help - I have some kind of virus (Please see Logs) [RESOLVED]

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

help - I have some kind of virus (Please see Logs) [RESOLVED], C:\windows\Sysvxd.exe

Options

miket5567 View Member Profile	Oct 24 2008, 08:48 PM Post #1
New Member Posts: 7 OS: XP	Hello all, I am new to this forum and I am not to computer savy . Some how my computer has a virus. It was saying this: C:\windows\Sysvxd.exe Also says somehthing about MS DOS. I was poking around on this website (graet by the way) and found this post.... Hi there and welcome, Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. And then a look Download OTViewIt to your desktop. Close all windows and double click OTViewIt Place a tick in the Scan all Users box Click Run Scan and let the program run uninterrupted On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post. Logs required : MBAM and Both OTView it logs I am in the middle of doing a Malwarebytes scan. Once it is done I will download OTViewIt and post my results. Could someone tell me what I'm dealing with? Thanks so much! Mike This post has been edited by miket5567: Oct 25 2008, 06:49 PM

Essexboy View Member Profile	Oct 25 2008, 06:00 AM Post #2
Global Moderator Posts: 10,028 From: Darkest Cornwall OS: Vista Ultimate	Hi there while I am waiting for the logs do you use Stardock ?

miket5567 View Member Profile	Oct 25 2008, 06:43 PM Post #3
New Member Posts: 7 OS: XP	Here is what I got. Thanks so much for looking into it for me. alwarebytes' Anti-Malware 1.30 Database version: 1316 Windows 5.1.2600 Service Pack 3 10/25/2008 8:35:06 PM mbam-log-2008-10-25 (20-35-06).txt Scan type: Quick Scan Objects scanned: 54301 Time elapsed: 37 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 18 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xrt_Shell (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_id (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_options (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_server1 (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_reserv (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_forms (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_certs (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_options (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_ss (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_pstorage (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_command (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_file (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_idproject (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_pauseopt (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_pausecert (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_deletecookie (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_deletesol (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_patch (Backdoor.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Mike T\xrt_msgj.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winlogon.old (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. OT LOG: OTViewIt logfile created on: 10/25/2008 8:38:33 PM - Run OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Mike T\Local Settings\Temporary Internet Files\Content.IE5\2DWNM5MX Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 383.07 Mb Total Physical Memory \| 117.15 Mb Available Physical Memory \| 30.58% Memory free 920.27 Mb Paging File \| 503.47 Mb Available in Paging File \| 54.71% Paging File free Paging file location(s): C:\pagefile.sys 576 1152; %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 76.32 Gb Total Space \| 39.06 Gb Free Space \| 51.18% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: WKSTN01 Current User Name: Mike T Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days ========== Processes ========== [2004/02/29 16:44:48 \| 00,255,096 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004/02/29 16:44:54 \| 00,242,808 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2008/09/10 16:50:26 \| 00,116,040 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008/08/29 10:18:44 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe [2004/07/20 01:18:52 \| 00,029,912 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe [2003/06/19 23:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2004/07/20 01:19:34 \| 01,258,712 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004/09/22 18:46:10 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe [2004/02/29 16:44:46 \| 00,066,680 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004/07/20 01:20:26 \| 00,124,112 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe [2008/06/10 04:27:04 \| 00,144,784 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2005/03/23 19:26:09 \| 00,217,088 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe [2001/08/17 18:36:42 \| 00,024,064 \| ---- \| M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe [2008/09/10 17:40:06 \| 00,289,576 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe [2008/03/25 21:27:58 \| 00,049,152 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [2008/03/25 20:40:42 \| 00,214,360 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2008/09/10 17:39:48 \| 00,536,872 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe [2008/03/25 20:49:02 \| 00,184,320 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [2008/03/25 20:49:00 \| 00,569,344 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe [2008/03/26 02:25:18 \| 00,286,720 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [2007/07/30 19:19:16 \| 00,053,080 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe [2006/09/01 17:35:28 \| 12,259,088 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE [2008/10/25 20:36:23 \| 00,421,888 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Mike T\Local Settings\Temporary Internet Files\Content.IE5\2DWNM5MX\OTViewIt[1].exe ========== (O23) Win32 Services ========== [2008/09/10 16:50:26 \| 00,116,040 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto \| Running]) [2007/10/24 01:47:22 \| 00,033,800 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand \| Stopped]) [2008/08/29 10:18:44 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto \| Running]) [2004/02/29 16:44:48 \| 00,255,096 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto \| Running]) [2004/02/29 16:44:52 \| 00,087,160 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand \| Stopped]) [2004/02/29 16:44:54 \| 00,242,808 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto \| Running]) [2007/10/24 01:47:40 \| 00,070,144 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) [2004/07/20 01:18:52 \| 00,029,912 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto \| Running]) [2005/04/04 00:41:10 \| 00,069,632 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand \| Stopped]) [2008/09/10 17:39:48 \| 00,536,872 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand \| Running]) [2003/06/19 23:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto \| Running]) [2003/07/28 12:28:22 \| 00,089,136 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled \| Stopped]) [2004/03/12 15:18:06 \| 00,169,192 \| ---- \| M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand \| Stopped]) [2004/06/11 21:28:30 \| 00,201,944 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand \| Stopped]) [2004/07/20 01:19:34 \| 01,258,712 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto \| Running]) [2004/09/22 18:46:10 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto \| Running]) ========== Driver Services ========== [2005/02/23 14:58:56 \| 00,011,776 \| ---- \| M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc [On_Demand \| Running]) [2002/07/16 20:53:02 \| 00,016,877 \| ---- \| M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32 [Auto \| Running]) [2001/08/17 08:19:20 \| 00,003,712 \| ---- \| M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk [On_Demand \| Running]) [2001/08/17 08:11:06 \| 00,066,591 \| ---- \| M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC [On_Demand \| Running]) [2001/08/17 08:19:26 \| 00,283,904 \| ---- \| M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k [On_Demand \| Running]) [2001/08/17 08:19:28 \| 00,006,912 \| ---- \| M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand \| Running]) [2008/04/13 14:45:29 \| 00,010,624 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand \| Running]) [2008/04/17 13:12:54 \| 00,015,464 \| ---- \| M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand \| Running]) [2008/01/25 08:22:06 \| 00,049,920 \| ---- \| M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand \| Running]) [2008/01/25 08:22:07 \| 00,016,496 \| ---- \| M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand \| Running]) [2008/01/25 08:22:08 \| 00,021,568 \| ---- \| M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand \| Running]) [2008/04/13 14:39:48 \| 00,014,592 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System \| Running]) [2008/10/18 04:00:00 \| 00,089,104 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081018.004\NAVENG.SYS -- (NAVENG [On_Demand \| Running]) [2008/10/18 04:00:00 \| 00,873,552 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081018.004\NAVEX15.SYS -- (NAVEX15 [On_Demand \| Running]) [2004/08/03 22:29:56 \| 01,897,408 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand \| Running]) [2005/03/15 05:45:20 \| 00,020,352 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand \| Stopped]) [2001/08/18 08:00:00 \| 00,017,792 \| ---- \| M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand \| Running]) [2004/05/19 12:33:44 \| 00,020,016 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot \| Running]) [2004/02/09 