hpothb07.dat
2008-08-02 02:06 164 a---h--- c:\documents and settings\all users\hpothb07.dat
2003-11-12 18:48 171,022,411 a------- c:\program files\Acrobat_Std_US_Upg.exe
2005-08-17 19:45 0 a--sh--- c:\windows\sminst\HPCD.sys
2006-11-16 03:10 5 a--sh--- c:\windows\system32\fabef4_s.dll

============= FINISH: 13:42:44.70 ===============

Attached Files



#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:02 AM

Posted 08 April 2009 - 02:48 AM

Hi lannie,

Thanks for the logs.

There is nothing showing up on there but I need to make sure.

Download gmer.zip and save to your desktop.
alternate download site 1
alternate download site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    *System Protection and Tracing
    *Processes
    *Save created processes to the log
    *Drivers
    *Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

Next, we'll take a deeper look at the computer.

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
That's the Gmer log and the two OTViewIt logs to be copy/pasted into your next reply.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 lannie

lannie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:02:02 AM

Posted 08 April 2009 - 02:11 PM

:thumbup2:
Hi m0le,
Well I am not having much luck. I followed your instructions and downloaded the gmer.exe, but when I unzipped and opened - it did not have a "settings" tab. Also it is a little distorted and the "show all" box is covered up by the drive box. Weird. I removed it. Tried again. And have the exact same problem. I thought maybe I was just reading your instructions incorrectly and so I went to the Gmer website and looked at the screen picture of the program. It definitely has a settings tab...but my does NOT. I decided to skip this step til I hear back from you. I just downloaded RunOT and will try to at least complete that step. Additional info: last nite I tried to open something on my computer and got this error message: ctfmon is missing.

Here are the ot scans:
OTViewIt logfile created on: 4/8/2009 3:15:13 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 238.08 Mb Available Physical Memory | 46.55% Memory free
1.22 Gb Paging File | 0.87 Gb Available in Paging File | 70.84% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.34 Gb Total Space | 57.99 Gb Free Space | 54.02% Space Free | Partition Type: NTFS
Drive D: | 4.43 Gb Total Space | 0.69 Gb Free Space | 15.61% Space Free | Partition Type: FAT32
Drive E: | 613.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 949.69 Mb Total Space | 867.34 Mb Free Space | 91.33% Space Free | Partition Type: FAT

Computer Name: HAL
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/11/23 01:14:54 | 00,544,512 | ---- | M] (COMODO) -- C:\Program Files\Comodo\Firewall\cmdagent.exe
[2005/03/15 05:46:45 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\type32.exe
[2002/12/16 17:51:24 | 00,036,864 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
[2002/10/16 18:57:10 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE
[2003/02/04 08:22:30 | 00,181,312 | ---- | M] () -- C:\WINDOWS\system32\ScsiAccess.EXE
[2005/03/23 19:26:09 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
[2009/02/05 16:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2005/10/19 14:14:08 | 00,876,602 | ---- | M] (MaxPlugs) -- C:\Program Files\Emoticons Mail\Emoticons Mail\emomail.exe
[2003/10/24 00:37:56 | 00,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[2003/04/09 18:11:12 | 00,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[1999/02/01 19:53:24 | 00,405,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE
[2002/06/07 17:29:59 | 00,061,490 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
[2009/04/08 13:36:39 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2003/02/20 19:19:38 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2004/08/25 14:26:56 | 00,389,120 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Disabled | Stopped])
[2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
[2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/11/23 01:14:54 | 00,544,512 | ---- | M] (COMODO) -- C:\Program Files\Comodo\Firewall\cmdagent.exe -- (cmdAgent [Auto | Running])
[2007/01/03 21:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/08/10 14:21:02 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
[2003/12/05 09:58:36 | 00,314,424 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS [On_Demand | Stopped])
[2003/03/03 14:44:00 | 00,065,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
[2003/02/04 08:22:30 | 00,181,312 | ---- | M] () -- C:\WINDOWS\system32\ScsiAccess.EXE -- (ScsiAccess [Auto | Running])

