Possible worm/trojan on Mothers Day [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Possible worm/trojan on Mothers Day [Solved], alert said it was I-worm.Trojan.b

Options

handhfan View Member Profile	May 14 2009, 10:11 AM Post #2
GeekU Moderator Posts: 8,505 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Hello, Thelostlink, and welcome to GeeksToGo! Sorry for the delay, the forums have been pretty busy. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems Upgrading Java: Download the latest version of Java SE Runtime Environment (JRE) JRE 6 Update 13. Click the "Download" button to the right. Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.". Click on Continue. Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager.. Close any programs you may have running - especially your web browser. Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.") Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present): Java� 6 Update 5 Please do an online scan with Kaspersky WebScanner Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure the following is checked. Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Please post this log in your next reply, along with the OTListIt2 Moved Files log, and a new HijackThis log.

Thelostlink View Member Profile	May 15 2009, 01:55 PM Post #3
Member Posts: 71 OS: XP	-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Friday, May 15, 2009 Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Friday, May 15, 2009 17:33:35 Records in database: 2179809 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Files scanned: 94248 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 00:41:05 File name / Threat name / Threats count C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.dw 1 The selected area was scanned. \ \ Otlistit: OTListIt logfile created on: 5/15/2009 3:50:52 PM - Run 2 OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Users\Owner\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.00 Gb Total Physical Memory \| 1.53 Gb Available Physical Memory \| 76.46% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 288.04 Gb Total Space \| 225.94 Gb Free Space \| 78.44% Space Free \| Partition Type: NTFS Drive D: \| 10.00 Gb Total Space \| 6.03 Gb Free Space \| 60.31% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNER-PC Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== Processes (SafeList) ========== PRC - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. ) PRC - C:\Windows\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation) PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation) PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation) PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Windows\system32\igfxsrvc.exe (Intel Corporation) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe (Webroot Software Inc (www.webroot.com)) PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software ) PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE () PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe (Webroot Software Inc (www.webroot.com)) PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com)) PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.) PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation) PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe (Google Inc.) PRC - C:\Program Files\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\java.exe (Sun Microsystems, Inc.) PRC - C:\Users\Owner\AppData\Local\Temp\jkos-Owner\binaries\ScanningProcess.exe (Kaspersky Lab.) PRC - C:\Users\Owner\AppData\Local\Temp\jkos-Owner\binaries\ScanningProcess.exe (Kaspersky Lab.) PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe (Adobe Systems, Inc.) PRC - C:\Users\Owner\Desktop\OTListIt2.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ehRecvr [On_Demand \| Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [On_Demand \| Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation) SRV - (ehstart [Auto \| Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (GoogleDesktopManager-010708-104812 [On_Demand \| Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (GoToAssist [On_Demand \| Stopped]) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (gusvc [On_Demand \| Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (idsvc [Unknown \| Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (IJPLMSVC [Auto \| Running]) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE () SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (odserv [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (sprtsvc_dellsupportcenter [Auto \| Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (stllssvr [On_Demand \| Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.) SRV - (WDFNet [Auto \| Running]) -- C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe (Webroot Software Inc (www.webroot.com)) SRV - (WebrootSpySweeperService [Auto \| Running]) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com)) SRV - (WinDefend [Auto \| Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc [On_Demand \| Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WRConsumerService [Auto \| Running]) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. ) SRV - (XAudioService [Auto \| Running]) -- C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (adp94xx [Disabled \| Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (adpahci [Disabled \| Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (adpu160m [Disabled \| Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (adpu320 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (aic78xx [Disabled \| Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (aliide [Disabled \| Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (arc [Disabled \| Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (arcsas [Disabled \| Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (BrFiltLo [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (Brserid [Disabled \| Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrSerWdm [Disabled \| Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm [Disabled \| Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (cmdide [Disabled \| Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (e1express [On_Demand \| Running]) -- C:\Windows\system32\DRIVERS\e1e6032.sys (Intel Corporation) DRV - (E1G60 [On_Demand \| Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation) DRV - (elxstor [Disabled \| Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HpCISSs [Disabled \| Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (HSF_DPV [On_Demand \| Running]) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWBS2 [On_Demand \| Running]) -- C:\Windows\system32\DRIVERS\HSXHWBS2.sys (Conexant Systems, Inc.) DRV - (iaStor [Disabled \| Stopped]) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (iaStorV [Disabled \| Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (igfx [On_Demand \| Running]) -- C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Corporation) DRV - (iirsp [Disabled \| Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (IntcAzAudAddService [On_Demand \| Running]) -- C:\Windows\system32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (iteatapi [Disabled \| Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (iteraid [Disabled \| Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (LSI_FC [Disabled \| Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (LSI_SAS [Disabled \| Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (LSI_SCSI [Disabled \| Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (mdmxsdk [Auto \| Running]) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (megasas [Disabled \| Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (MegaSR [Disabled \| Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (Mraid35x [Disabled \| Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (nfrd960 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (ntrigdigi [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (nvraid [Disabled \| Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor [Disabled \| Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (pwipf6 [System \| Running]) -- C:\Windows\system32\DRIVERS\pwipf6.sys (Webroot Software Inc (www.webroot.com)) DRV - (PxHelp20 [Boot \| Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ql2300 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (ql40xx [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (R300 [On_Demand \| Stopped]) -- C:\Windows\system32\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV - (SASDIFSV [System \| Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM [On_Demand \| Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL [System \| Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (secdrv [Auto \| Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (SiSRaid4 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (ssfs0bbc [Boot \| Running]) -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com)) DRV - (SSHRMD [Boot \| Running]) -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software, Inc. (www.webroot.com)) DRV - (SSIDRV [Boot \| Running]) -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software, Inc. (www.webroot.com)) DRV - (Symc8xx [Disabled \| Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_hi [Disabled \| Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Sym_u3 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (uliahci [Disabled \| Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (UlSata [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (ulsata2 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (viaide [Disabled \| Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (vsmraid [Disabled \| Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (winachsf [On_Demand \| Running]) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (XAudio [Auto \| Running]) -- C:\Windows\system32\DRIVERS\xaudio.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=6080625 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=6080625 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=6080625 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: (736 bytes) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: ::1 localhost O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - Reg Error: Key error. File not found O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] "C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" /logon (CANON INC.) O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.) O4 - HKLM..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( ) O4 - HKLM..\Run: [ECenter] "C:\Dell\E-Center\EULALauncher.exe" ( ) O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google) O4 - HKLM..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe" (Intel Corporation) O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" (Nuance Communications, Inc.) O4 - HKLM..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" (Intel Corporation) O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.) O4 - HKLM..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe" (Realtek Semiconductor) O4 - HKLM..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray (Webroot Software, Inc.) O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe" (Webroot Software Inc (www.webroot.com)) O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation) O4 - HKCU..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.) O4 - HKCU..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" (Microsoft Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" (SUPERAntiSpyware.com) O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" (Microsoft Corporation) O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software ) O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\system32\igfxdev.dll (Intel Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 \| 00,000,024 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [2009/05/15 13:53:16 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Java [2009/05/15 13:44:46 \| 16,283,032 \| ---- \| C] () -- C:\Users\Owner\Desktop\jre-6u13-windows-i586-p.exe [2009/05/10 22:15:29 \| 00,501,248 \| ---- \| C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTListIt2.exe [2009/05/10 21:59:31 \| 00,000,000 \| ---D \| C] -- C:\Rooter$ [2009/05/10 21:59:23 \| 00,267,612 \| ---- \| C] () -- C:\Users\Owner\Desktop\Rooter.exe [2009/05/10 20:55:58 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\SUPERAntiSpyware.com [2009/05/10 20:55:47 \| 00,000,904 \| ---- \| C] () -- C:\Users\Owner\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/05/10 20:55:44 \| 00,000,000 \| ---D \| C] -- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com [2009/05/10 20:55:44 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SUPERAntiSpyware [2009/05/10 20:54:13 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Wise Installation Wizard [2009/05/10 20:54:00 \| 06,325,280 \| ---- \| C] () -- C:\Users\Owner\Desktop\SUPERAntiSpyware.exe [2009/05/10 20:42:35 \| 00,000,000 \| ---D \| C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes [2009/05/10 20:42:34 \| 00,000,820 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/05/10 20:42:33 \| 00,015,504 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/05/10 20:42:31 \| 00,038,496 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/05/10 20:42:29 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/05/10 20:42:29 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/05/10 20:40:47 \| 02,967,800 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup.exe [2009/05/10 20:37:21 \| 00,000,874 \| ---- \| C] () -- C:\Users\Owner\Desktop\NTREGOPT.lnk [2009/05/10 20:37:21 \| 00,000,855 \| ---- \| C] () -- C:\Users\Owner\Desktop\ERUNT.lnk [2009/05/10 20:37:19 \| 00,000,000 \| ---D \| C] -- C:\Windows\owner [2009/05/10 20:36:01 \| 00,000,000 \| ---D \| C] -- C:\Users\Owner\Documents\safety [2009/05/10 20:26:17 \| 00,000,000 \| ---D \| C] -- C:\Windows\ERDNT [2009/05/10 20:18:55 \| 00,791,393 \| ---- \| C] (Lars Hederer ) -- C:\Users\Owner\Desktop\erunt_setup.exe [2009/05/10 20:16:59 \| 00,021,504 \| ---- \| C] (Doug Knox) -- C:\Users\Owner\Desktop\SysRestorePoint.exe [2009/05/01 22:51:02 \| 00,001,783 \| ---- \| C] () -- C:\Users\Public\Desktop\Webroot AntiVirus.lnk [2009/05/01 22:50:15 \| 00,000,164 \| ---- \| C] () -- C:\Windows\install.dat [2009/04/15 19:34:20 \| 03,580,928 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll [2009/04/15 19:34:19 \| 06,068,736 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll [2009/04/15 19:34:18 \| 01,166,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll [2009/04/15 19:34:17 \| 00,827,392 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll [2009/04/15 19:34:17 \| 00,458,240 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2009/04/15 19:34:17 \| 00,389,120 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2009/04/15 19:34:17 \| 00,270,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll [2009/04/15 19:34:17 \| 00,230,400 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2009/04/15 19:34:17 \| 00,102,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll [2009/04/15 19:34:16 \| 00,671,232 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2009/04/15 19:34:16 \| 00,389,632 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2009/04/15 19:34:16 \| 00,078,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2009/04/15 19:34:16 \| 00,026,624 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2009/04/15 19:34:15 \| 00,028,160 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2009/04/15 19:34:14 \| 01,383,424 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2009/04/15 19:34:08 \| 00,376,832 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll [2009/04/15 19:34:06 \| 00,562,176 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll [2009/04/15 19:34:06 \| 00,038,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll [2009/04/15 19:33:32 \| 03,599,328 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2009/04/15 19:33:32 \| 03,547,632 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2009/04/15 19:33:32 \| 00,551,424 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll [2009/04/15 19:33:31 \| 00,666,624 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2009/04/15 19:33:31 \| 00,183,296 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll [2009/04/15 19:33:31 \| 00,098,304 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll [2009/04/15 19:33:31 \| 00,054,784 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll [2009/04/15 19:33:31 \| 00,044,032 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll [2009/04/15 19:33:31 \| 00,026,112 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2009/04/15 19:33:30 \| 00,017,408 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe [2009/04/15 19:33:22 \| 01,255,936 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2009/04/15 19:33:21 \| 00,888,832 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll [2009/04/15 19:33:21 \| 00,072,704 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll [2009/04/15 19:33:21 \| 00,024,064 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll [2009/04/15 19:33:21 \| 00,013,824 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll [2009/04/02 14:30:04 \| 00,031,088 \| ---- \| C] () -- C:\Windows\System32\wrLZMA.dll [2008/08/19 19:10:30 \| 00,000,146 \| ---- \| C] () -- C:\Windows\ODBC.INI [2008/08/17 21:36:33 \| 00,000,412 \| ---- \| C] () -- C:\Windows\MAXLINK.INI [2008/06/25 12:23:04 \| 01,953,696 \| ---- \| C] () -- C:\Windows\System32\igklg400.dll [2008/06/25 12:23:04 \| 01,533,360 \| ---- \| C] () -- C:\Windows\System32\igklg450.dll [2008/06/25 12:23:04 \| 00,147,456 \| ---- \| C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2008/06/25 12:23:04 \| 00,104,636 \| ---- \| C] () -- C:\Windows\System32\igmedcompkrn.dll [2006/11/02 08:35:32 \| 00,005,632 \| ---- \| C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:25:44 \| 00,159,744 \| ---- \| C] () -- C:\Windows\System32\atitmmxx.dll [2006/11/02 06:23:31 \| 00,000,219 \| ---- \| C] () -- C:\Windows\system.ini [2006/11/02 06:23:31 \| 00,000,144 \| ---- \| C] () -- C:\Windows\win.ini [2006/11/02 03:40:29 \| 00,013,750 \| ---- \| C] () -- C:\Windows\System32\pacerprf.ini ========== Files - Modified Within 30 Days ========== [2009/05/15 15:50:05 \| 00,003,616 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/05/15 15:50:05 \| 00,003,616 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/05/15 13:59:14 \| 00,690,960 \| ---- \| M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/05/15 13:59:14 \| 00,595,446 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2009/05/15 13:59:14 \| 00,101,144 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2009/05/15 13:50:07 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009/05/15 13:50:03 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2009/05/15 13:50:00 \| 32,078,23360 \| -HS- \| M] () -- C:\hiberfil.sys [2009/05/15 13:44:46 \| 16,283,032 \| ---- \| M] () -- C:\Users\Owner\Desktop\jre-6u13-windows-i586-p.exe [2009/05/14 19:41:04 \| 00,000,418 \| -H-- \| M] () -- C:\Windows\tasks\User_Feed_Synchronization-{324D9F27-ECCF-42E8-810F-3E52C6B07967}.job [2009/05/10 22:15:42 \| 00,501,248 \| ---- \| M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTListIt2.exe [2009/05/10 21:59:29 \| 00,267,612 \| ---- \| M] () -- C:\Users\Owner\Desktop\Rooter.exe [2009/05/10 20:55:47 \| 00,000,904 \| ---- \| M] () -- C:\Users\Owner\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/05/10 20:54:07 \| 06,325,280 \| ---- \| M] () -- C:\Users\Owner\Desktop\SUPERAntiSpyware.exe [2009/05/10 20:42:34 \| 00,000,820 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/05/10 20:40:52 \| 02,967,800 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup.exe [2009/05/10 20:37:21 \| 00,000,874 \| ---- \| M] () -- C:\Users\Owner\Desktop\NTREGOPT.lnk [2009/05/10 20:37:21 \| 00,000,855 \| ---- \| M] () -- C:\Users\Owner\Desktop\ERUNT.lnk [2009/05/10 20:35:12 \| 00,791,393 \| ---- \| M] (Lars Hederer ) -- C:\Users\Owner\Desktop\erunt_setup.exe [2009/05/10 20:17:02 \| 00,021,504 \| ---- \| M] (Doug Knox) -- C:\Users\Owner\Desktop\SysRestorePoint.exe [2009/05/07 03:16:29 \| 24,699,336 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe [2009/05/01 22:51:02 \| 00,001,783 \| ---- \| M] () -- C:\Users\Public\Desktop\Webroot AntiVirus.lnk [2009/05/01 22:50:19 \| 00,000,164 \| ---- \| M] () -- C:\Windows\install.dat [2009/04/30 23:00:04 \| 00,001,642 \| ---- \| M] () -- C:\Windows\tasks\wrSpySweeper_L989B053946F94F92BCCD523F39FAA989.job [2009/04/28 23:36:35 \| 00,010,308 \| ---- \| M] () -- C:\Users\Owner\Documents\New Microsoft Office Word Document (4).docx [2009/04/16 13:52:13 \| 00,000,400 \| ---- \| M] () -- C:\Windows\tasks\EasyShare Registration Task.job < End of report >