15:43:56 \| 00,301,200 \| R--- \| M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System \| Running]) [2004/02/09 15:43:56 \| 00,037,008 \| R--- \| M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [Auto \| Running]) [2008/04/13 12:39:15 \| 00,020,480 \| ---- \| M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand \| Stopped]) [2001/08/17 08:19:34 \| 00,036,480 \| ---- \| M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman [On_Demand \| Running]) [2001/08/17 13:56:16 \| 00,007,552 \| ---- \| M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand \| Stopped]) [2004/03/04 23:46:46 \| 00,082,832 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand \| Running]) [2004/06/11 21:28:08 \| 00,016,280 \| ---- \| M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand \| Running]) [2004/06/11 21:28:10 \| 00,263,736 \| ---- \| M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System \| Running]) [2007/10/31 15:09:14 \| 00,030,464 \| ---- \| M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand \| Stopped]) [2003/08/04 03:29:08 \| 00,006,912 \| ---- \| M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\vulfnth.sys -- (vulfnths [On_Demand \| Running]) [2003/08/04 03:29:32 \| 00,011,392 \| ---- \| M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\vulfntr.sys -- (vulfntrs [On_Demand \| Running]) [2005/04/12 20:21:28 \| 00,010,144 \| ---- \| M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand \| Running]) [2005/04/12 20:21:32 \| 00,022,240 \| ---- \| M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand \| Stopped]) [2005/04/12 20:21:28 \| 00,005,600 \| ---- \| M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand \| Stopped]) [2005/04/12 20:21:26 \| 00,045,504 \| ---- \| M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand \| Running]) ========== (R ) Internet Explorer ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Local Page"=C:\WINDOWS\system32\blank.htm "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=http://www.yahoo.com/ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Local Page"=C:\WINDOWS\system32\blank.htm "Page_Transitions"= "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=http://www.yahoo.com/ [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL] "provider"= [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 "ProxyOverride" = .local ========== (O1) Hosts File ========== HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost ========== (O2) BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\] {02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found {0347C33E-8762-4905-BF09-768834316C61} (HKLM) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HKLM) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) ========== (O3) Toolbars ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found ========== (O4) Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation) "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) "hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard) "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation) "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.) "POEngine"= File not found "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.) "REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN (FUJI PHOTO FILM CO., LTD.) "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.) "vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation) "WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" -servicehelper File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated) ========== (O4) Startup Folders ========== [2005/09/23 22:05:26 \| 00,029,696 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008/03/25 20:40:42 \| 00,214,360 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe ========== (O6 & O7) Current Version Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run] "wininet.dll"=dfrgsrv.exe "kernel32.dll"=C:\WINDOWS\system32\mssearchnet.exe -- File not found "nvctrl.exe"=nvctrl.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 ========== (O8) IE Context Menu Extensions ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2006/08/23 20:20:08 \| 10,269,456 \| ---- \| M] (Microsoft Corporation) ========== (O9) IE Extensions ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 \| 00,132,496 \| ---- \| M] (Sun Microsystems, Inc.) {92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 \| 00,040,512 \| ---- \| M] (Microsoft Corporation) {DDE87865-83C5-48c4-8357-2F5B1AA84522}: Button: HP Smart Select -- %ProgramFiles%\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008/03/27 23:51:18 \| 00,501,056 \| ---- \| M] (Hewlett-Packard Co.) {e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 14:53:32 \| 00,558,080 \| ---- \| M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 \| 01,695,232 \| ---- \| M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 \| 01,695,232 \| ---- \| M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 \| 00,132,496 \| ---- \| M] (Sun Microsystems, Inc.) CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 \| 00,040,512 \| ---- \| M] (Microsoft Corporation) CmdMapping\\{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> %ProgramFiles%\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2008/03/27 23:51:18 \| 00,501,056 \| ---- \| M] (Hewlett-Packard Co.) CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 \| 00,558,080 \| ---- \| M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 \| 01,695,232 \| ---- \| M] (Microsoft Corporation) ========== (O12) Internet Explorer Plugins ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\] PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery ========== (O13) Default Prefixes ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// ========== (O15) Trusted Sites ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 1 domain(s) and sub-domain(s) not assigned to a zone. ========== (O16) DPF ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\] {17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool {48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- MySpace Uploader Control {6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/microsoftu...b?1210100505865 -- WUWebControl Class {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_05 {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06 {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_09 {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11 {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01 {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02 {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05 {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object ========== (O17) DNS Name Servers ========== {C4CDB4DB-7EAA-4492-AABA-0F1A1301A89D} (Servers: \| Description: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)) ========== (O20) Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) ========== (O22) Shared Task Scheduler ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}" (HKLM) = USB Ware -- Reg Error: Key does not exist or could not be opened. File not found ========== Safeboot Options ========== "AlternateShell"=cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2005/10/13 21:38:20 \| 00,000,000 \| ---- \| M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== Files/Folders - Created Within 30 Days ========== [2008/10/25 00:47:27 \| 00,337,408 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2008/10/25 00:46:47 \| 00,333,824 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2008/10/25 00:46:40 \| 02,145,280 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2008/10/25 00:46:39 \| 02,189,184 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2008/10/25 00:46:37 \| 02,023,936 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2008/10/25 00:46:36 \| 02,066,048 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2008/10/25 00:46:14 \| 01,846,400 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys [2008/10/25 00:44:38 \| 00,331,776 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll [2008/10/25 00:43:35 \| 00,691,712 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll [2008/10/25 00:41:42 \| 00,203,136 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys [2008/10/24 23:04:47 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Mike T\Desktop\System [2008/10/24 22:53:15 \| 00,000,229 \| ---- \| C] () -- C:\Documents and Settings\Mike T\Desktop\Original Geeks to Go post.rtf [2008/10/24 22:39:37 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Mike T\Application Data\Malwarebytes [2008/10/24 22:39:30 \| 00,000,696 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2008/10/24 22:39:29 \| 00,015,504 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008/10/24 22:39:26 \| 00,038,496 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/10/24 22:39:23 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2008/10/24 22:39:23 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2008/10/24 00:15:48 \| 00,024,064 \| ---- \| C] () -- C:\Documents and Settings\Mike T\Desktop\fantasy basketball.doc [2008/10/21 23:53:03 \| 00,000,719 \| ---- \| C] () -- C:\WINDOWS\Sysvxd.exe [2008/10/20 01:57:29 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\System32\Ÿ9Ÿ9 [2008/10/19 23:48:36 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Mike T\Desktop\Shauna Scan [2008/10/17 13:42:07 \| 00,309,760 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll [2008/10/15 09:09:40 \| 14,978,9242 \| ---- \| C] () -- C:\Documents and Settings\Mike T\My Documents\Josh.zip [2008/10/15 08:51:48 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Mike T\Desktop\Josh [2008/10/14 19:36:24 \| 00,001,738 \| ---- \| C] () -- C:\Documents and Settings\Mike T\Desktop\Atomic TimeSync.lnk [2008/10/14 19:36:24 \| 00,000,000 \| ---D \| C] -- C:\Program Files\AnalogX [2008/10/14 00:17:15 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Mike T\Application Data\Yahoo! [2008/10/13 20:18:24 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\WEBREG [2008/10/13 16:33:46 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Yahoo! [2008/10/13 16:12:00 \| 00,000,000 \| -H-D \| C] -- C:\Config.Msi [2008/10/13 11:23:25 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Mike T\Desktop\Phish Spectrum Comp [2008/10/04 22:21:14 \| 00,000,804 \| ---- \| C] () -- C:\Documents and Settings\Mike T\Desktop\ImTOO DVD Creator.lnk [2008/10/04 22:21:05 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ImTOO ========== Files - Modified Within 30 Days ========== [2 C:\WINDOWS\System32\.tmp files] [4 C:\WINDOWS\.tmp files] [2008/10/25 09:27:02 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2008/10/25 09:24:51 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2008/10/25 09:24:43 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2008/10/25 09:24:41 \| 40,175,2064 \| -HS- \| M] () -- C:\hiberfil.sys [2008/10/25 06:25:02 \| 00,242,328 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/10/25 01:26:40 \| 00,001,393 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2008/10/25 01:13:42 \| 00,460,258 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2008/10/25 01:13:42 \| 00,408,792 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2008/10/25 01:13:42 \| 00,064,314 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2008/10/24 23:14:17 \| 00,244,736 \| ---- \| M] () -- C:\Documents and Settings\Mike T\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/10/24 22:53:17 \| 00,000,229 \| ---- \| M] () -- C:\Documents and Settings\Mike T\Desktop\Original Geeks to Go post.rtf [2008/10/24 22:39:30 \| 00,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2008/10/24 20:10:52 \| 00,000,719 \| ---- \| M] () -- C:\WINDOWS\Sysvxd.exe [2008/10/24 18:04:54 \| 00,000,049 \| ---- \| M] () -- C:\WINDOWS\NeroDigital.ini [2008/10/24 00:15:48 \| 00,024,064 \| ---- \| M] () -- C:\Documents and Settings\Mike T\Desktop\fantasy basketball.doc [2008/10/22 17:56:18 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2008/10/22 16:10:38 \| 00,038,496 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/10/22 16:10:22 \| 00,015,504 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008/10/21 21:02:17 \| 00,002,137 \| ---- \| M] () -- C:\Documents and Settings\Mike T\Desktop\iTunes.lnk [2008/10/20 01:57:29 \| 00,000,000 \| ---- \| M] () -- C:\WINDOWS\System32\Ÿ9Ÿ9 [2008/10/18 23:58:00 \| 00,000,272 \| ---- \| M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job [2008/10/17 13:51:11 \| 00,000,659 \| ---- \| M] () -- C:\WINDOWS\win.ini [2008/10/15 12:34:24 \| 00,337,408 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll [2008/10/15 12:34:24 \| 00,337,408 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2008/10/15 10:51:53 \| 00,295,424 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll [2008/10/15 10:51:51 \| 00,507,904 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\winlogon.exe [2008/10/15 09:09:40 \| 14,978,9242 \| ---- \| M] () -- C:\Documents and Settings\Mike T\My Documents\Josh.zip [2008/10/14 19:36:25 \| 00,001,738 \| ---- \| M] () -- C:\Documents and Settings\Mike T\Desktop\Atomic TimeSync.lnk [2008/10/13 16:39:42 \| 00,000,173 \| ---- \| M] () -- C:\WINDOWS\wininit.ini [2008/10/07 12:19:42 \| 16,721,856 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2008/10/04 22:21:14 \| 00,000,804 \| ---- \| M] () -- C:\Documents and Settings\Mike T\Desktop\ImTOO DVD Creator.lnk < End of report > Extras Log: OTViewIt Extras logfile created on: 10/25/2008 8:38:34 PM - Run OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Mike T\Local Settings\Temporary Internet Files\Content.IE5\2DWNM5MX Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 383.07 Mb Total Physical Memory \| 117.15 Mb Available Physical Memory \| 30.58% Memory free 920.27 Mb Paging File \| 503.47 Mb Available in Paging File \| 54.71% Paging File free Paging file location(s): C:\pagefile.sys 576 1152; %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 76.32 Gb Total Space \| 39.06 Gb Free Space \| 51.18% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: WKSTN01 Current User Name: Mike T Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled"=1 "AntiVirusDisableNotify"=0 "FirewallDisableNotify"=0 "UpdatesDisableNotify"=0 "AntiVirusOverride"=0 "FirewallOverride"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall"=1 "DoNotAllowExceptions"=0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008/04/13 20:12:34 \| 00,141,312 \| ---- \| M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019 [2008/04/13 14:53:32 \| 00,558,080 \| ---- \| M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000 [2008/03/25 20:40:42 \| 