Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible/unknown malware and/or keylogger infection


  • This topic is locked This topic is locked
15 replies to this topic

#1 HeeHaw5130

HeeHaw5130

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 18 July 2010 - 03:34 AM

A little while ago, I checked my Yahoo mail inbox and saw that several messages had been sent to pretty much every single person in my contacts list. Inside each message was a a different hyperlink going to a unique site, all of them foreign. For reference, here are the websites that were in the bodies of the messages:

www(dot)ericawaldron(dot)co(dot)uk(slash)about(dot)php

ideartegrafico(dot)net(slash)about(dot)php

deltalabo(dot)fr(slash)about(dot)php

bern(dot)carrie(dot)es(slash)about(dot)php


At this point, I do not know at all how someone could have logged into my email account and done this, other than maybe a keylogger of sorts. Hence, this post. I need to see if there's anything on my system that could be associated with this.

Here's my DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Doug Plemms at 3:44:49.60 on Sun 07/18/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1598 [GMT -4:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Doug Plemms\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [hplampc] c:\windows\system32\hplampc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277113145421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {C53A9AF9-A376-41EC-9D11-388D92E39AA5} = 192.168.254.254
Notify: AtiExtEvent - Ati2evxx.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dougpl~1\applic~1\mozilla\firefox\profiles\t6wqn1ta.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.fanfiction.net
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-21 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-21 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-21 40384]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RalinkRegistryWriter.exe [2010-6-21 75040]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2010-6-21 963712]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-21 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-21 40384]
S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [2010-7-10 9312]
S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [2010-6-21 16512]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2010-07-11 08:52:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Tracker Software
2010-07-10 16:20:47 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-07-10 16:20:47 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-07-10 16:20:47 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2010-07-10 16:20:47 32768 ----a-w- c:\windows\system32\hpgtmcro.dll
2010-07-10 16:20:47 31232 -c--a-w- c:\windows\system32\dllcache\hpgt42tk.dll
2010-07-10 16:20:47 31232 ----a-w- c:\windows\system32\hpgt42tk.dll
2010-07-10 16:20:44 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2010-07-10 16:20:44 93696 ----a-w- c:\windows\system32\hpgt42.dll
2010-07-10 16:20:43 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-10 16:20:43 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-10 16:13:47 15047 ----a-w- c:\windows\HPSETUP.INI
2010-07-10 16:13:46 299520 ----a-w- c:\windows\uninst.exe
2010-07-10 16:13:45 0 d-----w- c:\documents and settings\doug plemms\WINDOWS
2010-07-09 06:15:53 69 ----a-w- c:\windows\NeroDigital.ini
2010-07-02 08:03:57 976 ----a-w- c:\windows\eReg.dat
2010-07-02 07:58:06 0 d-----w- c:\program files\EA Games
2010-07-01 09:08:30 38848 ----a-w- c:\windows\avastSS.scr
2010-07-01 09:04:04 0 d-----w- c:\program files\Tracker Software
2010-06-28 05:56:21 0 d-----w- c:\program files\MSXML 4.0
2010-06-28 05:49:01 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-06-28 05:36:51 0 d-----w- c:\windows\system32\XPSViewer
2010-06-28 05:36:26 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-06-28 05:36:26 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-06-28 05:36:26 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-06-28 05:36:26 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-06-28 05:36:26 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-06-28 05:36:26 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-06-28 05:36:26 117760 ------w- c:\windows\system32\prntvpt.dll
2010-06-28 05:36:26 0 d-----w- C:\934aa9e191451c4b1694c8d8
2010-06-28 01:09:00 1024 ----a-w- c:\documents and settings\doug plemms\.rnd
2010-06-28 01:07:02 0 d-----w- c:\program files\Nero
2010-06-28 01:07:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero
2010-06-28 01:06:18 0 d-----w- c:\windows\RegisteredPackages
2010-06-27 06:10:37 389120 ----a-w- c:\windows\system32\actskn43.ocx
2010-06-27 06:10:37 1208320 ----a-w- c:\windows\system32\PTxSCP.ocx
2010-06-22 13:22:20 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-06-22 03:12:33 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-06-21 13:53:13 0 d-----w- c:\docume~1\dougpl~1\applic~1\OpenOffice.org
2010-06-21 13:44:27 0 d-----w- c:\program files\JRE
2010-06-21 13:44:24 0 d-----w- c:\program files\OpenOffice.org 3
2010-06-21 13:12:14 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-21 13:12:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-21 12:54:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-21 12:54:13 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-21 11:29:11 0 ----a-w- c:\windows\ativpsrm.bin
2010-06-21 11:26:25 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-06-21 11:25:56 0 d-----w- c:\program files\ATI Technologies
2010-06-21 11:22:52 0 d-----w- C:\ATI
2010-06-21 11:03:49 0 d-----w- c:\windows\system32\LogFiles
2010-06-21 11:00:57 0 d-----w- c:\windows\ie8updates
2010-06-21 11:00:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-21 11:00:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-21 11:00:40 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-21 11:00:40 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-21 11:00:39 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-21 11:00:39 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-06-21 11:00:38 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-06-21 10:58:08 0 d-sh--w- c:\documents and settings\doug plemms\PrivacIE