========== Driver Services ==========

[2009/02/05 16:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2005/01/16 14:40:47 | 00,018,944 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb [On_Demand | Stopped])
[2004/02/17 06:49:14 | 00,391,424 | ---- | M] (Sensaura Ltd) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Running])
[2004/02/17 06:49:14 | 00,538,236 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2004/08/04 08:00:00 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [System | Stopped])
[2009/02/05 16:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2009/02/05 16:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2009/02/05 16:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2009/02/05 16:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2009/02/05 16:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2004/08/25 14:28:46 | 00,787,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/07/07 15:01:36 | 00,030,189 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem [On_Demand | Stopped])
[2007/11/23 01:14:54 | 00,079,096 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard [System | Running])
[2007/11/23 01:14:54 | 00,023,672 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp [System | Running])
[2003/12/05 09:40:20 | 00,036,918 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam [System | Running])
[2003/09/30 18:00:08 | 00,061,564 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint [On_Demand | Stopped])
[2003/11/16 19:50:06 | 00,038,737 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K [Auto | Running])
[2003/09/30 17:59:14 | 00,008,022 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps [On_Demand | Stopped])
[2003/12/05 09:48:34 | 00,068,182 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP [On_Demand | Stopped])
[2001/08/17 14:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2002/10/21 13:21:00 | 00,082,784 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2002/05/24 12:52:58 | 00,010,368 | ---- | M] (Digit@lway Co., Ltd.) -- C:\WINDOWS\system32\drivers\dwusbdnt.sys -- (dwusbdnt [On_Demand | Stopped])
[2001/08/17 16:46:40 | 00,006,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394 [On_Demand | Stopped])
[2003/12/05 10:00:14 | 00,148,529 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit [System | Stopped])
[2003/02/22 22:55:26 | 00,141,824 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k [Boot | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/01/16 14:40:46 | 00,457,216 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock [Auto | Running])
[2005/01/16 14:40:43 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt [Auto | Running])
[2003/03/09 21:31:00 | 00,051,024 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412 [On_Demand | Running])
[2003/03/09 21:31:02 | 00,016,080 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
[2003/03/09 21:31:02 | 00,021,456 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])
[2003/03/14 04:13:04 | 00,090,395 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])
[2007/11/23 01:14:54 | 00,074,616 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect [Boot | Running])
[2001/08/17 14:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir [On_Demand | Running])
[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2003/03/31 14:29:00 | 00,625,537 | ---- | M] (LT) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
[2003/03/03 14:44:00 | 01,248,794 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2002/09/06 21:24:00 | 00,013,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp [Boot | Running])
[2002/10/01 09:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2005/03/15 05:45:20 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand | Running])
[2002/10/25 14:49:48 | 00,007,168 | ---- | M] (Psychology Software Tools) -- C:\WINDOWS\system32\drivers\PortDRv.sys -- (PortDRv [On_Demand | Stopped])
[2001/06/04 16:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])
[2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/07/31 18:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2003/02/25 20:26:28 | 00,036,644 | ---- | M] (Internet Security Systems, Inc.) -- C:\WINDOWS\system32\drivers\RapFile.sys -- (RapFile [On_Demand | Stopped])
[2003/02/25 20:26:44 | 00,024,344 | ---- | M] (Internet Security Systems, Inc.) -- C:\WINDOWS\system32\drivers\RapNet.sys -- (RapNet [On_Demand | Stopped])
[2004/08/03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])
[2003/03/14 05:11:50 | 00,166,528 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr [On_Demand | Stopped])
[2008/05/28 10:33:36 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2008/05/28 10:33:38 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2008/05/28 10:33:36 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2004/08/03 23:59:58 | 00,043,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port [Boot | Running])
[2009/02/21 16:52:06 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2003/02/26 22:19:50 | 00,260,736 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315 [On_Demand | Stopped])
[2002/12/25 01:09:48 | 00,030,848 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP [Boot | Running])
[2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2002/10/25 14:22:46 | 00,014,848 | ---- | M] (Psychology Software Tools) -- C:\WINDOWS\system32\drivers\SRBoxDRv.sys -- (SRBoxDRv [On_Demand | Stopped])
[2001/08/17 14:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam [On_Demand | Stopped])
[2008/08/16 18:23:15 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2004/08/04 00:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2003/03/14 04:14:28 | 00,112,288 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
[2003/03/14 04:14:16 | 00,078,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1;localhost;<local>;*.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://home.microsoft.com/search/lobby/search.asp
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://home.microsoft.com/search/lobby/search.asp
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1365302899-2498405167-1943582534-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-1365302899-2498405167-1943582534-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1365302899-2498405167-1943582534-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1365302899-2498405167-1943582534-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1;localhost;<local>;*.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" (HKLM) -- C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" (HKLM) -- C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)

[HKEY_USERS\S-1-5-21-1365302899-2498405167-1943582534-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1365302899-2498405167-1943582534-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

[HKEY_USERS\S-1-5-21-1365302899-2498405167-1943582534-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" (HKLM) -- C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)

[HKEY_USERS\S-1-5-21-1365302899-2498405167-1943582534-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1365302899-2498405167-1943582534-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1365302899-2498405167-1943582534-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

[HKEY_USERS\S-1-5-21-1365302899-2498405167-1943582534-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1365302899-2498405167-1943582534-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" (HKLM) -- C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" -s (COMODO)
"HPLJ Config"=c:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c Direct -p DOT4_002 -pn "hp LaserJet 1150 PCL 5e" -n 0 -l 1033 -sl 120000 (Hewlett-Packard Inc.)
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation)
"PS2"=C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto (Hewlett-Packard)
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
"Emoticons Mail"=C:\Program Files\Emoticons Mail\Emoticons Mail\emomail.exe (MaxPlugs)
"WeatherWatcher"=C:\Program Files\Weather Watcher\ww.exe (Singer's Creations)