00,214,360 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe::Enabled:hpqtra08.exe [2008/03/25 20:49:02 \| 00,184,320 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe::Enabled:hpqste08.exe [2008/05/12 00:04:04 \| 00,107,864 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe::Enabled:hposid01.exe [2008/03/16 12:14:00 \| 00,167,936 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe::Enabled:hpqkygrp.exe [2008/03/16 12:14:04 \| 01,556,480 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe::Enabled:hpiscnapp.exe [2008/03/20 09:36:30 \| 00,550,312 \| ---- \| M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe::Enabled:hpqphotocrm.exe [2008/03/20 09:36:38 \| 03,782,048 \| ---- \| M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe::Enabled:hpqpsapp.exe [2008/03/25 21:21:20 \| 00,247,128 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe::Enabled:hpqcopy2.exe [2008/03/13 09:34:26 \| 00,087,456 \| ---- \| M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe::Enabled:hpqpse.exe [2008/03/20 09:36:40 \| 00,135,168 \| ---- \| M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe::Enabled:hpqsudi.exe [2008/03/26 02:25:20 \| 00,237,568 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe::Enabled:hpqgplgtupl.exe [2008/03/26 02:25:18 \| 00,286,720 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe::Enabled:hpqgpc01.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2008/04/13 20:12:34 \| 00,141,312 \| ---- \| M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019 File not found -- C:\Program Files\BitTorrent\btdownloadgui.exe::Enabled:btdownloadgui [2004/09/22 18:46:22 \| 00,073,728 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe::Enabled:Windows Media Player File not found -- C:\Program Files\iMesh Applications\iMesh6\iMesh6.exe::Enabled:iMesh 6 File not found -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe::Disabled:Kodak Software Updater [2008/09/28 10:43:44 \| 07,671,408 \| ---- \| M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe::Enabled:Firefox File not found -- C:\Program Files\TVUPlayer\TVUPlayer.exe::Enabled:TVU Player Component [2008/04/13 20:12:22 \| 00,093,184 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE::Enabled:Internet Explorer [2004/11/23 08:33:24 \| 00,049,247 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\PokerOffice\bin\javaw.exe::Enabled:Java™ 2 Platform Standard Edition binary [2008/03/08 23:19:46 \| 00,219,952 \| ---- \| M] () -- C:\Program Files\uTorrent\utorrent.exe::Enabled:µTorrent [2008/04/30 04:32:48 \| 01,892,352 \| ---- \| M] (www.sopcast.com) -- C:\Program Files\SopCast\SopCast.exe::Enabled:SopCast Main Application [2007/05/06 17:58:18 \| 00,260,944 \| ---- \| M] (www.sopcast.com) -- C:\Documents and Settings\Mike T\Application Data\SopCast\adv\SopAdver.exe::Enabled:SopCast Adver [2008/04/13 14:53:32 \| 00,558,080 \| ---- \| M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000 File not found -- C:\Program Files\Autobahn\autobahn.exe::Enabled:autobahn [2008/08/29 10:18:44 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour [2008/09/10 17:39:54 \| 14,228,264 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes [2007/03/07 06:27:12 \| 00,567,384 \| ---- \| M] (www.sopcast.com) -- C:\Program Files\SopCast\adv\SopAdver.exe::Enabled:SopCast Adver File not found -- C:\WINDOWS\system32\drivers\svchost.exe::Disabled:svchost [2008/03/25 20:40:42 \| 00,214,360 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe::Enabled:hpqtra08.exe [2008/03/25 20:49:02 \| 00,184,320 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe::Enabled:hpqste08.exe [2008/05/12 00:04:04 \| 00,107,864 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe::Enabled:hposid01.exe [2008/03/16 12:14:00 \| 00,167,936 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe::Enabled:hpqkygrp.exe [2008/03/16 12:14:04 \| 01,556,480 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe::Enabled:hpiscnapp.exe [2008/03/20 09:36:30 \| 00,550,312 \| ---- \| M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe::Enabled:hpqphotocrm.exe [2008/03/20 09:36:38 \| 03,782,048 \| ---- \| M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe::Enabled:hpqpsapp.exe [2008/03/25 21:21:20 \| 00,247,128 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe::Enabled:hpqcopy2.exe [2008/03/13 09:34:26 \| 00,087,456 \| ---- \| M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe::Enabled:hpqpse.exe [2008/03/20 09:36:40 \| 00,135,168 \| ---- \| M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe::Enabled:hpqsudi.exe [2008/03/26 02:25:20 \| 00,237,568 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe::Enabled:hpqgplgtupl.exe [2008/03/26 02:25:18 \| 00,286,720 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe::Enabled:hpqgpc01.exe [2008/04/13 20:12:19 \| 01,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe::Enabled:Windows Explorer ========== (O10) Winsock2 Catalogs ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\] NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) ========== (O18) Protocol Handlers ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] ipp: [HKLM - No CLSID value] [2003/07/11 02:25:22 \| 00,842,816 \| ---- \| M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] msdaipp: [HKLM - No CLSID value] [2003/07/11 02:25:22 \| 00,842,816 \| ---- \| M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [2003/07/11 02:25:22 \| 00,842,816 \| ---- \| M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER] [2000/04/19 18:47:36 \| 00,520,117 \| ---- \| M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0]) [2005/06/03 00:36:20 \| 07,252,672 \| ---- \| M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler]) [2005/04/25 13:29:56 \| 08,071,360 \| ---- \| M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler]) ========== (O18) Protocol Filters ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters [2003/07/14 22:45:12 \| 00,039,488 \| ---- \| M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}"=Status "{09633A5E-3089-41A8-9FF1-382171423C5D}"=PSSWCORE "{22F761D1-8063-4170-ADF7-2D2F47834CA9}"=VideoToolkit01 "{27197499-7680-4208-8FD8-5439CDB0FDC1}"=HPProductAssistant "{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}"=HPSSupply "{3248F0A8-6813-11D6-A77B-00B0D0150050}"=J2SE Runtime Environment 5.0 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9 "{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP "{3B0F52AC-EF5C-4831-B221-06C782E41280}"=Quicken 2008 "{3D047C15-C859-45F7-81CE-F2681778069B}"=iPod for Windows 2006-01-10 "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}"=Google Earth "{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes "{5490882C-6961-11D5-BAE5-00E0188E010B}"=FUJIFILM USB Driver "{593A6CAF-E114-4e31-884F-74FF349E8E36}"=SolutionCenter "{5B39603F-2A77-40E6-950D-ED7B8307933D}"=Microsoft IntelliPoint 5.3 "{5F26311C-B135-4F7F-B11E-8E650F83651E}"=DeviceFunctionQFolder "{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}"=DJ_AIO_03_F4200_Software "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0 "{6365C963-4B72-43F8-8392-2A5441EC2A86}"=DJ_AIO_03_F4200_ProductContext "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update "{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder "{848AC794-8B81-440A-81AE-6474337DB527}"=Symantec AntiVirus "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour "{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime "{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003 "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}"=TrayApp "{9F4EE72A-C5C9-42ad-ABEF-427690843577}"=MarketResearch "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}"=Windows Defender Signatures "{AA2E8A46-B45E-4aea-8A23-88AB57D04523}"=WebReg "{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A70900000002}"=Adobe Reader 7.0.9 "{AC76BA86-7AD7-5464-3428-7050000000A7}"=Adobe Reader 7.0.5 Language Support "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}"=ABBYY FineReader 6.0 Sprint "{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1 "{B61A79BE-E94C-42C0-921D-8B7E5217069C}"=F4200 "{B6ACFF51-248A-4290-B50B-E50C81F25B97}"=iPod for Windows 2005-02-22 "{BD57EA4D-026E-4F08-9B93-080E282B81FE}"=iPod for Windows 2006-06-28 "{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}"=DJ_AIO_03_F4200_Software_Min "{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}"=BufferChm "{C3B6AEB1-390C-4792-8677-CD87F8B2C959}"=HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}"=Scan "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1 "{CC0E1AE3-091D-4969-B151-7AC142062C28}"=SmartWebPrinting "{D063F201-FAC4-4D5C-B10B-615058ADE5A7}"=HP Update "{D16B4BE6-8B10-422f-8034-96D1CA9483B5}"=GPBaseService "{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}"=ArcSoft PhotoImpression 5 "{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}"=HP Photosmart Essential 2.5 "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}"=AnswerWorks 5.0 English Runtime "{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}"=On2 VP7 Personal Edition "{E133E97F-5186-4503-BEC8-752EB9E8EBD7}"=Copy "{E535C94A-B87F-4182-BEA8-1E9322078D3E}"=Cards_Calendar_OrderGift_DoMorePlugout "{E96B0085-6659-486b-A221-5042A042728D}"=Toolbox "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}"=DeviceDiscovery "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}"=Destination Component "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}"=32 Bit HP CIO Components Installer "{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}"=F4200_Help "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard "{FE64AE29-0883-4C70-8388-DC026019C900}"=HP Image Zone Express "82A44D22-9452-49FB-00FB-CEC7DCAF7E23"=EA SPORTS online 2007 "Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin"=Adobe