2010-06-21 10:53:38 0 d-sh--w- c:\documents and settings\doug plemms\IECompatCache
2010-06-21 10:47:48 0 d-sh--w- c:\documents and settings\doug plemms\IETldCache
2010-06-21 10:45:17 0 dc-h--w- c:\windows\ie8
2010-06-21 10:17:57 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-21 10:17:52 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-06-21 10:17:35 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-06-21 10:16:43 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-06-21 10:16:43 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-06-21 10:16:32 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-06-21 10:14:31 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-06-21 10:13:51 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-06-21 10:11:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-06-21 10:11:30 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-06-21 10:11:26 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-06-21 10:10:44 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-06-21 10:10:39 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-06-21 09:55:14 0 d-----w- c:\windows\ServicePackFiles
2010-06-21 09:55:04 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-06-21 09:53:10 19569 ----a-w- c:\windows\002592_.tmp
2010-06-21 09:51:40 0 d-----w- c:\windows\EHome
2010-06-21 09:42:57 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-06-21 09:42:57 0 d-----w- c:\windows\system32\PreInstall
2010-06-21 09:40:03 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-06-21 09:40:02 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-06-21 09:40:02 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-06-21 09:40:02 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-06-21 09:40:02 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-06-21 09:38:42 0 d-sh--w- c:\documents and settings\doug plemms\UserData
2010-06-21 09:38:00 13646 ----a-w- c:\windows\system32\wpa.bak
2010-06-21 09:14:12 14568 ----a-w- c:\windows\system32\drivers\wg6n.sys
2010-06-21 09:14:11 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys
2010-06-21 09:14:11 14568 ----a-w- c:\windows\system32\drivers\wg5n.sys
2010-06-21 09:14:11 14568 ----a-w- c:\windows\system32\drivers\wg4n.sys
2010-06-21 09:14:11 14568 ----a-w- c:\windows\system32\drivers\wg3n.sys
2010-06-21 09:14:10 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys
2010-06-21 09:14:09 83096 ----a-w- c:\windows\system32\SSSensor.dll
2010-06-21 09:14:07 0 d-----w- c:\program files\Sygate
2010-06-21 09:09:59 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-06-21 09:01:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-06-21 08:36:10 315510 ----a-w- c:\windows\system32\RAPI.dll
2010-06-21 08:36:10 200704 ----a-w- c:\windows\system32\ssleay32.dll
2010-06-21 08:36:10 16512 ----a-w- c:\windows\system32\drivers\RAPIProtocol.sys
2010-06-21 08:36:10 1093632 ----a-w- c:\windows\system32\libeay32.dll
2010-06-21 08:36:03 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-06-21 08:36:03 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-06-21 08:36:01 963712 ----a-w- c:\windows\system32\drivers\rt2860.sys
2010-06-21 08:36:01 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2010-06-21 08:36:00 13650 ----a-w- c:\windows\system32\RaCoInst.dat
2010-06-21 08:36:00 0 d-----w- c:\program files\Ralink
2010-06-21 08:36:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Ralink Driver
2010-06-21 08:00:53 102400 ----a-r- c:\windows\system32\drivers\ianswxp.sys
2010-06-21 08:00:27 5110 ----a-r- c:\windows\system32\e100b325.din
2010-06-21 08:00:27 24064 ----a-r- c:\windows\system32\IntelNic.dll
2010-06-21 08:00:27 145408 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2010-06-21 08:00:27 145408 ----a-r- c:\windows\system32\drivers\e100b325.sys
2010-06-21 08:00:27 12288 ----a-r- c:\windows\system32\e100bmsg.dll
2010-06-21 08:00:27 118784 ----a-r- c:\windows\system32\Prounstl.exe
2010-06-21 07:48:18 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-06-21 07:48:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-06-21 07:48:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-06-21 07:48:12 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-06-21 07:48:11 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-06-21 07:48:10 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-06-21 07:48:09 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-06-21 07:48:08 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2010-06-21 07:48:06 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
2010-06-21 07:48:05 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys
2010-06-21 07:48:04 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys
2010-06-21 07:47:56 0 d-----w- c:\program files\Realtek Sound Manager
2010-06-21 07:47:54 0 d-----w- c:\program files\AvRack
2010-06-21 07:32:12 0 d-----w- c:\program files\Gigabyte
2010-06-21 07:32:10 306688 ----a-w- c:\windows\IsUninst.exe
2010-06-21 07:13:59 0 d-----w- c:\windows\system32\ReinstallBackups
2010-06-21 06:54:50 0 d-sh--w- c:\documents and settings\all users\DRM
2010-06-21 06:54:33 0 d--h--w- c:\program files\WindowsUpdate
2010-06-21 06:53:51 0 d-----w- c:\program files\common files\MSSoap
2010-06-21 06:52:44 0 d-----w- c:\program files\Online Services
2010-06-21 06:52:40 0 d-----w- c:\program files\Messenger
2010-06-21 06:52:37 0 d-----w- c:\program files\MSN Gaming Zone
2010-06-21 06:52:09 0 d-----w- c:\program files\Windows NT
2010-06-21 02:40:05 0 d-----w- c:\program files\common files\ODBC
2010-06-21 02:40:02 0 d-----w- c:\program files\common files\SpeechEngines
2010-06-21 02:39:41 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-06-21 06:53:21 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