[HKEY_USERS\S-1-5-21-1365302899-2498405167-1943582534-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
"Emoticons Mail"=C:\Program Files\Emoticons Mail\Emoticons Mail\emomail.exe (MaxPlugs)
"WeatherWatcher"=C:\Program Files\Weather Watcher\ww.exe (Singer's Creations)

========== (O4) Startup Folders ==========

[2003/10/24 00:37:56 | 00,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[2003/04/09 18:11:12 | 00,028,672 | ---- | M] (Hewlett-Packard) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[2004/09/30 11:21:06 | 00,746,760 | ---- | M] (Zone Labs, Inc.) -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMsecure.lnk = C:\Program Files\IMsecure\IMsecure.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions]
"NoUpdateCheck"=1

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"Colors"=0

[HKEY_USERS\S-1-5-21-1365302899-2498405167-1943582534-1003\Software\policies\microsoft\internet explorer\Control Panel]
"Colors"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"LinkResolveIgnoreLinkInfo"=0
"NoResolveSearch"=1
"ClearRecentDocsOnExit"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
"NoDrives"=0
"NoCDBurning"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=36
"NoViewOnDrive"=0
"NoLogoff"=0
"ClearRecentDocsOnExit"= [binary data]
"LinkResolveIgnoreLinkInfo"=0
"NoDrives"=0
"NoDriveAutoRun"=FF FF FF FF [binary data]
"NoFolderOptions"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegedit"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoLowDiskSpaceChecks"=1
"ClearRecentDocsOnExit"=01 [binary data]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoLowDiskSpaceChecks"=1
"ClearRecentDocsOnExit"=01 [binary data]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1365302899-2498405167-1943582534-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=36
"NoViewOnDrive"=0
"NoLogoff"=0
"ClearRecentDocsOnExit"= [binary data]
"LinkResolveIgnoreLinkInfo"=0
"NoDrives"=0
"NoDriveAutoRun"=FF FF FF FF [binary data]
"NoFolderOptions"=0

[HKEY_USERS\S-1-5-21-1365302899-2498405167-1943582534-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegedit"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar Search: c:\Program Files\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html [2005/06/09 16:01:38 | 00,000,747 | ---- | M] ()
Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr [2009/01/05 18:33:03 | 03,751,995 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr [2009/01/05 18:33:03 | 03,751,995 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr [2009/01/05 18:33:03 | 03,751,995 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-1365302899-2498405167-1943582534-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar Search: c:\Program Files\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html [2005/06/09 16:01:38 | 00,000,747 | ---- | M] ()
Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr [2009/01/05 18:33:03 | 03,751,995 | ---- | M] (Google Inc.)

========== (O9) IE Extensions ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-21-1365302899-2498405167-1943582534-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.spop: -- C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [2001/01/30 23:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
43 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
quantrixvaluation.com\vvs: https in My Computer
55 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
43 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
43 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
80 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
80 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1365302899-2498405167-1943582534-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
quantrixvaluation.com\vvs: https in My Computer
55 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BCC737-B171-4746-94C9-0D8A0B2C0089}: http://office.microsoft.com/templates/ieawsdc.cab -- Microsoft Office Template and Media Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
DirectAnimation Java Classes: -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{0564CAD8-9A5C-4E58-B140-2FE2F6F558FA} (Servers: | Description: 1394 Net Adapter)
{C7073F71-4928-425D-ACA9-94F3139C3A83} (Servers: | Description: )
{CD001D98-41AB-403F-88FD-1D6C93F6E6B7} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{EF50F18A-7DF3-4C73-AA2C-38D3192B9B3C} (Servers: | Description: )

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll ()
avgrsstarter: "DllName" = avgrsstx.dll -- File not found
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
WRNotifier: "DllName" = WRLogonNTF.dll -- File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2003/04/10 01:19:17 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

autorun.inf []
[2009/04/02 15:22:26 | 00,000,000 | ---D | M] -- D:\autorun.inf -- [ FAT32 ]