handhfan View Member Profile	May 15 2009, 09:05 PM Post #4
GeekU Moderator Posts: 8,505 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set. Make sure you have an Internet Connection. Download OTCleanIt to your desktop and run it A list of tool components used in the Cleanup of malware will be downloaded. If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so. Click Yes to beging the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes. Please update Adobe Reader, by downloading and installing Adobe Reader 9.1. Next, let's clean your restore points and set a new one: Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected) 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Restart your computer. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK. System Restore will now be active again. Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard gives you realtime protection from spyware. Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer. MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask. To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit. Have a safe and happy computing day!

Thelostlink View Member Profile	May 16 2009, 10:01 AM Post #5
Member Posts: 71 OS: XP	Thanks for your help, but there seems to be a problem with turning off System Restore. Everything involving system restore that I've found on Vista is either A. Create restore point B. Go back to a previous point There is nothing to turn off.

handhfan View Member Profile	May 18 2009, 07:57 PM Post #6
GeekU Moderator Posts: 8,505 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Sorry. Vista is a little different than XP is. This site gives you instructions to turn off System Restore (and in doing so, cleaning out the system restore points). Just remember to turn it back on after you have finished those steps.

handhfan View Member Profile	May 21 2009, 08:54 AM Post #7
GeekU Moderator Posts: 8,505 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Possible worm/trojan, internet not working	2 / 568	10th December 2005 - 05:04 PM thatsme_001 started - last by sari
Virus, Spyware and Trojan Removal Possible infection- trojan-spy-zbot.YETH [Solved] 12	19 / 1,060	8th March 2009 - 11:04 PM kittyk started - last by RatHat
Virus, Spyware and Trojan Removal Trojan Sheur2.Baqn wrecking havoc on my system [Solved] 12	18 / 282	5th September 2009 - 02:50 PM pyron81 started - last by emeraldnzl
Virus, Spyware and Trojan Removal Problem with Trojan Horse on XP machine [Solved] 12	16 / 237	4th November 2009 - 01:19 PM Mr. Deco started - last by Rorschach112