============= FINISH: 3:45:10.31 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:07 AM

Posted 25 July 2010 - 08:08 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 HeeHaw5130

HeeHaw5130
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 26 July 2010 - 01:14 AM

So far since my post, I've done a few full system scans with Avast 5 with all scan options selected, scanned with Trend Micro Housecall Free and RootkitBuster, Spybot S&D and even used MS's Malicious Software Removal Tool. They all didn't find anything, but I still want to be sure.

Here is my OTL log. It didn't show any Extra.txt file after the scan. Did you also want me to post another DDS and GMER log as well, or just this one only?


OTL logfile created on: 7/26/2010 1:59:13 AM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Doug Plemms\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 454.11 Gb Free Space | 97.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GARFIELD1
Current User Name: Doug Plemms
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/25 09:59:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doug Plemms\Desktop\OTL.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/03/09 12:45:22 | 001,662,976 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe
PRC - [2008/09/05 10:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe
PRC - [2003/08/15 03:34:50 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/03/11 16:24:40 | 000,086,016 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/07/25 09:59:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doug Plemms\Desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/10/15 18:32:10 | 000,083,096 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\SSSensor.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/09/05 10:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2004/10/15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/02/16 20:55:06 | 000,963,712 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008/08/07 14:42:36 | 000,016,512 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RAPIProtocol.sys -- (RAPIProtocol)
DRV - [2007/12/20 23:53:20 | 002,843,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/15 18:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n)
DRV - [2004/10/15 18:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n)
DRV - [2004/10/15 18:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n)
DRV - [2004/10/15 18:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2004/10/15 18:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004/10/15 18:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)
DRV - [2003/08/15 03:53:12 | 000,462,684 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/08/14 11:16:38 | 000,404,736 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2001/02/18 10:09:56 | 000,009,312 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hp4200c.sys -- (hp4200c)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-57989841-1343024091-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-57989841-1343024091-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.fanfiction.net"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/24 10:57:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 10:57:56 | 000,000,000 | ---D | M]