========== Files/Folders - Created Within 30 Days ==========

[2009/04/08 13:36:39 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2009/04/07 23:16:42 | 00,020,066 | ---- | C] () -- C:\stream.bin
[2009/04/07 17:42:09 | 00,135,168 | ---- | C] (Pro-Softnet Corporation) -- C:\WINDOWS\System32\LogMail.dll
[2009/04/07 17:42:08 | 00,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/04/07 17:42:08 | 00,000,730 | ---- | C] () -- C:\WINDOWS\System32\rootcert.pem
[2009/04/07 17:42:07 | 00,086,016 | ---- | C] (Streamnet India) -- C:\WINDOWS\System32\IBwinUtil.ocx
[2009/04/07 17:42:07 | 00,024,576 | ---- | C] (Streamnet India) -- C:\WINDOWS\System32\IBcalendarser.ocx
[2009/04/07 17:42:06 | 00,143,360 | ---- | C] (Herman & Associates) -- C:\WINDOWS\System32\HLButton.ocx
[2009/04/07 17:42:06 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\IBColIml.ocx
[2009/04/07 17:42:06 | 00,028,672 | ---- | C] (Checks Unlimited) -- C:\WINDOWS\System32\Disable_X.ocx
[2009/04/07 17:42:05 | 00,000,000 | ---D | C] -- C:\Program Files\IDrive
[2009/04/06 20:06:05 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/04/06 20:06:05 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/04/06 20:06:04 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/04/06 20:06:02 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/04/06 20:06:02 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/04/06 20:06:02 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/04/06 20:06:02 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/04/06 20:06:02 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/04/06 20:05:45 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/04/06 20:05:45 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/04/05 23:09:50 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/04/05 23:09:49 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF15103.exe
[2009/04/05 23:07:54 | 00,073,728 | ---- | C] () -- C:\pv.exe
[2009/04/05 23:07:51 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/04/05 23:07:33 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/04/05 23:04:05 | 00,555,520 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Graynamore.doc
[2009/04/05 16:44:32 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MEDIA MOUSE.doc
[2009/04/03 20:02:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\True Sword
[2009/04/03 20:00:28 | 00,000,000 | ---D | C] -- C:\Program Files\True Sword 5
[2009/04/03 16:30:39 | 00,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ribbons.scr
[2009/04/03 16:30:29 | 00,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mystify.scr
[2009/04/03 16:30:17 | 00,773,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bubbles.scr
[2009/04/03 16:30:06 | 01,263,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aurora.scr
[2009/04/03 16:18:26 | 00,000,000 | ---D | C] -- C:\Program Files\ExtractNow
[2009/04/03 15:27:20 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/03 02:10:16 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2009/04/03 02:02:07 | 00,000,679 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMsecure.lnk
[2009/04/01 21:46:23 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\finance project.xls
[2009/04/01 20:32:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Ribbons
[2009/04/01 20:32:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Bubbles
[2009/04/01 20:32:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Aurora
[2009/03/26 17:32:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\st John
[2009/03/25 15:30:27 | 00,000,000 | ---D | C] -- C:\Program Files\Free PDF to Word Doc Converter
[2009/03/21 23:33:15 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Judy Johnson.doc
[2009/03/18 21:54:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IOSUBSYS
[2009/03/18 18:25:03 | 00,115,382 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bushism_fool_me_once.mp3
[2009/03/18 17:25:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\eSellerate
[2009/03/18 17:24:59 | 00,000,000 | ---D | C] -- C:\Program Files\SmashMash
[2009/03/18 15:19:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ElectricSheep
[2009/03/17 16:42:22 | 00,233,472 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/03/10 22:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/03/10 22:17:53 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2009/03/10 22:17:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound

========== Files - Modified Within 30 Days ==========

[2009/04/08 13:36:39 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2009/04/08 12:00:00 | 00,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Auto-scheduled task of Free Registry Fix.job
[2009/04/07 23:16:42 | 00,020,066 | ---- | M] () -- C:\stream.bin
[2009/04/07 23:11:27 | 00,000,041 | ---- | M] () -- C:\WINDOWS\loc2.INI
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\loc2.INI:KAVICHS
[2009/04/07 23:11:16 | 00,000,041 | ---- | M] () -- C:\WINDOWS\FindServ.INI
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FindServ.INI:KAVICHS
[2009/04/07 17:31:23 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS
[2009/04/07 07:00:46 | 00,000,679 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMsecure.lnk
[2009/04/07 06:59:49 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009/04/07 06:59:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/07 06:59:03 | 00,012,676 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS
[2009/04/07 06:58:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS
[2009/04/07 01:16:20 | 13,383,498 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/04/06 23:06:51 | 00,136,088 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/06 20:06:02 | 00,002,670 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/06 19:47:40 | 00,433,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
[2009/04/06 18:11:26 | 00,529,290 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/06 18:11:26 | 00,440,506 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/06 18:11:26 | 00,080,186 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/06 15:30:26 | 00,001,478 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/06 15:30:26 | 00,000,071 | ---- | M] () -- C:\WINDOWS\System32\PDFWRITR.INI
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PDFWRITR.INI:KAVICHS
[2009/04/06 15:30:26 | 00,000,071 | ---- | M] () -- C:\WINDOWS\System32\__PDF.INI
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\__PDF.INI:KAVICHS
[2009/04/05 23:07:51 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/04/05 23:07:51 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF15103.exe
[2009/04/05 23:04:06 | 00,555,520 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Graynamore.doc
[2009/04/05 16:29:35 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MEDIA MOUSE.doc
[2009/04/03 15:17:57 | 00,054,038 | ---- | M] () -- C:\MGlogs.zip
[2009/04/01 21:46:23 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\finance project.xls
[2009/03/29 19:48:35 | 00,384,353 | ---- | M] () -- C:\WINDOWS\System32\AdobeFnt07.lst
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/21 23:36:29 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Judy Johnson.doc
[2009/03/18 18:25:03 | 00,115,382 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bushism_fool_me_once.mp3
[2009/03/17 16:42:22 | 00,233,472 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/03/12 08:15:40 | 00,010,304 | ---- | M] () -- C:\WINDOWS\MSOPrefs.232
[2009/03/12 08:15:40 | 00,004,544 | ---- | M] () -- C:\WINDOWS\MSOClip.232
< End of report >