miket5567 View Member Profile	Oct 25 2008, 11:59 PM Post #4
New Member Posts: 7 OS: XP	Thanks for looking

Essexboy View Member Profile	Oct 26 2008, 06:48 AM Post #5
Global Moderator Posts: 10,028 From: Darkest Cornwall OS: Vista Ultimate	Hi you do have the odd trojan or two Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt** in your next reply.

miket5567

Oct 26 2008, 08:24 AM

Post #6

New Member

Posts: 7
OS: XP

Thanks again, you guys rock! Here is the ComboFix Log:

ComboFix 08-10-25.01 - Mike T 2008-10-26 10:16:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.130 [GMT -4:00]
Running from: C:\Documents and Settings\Mike T\Desktop\System\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
.

2008-10-25 20:38 . 2008-10-26 02:01 4,266 --a------ C:\Documents and Settings\Mike T\xrt_log.dat
2008-10-25 00:47 . 2008-10-15 12:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-25 00:46 . 2008-08-14 06:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-25 00:46 . 2008-08-14 06:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-25 00:46 . 2008-08-14 05:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-25 00:46 . 2008-08-14 05:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-25 00:46 . 2008-09-15 08:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-25 00:46 . 2008-09-08 06:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-25 00:44 . 2008-05-01 10:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-10-25 00:43 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-25 00:41 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-25 00:41 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-10-24 22:39 . 2008-10-24 22:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-24 22:39 . 2008-10-24 22:39 <DIR> d-------- C:\Documents and Settings\Mike T\Application Data\Malwarebytes
2008-10-24 22:39 . 2008-10-24 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-24 22:39 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-24 22:39 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-21 23:53 . 2008-10-24 20:10 719 --a------ C:\WINDOWS\Sysvxd.exe
2008-10-20 01:57 . 2008-10-20 01:57 0 --a------ C:\WINDOWS\system32\Ÿ9Ÿ9
2008-10-18 16:30 . 2008-10-18 16:30 44,032 --a------ C:\Documents and Settings\All Users\mrGx.exe
2008-10-17 13:44 . 2008-10-17 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-10-17 13:43 . 2008-10-17 13:43 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-10-17 13:42 . 2008-01-25 08:22 729,088 --a------ C:\WINDOWS\system32\hpowiax7.dll
2008-10-17 13:42 . 2008-01-25 08:22 581,632 --a------ C:\WINDOWS\system32\hpotscl6.dll
2008-10-17 13:42 . 2008-01-25 08:22 372,736 --a------ C:\WINDOWS\system32\hppldcoi.dll
2008-10-17 13:42 . 2008-01-25 08:22 309,760 --a------ C:\WINDOWS\system32\difxapi.dll
2008-10-17 13:42 . 2008-01-25 08:22 303,104 --a------ C:\WINDOWS\system32\hpovst15.dll
2008-10-17 13:40 . 2008-10-17 13:51 165,593 --a------ C:\WINDOWS\hpoins28.dat
2008-10-17 13:40 . 2008-05-12 15:12 796 --------- C:\WINDOWS\hpomdl28.dat
2008-10-14 19:36 . 2008-10-14 19:36 <DIR> d-------- C:\Program Files\AnalogX
2008-10-14 00:17 . 2008-10-14 00:17 <DIR> d-------- C:\Documents and Settings\Mike T\Application Data\Yahoo!
2008-10-13 20:18 . 2008-10-13 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-10-13 16:38 . 2008-10-13 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-10-13 16:38 . 2007-10-20 18:25 118,272 --a------ C:\WINDOWS\system32\hpz3l5mu.dll
2008-10-13 16:33 . 2008-10-19 22:14 <DIR> d-------- C:\Program Files\Yahoo!
2008-10-13 16:33 . 2008-10-26 10:11 <DIR> d-------- C:\Documents and Settings\Mike T\Application Data\HPAppData
2008-10-13 16:16 . 2008-10-13 16:16 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-10-13 16:13 . 2008-01-25 08:22 49,920 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-10-13 16:13 . 2008-01-25 08:22 21,568 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-10-13 16:13 . 2008-01-25 08:22 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-10-04 22:21 . 2008-10-04 22:21 <DIR> d-------- C:\Program Files\ImTOO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 14:12 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-10-25 10:24 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-25 03:05 --------- d-----w C:\Program Files\Lavasoft
2008-10-25 02:51 --------- d-----w C:\Documents and Settings\Mike T\Application Data\uTorrent
2008-10-22 00:42 --------- d-----w C:\Program Files\Java
2008-10-17 17:47 --------- d-----w C:\Program Files\HP
2008-10-17 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-10-17 17:12 --------- d-----w C:\Program Files\epson
2008-10-17 17:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-16 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-10-15 14:51 507,904 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-10-15 14:51 295,424 ----a-w C:\WINDOWS\system32\termsrv.dll
2008-10-01 02:11 --------- d-----w C:\Program Files\Electronic Arts
2008-09-19 04:48 --------- d-----w C:\Program Files\iTunes
2008-09-19 04:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-19 04:47 --------- d-----w C:\Program Files\iPod
2008-09-19 04:45 --------- d-----w C:\Program Files\QuickTime
2008-09-19 04:45 --------- d-----w C:\Program Files\Bonjour
2008-09-19 04:44 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-19 04:41 --------- d-----w C:\Program Files\Apple Software Update
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-07 05:07 --------- d-----w C:\Documents and Settings\Mike T\Application Data\Move Networks
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-20 05:30 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.

------- Sigcheck -------

2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-13 20:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-10-15 10:51 507904 3969440ba384d35317dbbdeeaae641ce C:\WINDOWS\system32\winlogon.exe

2004-08-04 00:56 295424 b60c877d16d9c880b952fda04adf16e6 C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
2008-04-13 20:12 295424 ff3477c03be7201c294c35f684b3479f C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
2008-10-15 10:51 295424 63999d0abd8dabfd76a9c07f6e104868 C:\WINDOWS\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-07-20 124112]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2008-03-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike T^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=C:\Documents and Settings\Mike T\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 17:40 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\PokerOffice\\bin\\javaw.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Mike T\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\