[2010/06/22 08:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug Plemms\Application Data\Mozilla\Extensions
[2010/07/24 15:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug Plemms\Application Data\Mozilla\Firefox\Profiles\t6wqn1ta.default\extensions
[2010/06/28 02:19:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Doug Plemms\Application Data\Mozilla\Firefox\Profiles\t6wqn1ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/22 08:33:28 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\Doug Plemms\Application Data\Mozilla\Firefox\Profiles\t6wqn1ta.default\searchplugins\scroogle.xml
[2010/06/22 08:04:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/07/24 08:10:19 | 000,414,692 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14321 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-1343024091-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1277113145421 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Doug Plemms\My Documents\My Pictures\Desktop Wallpaper\MOHfrontline wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Doug Plemms\My Documents\My Pictures\Desktop Wallpaper\MOHfrontline wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/21 02:55:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Netlogon - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanServer - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: Messenger - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/25 23:07:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug Plemms\Local Settings\Application Data\Identities
[2010/07/25 09:49:09 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Doug Plemms\Desktop\OTL.exe
[2010/07/24 18:50:17 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/24 09:40:56 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/07/24 04:42:05 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2010/07/11 04:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tracker Software
[2010/07/10 12:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug Plemms\Local Settings\Application Data\Help
[2010/07/10 12:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug Plemms\Application Data\Help
[2010/07/10 12:20:47 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiafbdrv.dll
[2010/07/10 12:20:47 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2010/07/10 12:20:47 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hpgtmcro.dll
[2010/07/10 12:20:47 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2010/07/10 12:20:47 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hpgt42tk.dll
[2010/07/10 12:20:47 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2010/07/10 12:20:43 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/07/10 12:15:53 | 000,669,184 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\ipeistor11.dll
[2010/07/10 12:15:53 | 000,350,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn70n.dll
[2010/07/10 12:15:53 | 000,324,096 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\ipebase11.dll
[2010/07/10 12:15:53 | 000,224,768 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFCMP70n.DLL
[2010/07/10 12:15:53 | 000,111,104 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfpng70n.dll
[2010/07/10 12:15:53 | 000,093,184 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lftif70n.dll
[2010/07/10 12:15:53 | 000,066,560 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\ipeapi11.dll
[2010/07/10 12:15:53 | 000,055,808 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lffax70n.dll
[2010/07/10 12:15:53 | 000,055,296 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltfil70n.DLL
[2010/07/10 12:15:53 | 000,040,448 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hplampc.exe
[2010/07/10 12:15:53 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lffpx70n.dll
[2010/07/10 12:15:53 | 000,032,768 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfgif70n.dll
[2010/07/10 12:15:53 | 000,032,768 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpsjrreg.exe
[2010/07/10 12:15:53 | 000,025,524 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpsctrlc.cpl
[2010/07/10 12:15:53 | 000,024,576 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfpcx70n.dll
[2010/07/10 12:15:53 | 000,024,576 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfbmp70n.dll
[2010/07/10 12:15:53 | 000,014,336 | ---- | C] (Hewlett-Packard, GHC) -- C:\WINDOWS\System32\reg32.dll
[2010/07/10 12:15:53 | 000,009,312 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\drivers\hp4200c.sys
[2010/07/10 12:15:47 | 000,000,000 | ---D | C] -- C:\SCANJET
[2010/07/10 12:13:46 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2010/07/10 12:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug Plemms\WINDOWS
[2010/07/08 20:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug Plemms\My Documents\Command and Conquer Generals Zero Hour Data
[2010/07/02 15:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug Plemms\My Documents\Command and Conquer Generals Data
[2010/07/02 03:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2010/07/01 05:32:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/07/01 05:08:30 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/07/01 05:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2010/06/28 01:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/06/28 01:36:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/06/28 01:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/06/28 01:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/06/28 01:36:26 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/06/28 01:36:26 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/06/28 01:36:26 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/06/28 01:36:26 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/06/28 01:36:26 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/06/28 01:36:26 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/06/28 01:36:26 | 000,000,000 | ---D | C] -- C:\934aa9e191451c4b1694c8d8
[2010/06/27 21:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug Plemms\My Documents\Nero
[2010/06/27 21:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug Plemms\Application Data\Nero