OTViewIt Extras logfile created on: 4/8/2009 3:15:13 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 238.08 Mb Available Physical Memory | 46.55% Memory free
1.22 Gb Paging File | 0.87 Gb Available in Paging File | 70.84% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.34 Gb Total Space | 57.99 Gb Free Space | 54.02% Space Free | Partition Type: NTFS
Drive D: | 4.43 Gb Total Space | 0.69 Gb Free Space | 15.61% Space Free | Partition Type: FAT32
Drive E: | 613.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 949.69 Mb Total Space | 867.34 Mb Free Space | 91.33% Space Free | Partition Type: FAT

Computer Name: HAL
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 08:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 08:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 13:53:46 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
File not found -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2009/01/06 14:06:28 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000006 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000007 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000008 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000009 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000010 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000011 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000012 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000013 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000014 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000015 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000016 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000017 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000018 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000019 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000020 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000021 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000022 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000023 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000024 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000025 -- File not found

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 08:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
File not found Reg Error: Key does not exist or could not be opened. (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [Reg Error: Key does not exist or could not be opened.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 08:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 08:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/08/04 08:00:00 | 00,844,314 | ---- | M] () C:\WINDOWS\system32\msdxm.ocx (vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} (HKLM) [AsyncPProt Class])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Disc 2
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}"=Notifier
"{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}"=aspi
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}"=Sonic Update Manager
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}"=Microsoft Office Sounds
"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}"=VCAMCEN
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}"=Windows Installer Clean Up
"{1485B7CD-4CBD-4039-8EAE-5A22993D7F54}"=hp LaserJet 1150 / 1300
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}"=HLPPDOCK
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}"=PC-Doctor for Windows
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}"=iPod for Windows 2006-03-23
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}"=QuickTime
"{224F7A6E-1D66-46B6-888A-D115E5AC20F6}"=MPIO Manager 2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}"=Acrobat.com
"{29D88826-2AB9-11D5-8854-00902761A46D}"=WordPerfect Productivity Pack
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}"=HpSdpAppCoreApp
"{2A565A4C-BE54-43DE-9B94-0D5EF5F804B6}"=HotSPOT-Client-SP6
"{2C0CD17D-0B06-4700-83FA-7344B868B0A2}"=Opera 9.63
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35E90FA5-2CB4-4039-A8BB-BE1B9DB94E21}"=HP Memories Disc
"{3E5D4098-1669-4173-953D-47E1669F95CD}"=E-Prime 1.1 (1.1.4.1)
"{432C3720-37BF-4BD7-8E49-F38E090246D0}"=CR2
"{469730CC-78DF-4CD3-B286-562D459EA619}"=ESSCAM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}"=ESSvpot
"{4FBF4810-CC11-4985-BD7B-4E80536075FD}"=MPIO Plugins Pack
"{55147AD5-48D1-40DC-B9D4-3181498F7A47}"=AWC v861 Service Pack
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}"=Sony USB Driver
"{60E80B13-8649-4A69-85E2-1AE99E061F43}"=ShowBiz DVD
"{60E971B7-51A0-48CA-8687-C6B8F094A409}"=Simple Backup for My Pictures
"{636EB75F-89A7-4C4C-AE7E-29A4428051AA}"=AWC v85 SP
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69BD6399-3D8F-45B7-81D9-819361F5101D}"=PCDLNCH
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{6DD9963C-271A-4A14-82B0-4DC148C52E58}"=LaCie Backup Software v1.5.2215
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}"=HP Photo and Imaging 2.0 - All-in-One Drivers
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}"=Microsoft Office Converter Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}"=Windows Backup Utility
"{78F79C84-BFD5-4D79-A07D-F39A3CF428DC}"=HLPIndex
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{8214CC02-6271-4DC8-B8DD-779933450264}"=RecordNow
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}"=ESShelp
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}"=ESSCT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}"=Musicmatch® Jukebox
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{9867A917-5D17-40DE-83BA-BEA5293194B1}"=HP Photo and Imaging 2.0 - All-in-One
"{98E8A2EF-4EAE-43B8-A172-74842B764777}"=InterVideo WinDVD Player
"{99C6CCD9-0445-4FE5-8D6F-0D654DA7DEFC}"=ACI Desktop Additional Components
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}"=CCHelp
"{9D3E141E-2D6E-44D3-B32A-57B69E3E4A61}"=REA's TESTware
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}"=ESScore
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}"=SFR2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}"=ESSvpaht
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}"=ESSANUP
"{AC76BA86-0000-0000-0000-6028747ADE01}"=Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000605}"=Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}"=Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-BA7E-000000000001}"=Adobe Acrobat 6.0.1 Standard
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}"=Microsoft .NET Framework (English)
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}"=KSU
"{C1067095-24AB-4BCD-B64B-BE83A9186DCE}"=ACI Collection 32
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}"=SFR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}"=ESSAdpt
"{D5068583-D569-468B-9755-5FBF5848F46F}"=Sony Picture Utility
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1"=AusLogics Disk Defrag
"{E4C4A71B-733A-4099-AB44-05BC5793D5B9}"=Street Atlas USA 2004
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}"=Simple Installer - Multilanguage Version
"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}"=HLPCCTR
"{F2DD5ED2-1ADC-44FC-AEBD-E0787FBC02F6}"=ArcSoft Software Suite
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}"=iTunes
"{FCDB1C92-03C6-4C76-8625-371224256091}"=ESSPDock
"360Share"=360Share(remove only)
"AccuChef"=AccuChef
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"AdobeESD"=Adobe Download Manager 1.2 (Remove Only)
"AIM_6"=AIM 6
"AOL Toolbar"=AOL Toolbar 2.0
"ArcSoft Software Suite"=ArcSoft Picture Software
"ATI Display Driver"=ATI Display Driver
"avast!"=avast! Antivirus
"BackWeb-137903 Uninstaller"=Updates from HP
"BadCopy Pro"=BadCopy Pro
"BitTorrent"=BitTorrent 3.4.2
"CCleaner"=CCleaner (remove only)
"CleanUp!"=CleanUp!
"COMODO Firewall Pro"=COMODO Firewall Pro
"DVD Decrypter"=DVD Decrypter (Remove Only)
"DVD Shrink_is1"=DVD Shrink 3.2
"Emoticons Mail_is1"=Emoticons Mail 3.2
"ExtractNow_is1"=ExtractNow
"Find Junk Files"=Find Junk Files
"Free PDF to Word Doc Converter_is1"=Free PDF to Word Doc Converter v1.1
"Glary Utilities_is1"=Glary Utilities 2.7.268
"HijackThis"=HijackThis 2.0.2
"hp instant support"=HP Instant Support
"hp psc 2170 series_Driver"=hp psc 2170 series
"HPTOOLKIT"=toolkit
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"ImgBurn"=ImgBurn (Remove Only)
"IMsecure"=IMsecure
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}"=iPod for Windows 2006-03-23
"Karen's Replicator"=Karen's Replicator
"LJ Comment Stats Wizard_is1"=LJ Comment Stats Wizard 1.2
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework Full v1.0.3705 (1033)"=Microsoft .NET Framework (English) v1.0.3705
"Microsoft PhotoDraw 2000"=Microsoft PhotoDraw 2000
"MP3 Cutter Joiner_is1"=MP3 Cutter Joiner 1.17
"MRU-Blaster_is1"=MRU-Blaster v1.5 (Database 3/28/2004)
"MSN Music Assistant"=MSN Music Assistant
"MSTTS"=Microsoft Text-to-Speech Engine 4.0 (English)
"Network Play System (Patching)"=Network Play System (Patching)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA"=NVIDIA Windows 2000/XP Display Drivers
"Outlook Express Key 6.0 Demo"=Outlook Express Key Demo
"pfinish4"=PhotoFinish® 4
"Picasa 3"=Picasa 3
"PS2"=PS2
"Python 2.2 combined Win32 extensions"=Python 2.2 combined Win32 extensions
"Python 2.2.1"=Python 2.2.1
"Revo Uninstaller"=Revo Uninstaller 1.80
"RipIt4Me"=RipIt4Me
"S3Display"=S3Display
"S3Gamma2"=S3Gamma2
"S3Info2"=S3Info2
"S3Overlay"=S3Overlay
"Shockwave"=Shockwave
"SPSS for Windows 11.0"=SPSS 11.0.1 for Windows
"SPSS for Windows Student Version 11.0"=SPSS 11.0 for Windows Student Version
"StickyNote_is1"=StickyNote 9
"tv_enua"=Lernout & Hauspie TruVoice American English TTS Engine
"Viewpoint Manager"=Viewpoint Manager (Remove Only)
"Weather Watcher_is1"=Weather Watcher
"WebPost"=Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 10
"WMFDist11"=Windows Media Format 11 runtime
"WordPerfect Productivity Pack"=WordPerfect Productivity Pack
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/1/2008 11:12:34 PM | Computer Name = HAL | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
A:\MVC-003S.JPG failed, 0000001E.

Error - 9/24/2008 2:16:52 PM | Computer Name = HAL | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Unhandled exception in AavmProviderStop
[Inner], MAIL.