[2010/06/27 21:11:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug Plemms\Local Settings\Application Data\Ahead
[2010/06/27 21:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/06/27 21:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/06/27 21:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/06/27 21:06:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/06/27 21:01:44 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010/06/27 21:01:43 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2010/06/27 02:10:37 | 001,208,320 | ---- | C] (Plasmatech Software Design) -- C:\WINDOWS\System32\PTxSCP.ocx
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/26 01:51:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/25 23:23:26 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Doug Plemms\NTUSER.DAT
[2010/07/25 23:23:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Doug Plemms\ntuser.ini
[2010/07/25 10:05:48 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/25 09:59:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doug Plemms\Desktop\OTL.exe
[2010/07/24 18:48:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/24 09:40:56 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/07/24 08:57:11 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Doug Plemms\Local Settings\Application Data\housecall.guid.cache
[2010/07/24 08:41:42 | 000,018,888 | ---- | M] () -- C:\Documents and Settings\Doug Plemms\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/24 08:10:19 | 000,414,692 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/21 03:42:52 | 000,412,092 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100724-081019.backup
[2010/07/20 05:46:08 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Doug Plemms\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/18 04:47:32 | 000,000,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/07/18 04:47:23 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
[2010/07/13 12:43:34 | 000,084,327 | ---- | M] () -- C:\Documents and Settings\Doug Plemms\My Documents\BILLS.ods
[2010/07/11 22:25:52 | 000,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/10 12:25:40 | 000,001,480 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG
[2010/07/10 12:15:57 | 000,015,047 | ---- | M] () -- C:\WINDOWS\HPSETUP.INI
[2010/07/05 22:38:37 | 000,411,396 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100721-034252.backup
[2010/07/05 19:43:45 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/02 04:13:27 | 000,000,976 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2010/07/02 04:08:53 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Command & Conquer Generals Zero Hour .lnk
[2010/07/02 04:05:38 | 000,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/02 03:58:33 | 000,001,559 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Command & Conquer Generals.lnk
[2010/07/01 14:14:10 | 000,411,396 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100705-223837.backup
[2010/07/01 05:04:07 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Doug Plemms\Desktop\PDF-Viewer.lnk
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/28 02:05:08 | 000,488,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/28 02:05:08 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/28 02:05:08 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/28 01:56:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/27 21:58:05 | 000,408,553 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100701-141410.backup
[2010/06/27 21:11:04 | 000,002,352 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
[2010/06/27 21:09:01 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Doug Plemms\.rnd
[2010/06/27 21:06:28 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/27 02:10:37 | 001,208,320 | ---- | M] (Plasmatech Software Design) -- C:\WINDOWS\System32\PTxSCP.ocx
[2010/06/27 02:10:37 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\actskn43.ocx
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/24 08:57:11 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Doug Plemms\Local Settings\Application Data\housecall.guid.cache
[2010/07/10 12:20:44 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\hpgt42.dll
[2010/07/10 12:20:44 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010/07/10 12:15:58 | 000,001,480 | ---- | C] () -- C:\WINDOWS\AUTOLNCH.REG
[2010/07/10 12:15:53 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2010/07/10 12:15:53 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2010/07/10 12:13:47 | 000,015,047 | ---- | C] () -- C:\WINDOWS\HPSETUP.INI
[2010/07/09 02:15:53 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/02 04:08:53 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Command & Conquer Generals Zero Hour .lnk
[2010/07/02 04:03:57 | 000,000,976 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/07/02 03:58:33 | 000,001,559 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Command & Conquer Generals.lnk
[2010/07/01 05:04:07 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\Doug Plemms\Desktop\PDF-Viewer.lnk
[2010/06/27 21:11:04 | 000,002,352 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
[2010/06/27 21:09:00 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Doug Plemms\.rnd
[2010/06/27 02:10:37 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\actskn43.ocx
[2010/06/21 04:00:27 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/06/21 03:47:54 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/10/15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 19:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/12/20 23:09:31 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/06/20 22:38:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/06/20 22:38:19 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/06/20 22:38:18 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/06/21 04:36:03 | 000,021,361 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\AegisP.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/07/24 09:40:56 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys
< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:07 AM