Error - 9/24/2008 2:17:43 PM | Computer Name = HAL | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Unhandled exception in AavmProviderStop
[Inner], STANDARD.

[ Application Events ]
Error - 4/4/2009 1:51:28 PM | Computer Name = HAL | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/4/2009 1:51:39 PM | Computer Name = HAL | Source = Microsoft Fax | ID = 32063
Description = Fax Service failed to read the archive configuration, possibly due
to registry corruption or a lack of system resources. Reinstall Fax service using
Repair mode. Win32 error code: 13. This error code indicates the cause of the error.

Error - 4/6/2009 6:07:11 PM | Computer Name = HAL | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/6/2009 6:07:19 PM | Computer Name = HAL | Source = Microsoft Fax | ID = 32063
Description = Fax Service failed to read the archive configuration, possibly due
to registry corruption or a lack of system resources. Reinstall Fax service using
Repair mode. Win32 error code: 13. This error code indicates the cause of the error.

Error - 4/6/2009 7:47:57 PM | Computer Name = HAL | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/6/2009 7:48:02 PM | Computer Name = HAL | Source = Microsoft Fax | ID = 32063
Description = Fax Service failed to read the archive configuration, possibly due
to registry corruption or a lack of system resources. Reinstall Fax service using
Repair mode. Win32 error code: 13. This error code indicates the cause of the error.

Error - 4/6/2009 8:09:37 PM | Computer Name = HAL | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/6/2009 8:09:46 PM | Computer Name = HAL | Source = Microsoft Fax | ID = 32063
Description = Fax Service failed to read the archive configuration, possibly due
to registry corruption or a lack of system resources. Reinstall Fax service using
Repair mode. Win32 error code: 13. This error code indicates the cause of the error.

Error - 4/7/2009 6:59:51 AM | Computer Name = HAL | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/7/2009 7:00:08 AM | Computer Name = HAL | Source = Microsoft Fax | ID = 32063
Description = Fax Service failed to read the archive configuration, possibly due
to registry corruption or a lack of system resources. Reinstall Fax service using
Repair mode. Win32 error code: 13. This error code indicates the cause of the error.

[ System Events ]
Error - 2/23/2009 1:59:37 PM | Computer Name = HAL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgArCln

Error - 2/23/2009 2:29:50 PM | Computer Name = HAL | Source = Service Control Manager | ID = 7024
Description = The Java Quick Starter service terminated with service-specific error
1 (0x1).

Error - 2/23/2009 2:29:50 PM | Computer Name = HAL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgArCln

Error - 2/23/2009 3:46:20 PM | Computer Name = HAL | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/24/2009 1:59:46 AM | Computer Name = HAL | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/24/2009 2:28:42 PM | Computer Name = HAL | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 000C76014FEA.

Error - 2/24/2009 4:16:28 PM | Computer Name = HAL | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 2/24/2009 4:16:37 PM | Computer Name = HAL | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/25/2009 2:28:46 PM | Computer Name = HAL | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 000C76014FEA.

Error - 2/26/2009 2:28:50 PM | Computer Name = HAL | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 000C76014FEA.


< End of report >

Edited by lannie, 08 April 2009 - 02:20 PM.


#9 lannie

lannie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:02:02 AM

Posted 08 April 2009 - 04:47 PM

Hi again!
I decided to try again on the gmer scan, so I rebooted and went back into the exe file and it opened the way it was supposed to.
I changed the settings and ran the scan :thumbup2: Just curious what is haspnt.sys? It shows under the System heading.
Here are the results:


GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2009-04-08 17:08:44
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwClose
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwCreateKey
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwDeleteValueKey
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwDuplicateObject
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwOpenKey
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwOpenProcess
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwOpenThread
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwQueryValueKey
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwRestoreKey
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwSetValueKey

INT 0x06 \??\C:\WINDOWS\System32\drivers\Haspnt.sys B67DF16D
INT 0x0E \??\C:\WINDOWS\System32\drivers\Haspnt.sys B67DEFC2

---- Files - GMER 1.0.12 ----

ADS C:\6in1ico\Media-In1.ico:KAVICHS
ADS C:\6in1ico\No-Media1.ico:KAVICHS
ADS C:\Acrobat_Stn_US_Upg\Adobe Acrobat 6.0 Standard Upgrade\0x0404.ini:KAVICHS
ADS C:\Acrobat_Stn_US_Upg\Adobe Acrobat 6.0 Standard Upgrade\0x0409.ini:KAVICHS
ADS C:\Acrobat_Stn_US_Upg\Adobe Acrobat 6.0 Standard Upgrade\0x0411.ini:KAVICHS
ADS C:\Acrobat_Stn_US_Upg\Adobe Acrobat 6.0 Standard Upgrade\0x0412.ini:KAVICHS
ADS C:\Acrobat_Stn_US_Upg\Adobe Acrobat 6.0 Standard Upgrade\0x0804.ini:KAVICHS
ADS C:\Acrobat_Stn_US_Upg\Adobe Acrobat 6.0 Standard Upgrade\Abcpy.ini:KAVICHS
ADS C:\Acrobat_Stn_US_Upg\Adobe Acrobat 6.0 Standard Upgrade\AcroStan.msi:KAVICHS
ADS C:\Acrobat_Stn_US_Upg\Adobe Acrobat 6.0 Standard Upgrade\Data1.cab:KAVICHS
ADS C:\Acrobat_Stn_US_Upg\Adobe Acrobat 6.0 Standard Upgrade\instmsia.exe:KAVICHS
ADS ...
ADS C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:KAVICHS
ADS C:\Documents and Settings\LocalService\ntuser.dat.LOG:KAVICHS
ADS C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:KAVICHS
ADS C:\Documents and Settings\NetworkService\ntuser.dat.LOG:KAVICHS
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\106_0686.jp_
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\106_0687.jp_
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\106_0690.jp_
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\106_0692.jp_
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\106_0693.jp_
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\106_0694.jp_
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\106_0695.jp_
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\106_0696.jp_
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\106_0697.jp_
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\106_0698.jp_
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\106_0699.jp_
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\106_0700.jp_
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\106_0701.jp_
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\106_0702.jp_
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\106_0703.jp_
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\106_0704.jp_
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\106_0705.jp_
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\106_0706.jp_
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\106_0707.jp_
File C:\Documents and Settings\Owner\Application Data\Comcast\PhotoShow II\A Day at the Zoo..\meta.xm_
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:KAVICHS

---- EOF - GMER 1.0.12 ----

Edited by lannie, 08 April 2009 - 05:28 PM.


#10 lannie

lannie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:02:02 AM

Posted 08 April 2009 - 07:28 PM

I wanted to let you know that I also ran a scan with supererantispyware and malwarbytes, today,both were clean.

Edited by lannie, 08 April 2009 - 08:59 PM.


#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:02 AM

Posted 09 April 2009 - 10:56 AM

Hi lannie,

It is looking like this is not malware related.

Can you just run this online scanner to be double sure.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#12 lannie

lannie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:02:02 AM

Posted 09 April 2009 - 08:26 PM

Hi m0le,
I ran the scan and here are the results. Thanks again for your help. I also ran a defrag and used ccleaner to clean up any junk. The computer is still not running the way it was before. I don't know what's going on.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, April 10, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, April 09, 2009 19:18:29
Records in database: 2028668
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan statistics:
Files scanned: 159088
Threat name: 2
Infected objects: 1
Suspicious objects: 1
Duration of the scan: 06:39:41


File name / Threat name / Threats count
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{88C671F2-31F4-47C2-BC7B-4E9EF21EE177}\Microsoft\Outlook Express\Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1200\A0222831.exe Infected: not-a-virus:PSWTool.Win32.MailPassView.ae 1

The selected area was scanned.

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:02 AM

Posted 10 April 2009 - 04:35 AM

Hi lannie,

Kaspersky found a phishing email and a restore point infection.

The email can be removed completely by emptying your quarantine folder. We will deal with the restore point in a minute.

Okay, your log is clean! :thumbup2:

Let's firstly do some housekeeping

Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Please download OTCleanIt and save it to Desktop.

Make sure you have internet connection.
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select No
Go to Start --> Run and copy/paste C:\WINDOWS\gmer_uninstall.cmd into the run window, click Okay. When that process completes, please reboot your computer.

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Here's a list of ways you can avoid problems in the future:

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


That's it, I suggest you post a systems query in the main forums at Bleeping Computer to try and track down the problem.

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#14 lannie

lannie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:02:02 AM

Posted 10 April 2009 - 04:49 PM

hi m0le,
I followed all your instructions, except for one thing: (C:\WINDOWS\gmer_uninstall.cmd). When I pasted this in the prompt, it said file not found. I skipped this and did everything else. Checked the restore points and I now only have the one new one I just created. Thanks for everything. I hope you have time to answer a couple of final questions. Was the restore point infection causing problems? Was the computer actually infected with anything? After I did everything today, and rebooted, things are running like normal again.
I still can't load AVG back onto my computer. I am using Avast now but don't know much about it. Do you know if it is as good as AVG?
Thanks for all of your help. This is a great site, but I'm sure you already know that! :thumbup2:

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:02 AM

Posted 11 April 2009 - 03:50 AM

Hey lannie,

Don't worry about the Gmer uninstall, the OTCleanIt program removes it if I remember correctly.

Your computer didn't have any signs of infection but something was quarantined as it hit your PC.
The restore point wasn't causing any problems but could have if you had chosen to roll back to the last restore point as it was infected. Setting a new restore point and removing all the others removes that threat.

Avast is a good antivirus so no worries there :thumbup2:

Thanks for the compliment. Bleeping Computer is an awesome site, I've learnt malware removal from them and the coaches are fantastic.

Happy surfing lannie. :)
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users