Posted 26 July 2010 - 03:36 AM

Hi,

rerunning DDS and gmer shouldn't be necessary. OTL provides the same basic information as DDS.

The logs are looking clean to me. Do you have any symptoms besides the email? Have more emails appeared in your inbox?
Did you check with the people these mails were sent to if they also received those mails?

Please run a scan with Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 HeeHaw5130

HeeHaw5130
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 29 July 2010 - 06:03 AM

I've since changed the password to my e-mail and haven't had any problems since. However, I still get a message, "You have been disconnected from Yahoo! Chat because you have signed in from another computer." from time to time, especially when I get IMs from people I haven't met (most likely spammers or something). The last time I ignored something like that was when I started having this problem. But I don't know how anyone could have gotten my password through Yahoo Chat.

Here is my MBAM log. It says that I have had Security Center notifications for my AV, firewall and automatic updates disabled. I think one of my relatives did that just to disable the Security Center service. Should I reverse this?

MBAM scan log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4365

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/29/2010 6:53:42 AM
mbam-log-2010-07-29 (06-53-42).txt

Scan type: Quick scan
Objects scanned: 120155
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:07 AM

Posted 29 July 2010 - 06:22 AM

Hi,

please also run a scan with Eset:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

There can be a couple of reasons If you have instant messenger open in your mail, but try to open it using the messenger side bar, it will log you out and vice-versa. Also when you close the window, you will not be logged out unless you sign out. If you try to log in elsewhere it will give you the disconnect message.
Could one of these reasons be the cause for the message?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 HeeHaw5130

HeeHaw5130
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 01 August 2010 - 09:40 PM

The ESET scanner found nothing and didn't give me any options to get a scan report or log.

Are you talking about the actual Yahoo Messenger program as well as the one that's embedded into the Yahoo mail website? I don't have the Messenger program.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:07 AM

Posted 04 August 2010 - 05:19 PM

Hi,

I was talking about the one that is embedded into the webpage. Do you use that?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 HeeHaw5130

HeeHaw5130
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 05 August 2010 - 04:21 AM

Nope, I don't.

But the most recent IM I got (forgot the user's name) a couple weeks back gave me the same message. Then I noticed that whenever I closed it, logged out of my mail and then went back in, that same IM would pop up along with the same warning message about being logged in from another computer. I tried that a couple more times before the IM stopped appearing.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:07 AM

Posted 06 August 2010 - 03:29 AM

Have you ever gotten the message when the IM didn't pop up? Otherwise I would think that the issue was coming from both your IM and your Mail program logging in simultaneously.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 HeeHaw5130

HeeHaw5130
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 07 August 2010 - 03:52 AM

Yeah, I'd get it without IMs as well. I don't have the messenger program itself installed on my machine, and yet I'd still get that message. I've kept the Messenger offline since and have not received anymore of those warning messages. Maybe someone brute-forced my password...?

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:07 AM

Posted 07 August 2010 - 12:35 PM

Hi,

if you are no longer getting the brute force message, it probably hasn't been brute forced but was just related to the message that popped up.

Is your PC working fine now?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 HeeHaw5130

HeeHaw5130
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 08 August 2010 - 05:10 AM

Yeah, everything's fine, no scanner I've tried has found anything. I'll just keep Messenger offline until I decide to use the program itself instead of the one embedded into the website. Thanks for your help.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:07 AM

Posted 08 August 2010 - 02:15 PM

Hi,

it seems the only thing left to do then is to remove the programs we used:
Read those last few lines, in order to keep your pc safe and clean:
Please do the following to clean up your PC:
  1. Delete the tools used during the disinfection:
    • Download OTC from the following mirrors and save it to your desktop:
    • Double click on
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  2. If OTC faild to remove all programs from your Desktop, please delete the rest manually.
  3. Disable and Enable System Restore.
    You can find instructions on how to disable and reenable system restore here:
    Windows ME System Restore Guide
    Windows XP System Restore Guide
    Windows Vista System Restore Guide

    Note: You should only do this once, not on a regular basis!
    You will not be able to restore computer to any earlier than today!

Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 HeeHaw5130

HeeHaw5130
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 12 August 2010 - 02:18 PM

Cool, thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users