Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Task Manager missing; outlook crashing; system slow [RESOLVED]


  • This topic is locked This topic is locked

#1
hsc

hsc

    New Member

  • Member
  • Pip
  • 8 posts
Hi there, I've seen other posts related to this problem and looked at the responses but each seemed different enough that I wasn't comfortable just trying to replicate one.

In short, task manager has disappeared from the system; neither clicking on the taskbar nor ctl-alt-del works. Whether related or not, my system has also become very slow, and Outlook in particular (on one user side more so than the other) has begun to freeze/not respond at least a couple of times a day. Thanks for any help!

I have followed all the instructions in the "you must read this before posting..." guide. Here are my MBAM log and HijackThis logs:

Malwarebytes' Anti-Malware 1.24
Database version: 1045
Windows 5.1.2600 Service Pack 2

1:55:38 PM 8/12/2008
mbam-log-8-12-2008 (13-55-38).txt

Scan type: Quick Scan
Objects scanned: 71463
Time elapsed: 1 hour(s), 4 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------------------------------------




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:32 PM, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Plaxo\2.13.1.6\PlaxoHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.6\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\PROGRA~1\QUICKEN\bagent.exe
O4 - HKUS\S-1-5-21-3783837213-2937439766-3319840945-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Jeff Andrews')
O4 - HKUS\S-1-5-21-3783837213-2937439766-3319840945-1008\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'Jeff Andrews')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post To &WP : The diaBLOG - java script:doc=external.menuArguments.document;Q=doc.selection.createRange().text;vo
id(btw=window.open('http://www.dialogicconsulting.com/diaBLOG/wp-admin/bookmarklet.php?text='+escape(Q)+'&popupurl='+escape(doc.location.href)+'&popuptitle='+escape(doc.title),'bookmarklet','scrollbars=no,width=480,height=550,left=100,top=150,status=yes'));btw.focus();
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwda.ops.p...quicksilver.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.q...147/qboax10.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://w1.webex.com...bex/ieatgpc.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8791 bytes





and here is the uninstall list run from HijackThis:
123 GIF&JPG Optimizer V3.0
Adobe Flash Player ActiveX
Adobe Photoshop 5.0.2
Adobe Reader 7.1.0
AIM 6
ALPS Touch Pad Driver
Apple Software Update
Audacity 1.2.6
AvantGo Client
avast! Antivirus
BounceBack Professional
Broadcom Management Programs 2
CoffeeCup Free FTP
Conexant D110 MDC V.9x Modem
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Digital Line Detect
doPDF 6.0 printer
eFax Messenger 4.0
Elf Bowling 3 (remove only)
Freecorder 2.3 (with Skype Call Recording)
Handmark® Tetris Classic™ Game Pak for Pocket PC
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
iPod for Windows 2005-03-23
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
Jing
Macromedia Flash Player
Malwarebytes' Anti-Malware
Maxtor OneTouch
mCore
mDrWiFi
Mental Motions Pencil Box Deluxe
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Meeting
Microsoft Office Small Business Edition 2003
Microsoft Reader
Microsoft Reader for Pocket PC
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Voice Command
Microsoft Voice Command US PPC 1.50
mIWA
mIWCA
MixMeister BPM Analyzer 1.0
mLogView
mMHouse
Modem Helper
Moho 5.2.1
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mToolkit
mWlsSafe
mXML
mZConfig
NetWaiting
Patiences
PC-Linq
Photo Loader 2.3E
Plaxo Toolbar for Windows
Pocket Artist
PowerDVD 5.3
PSPad editor
QuickBooks Simple Start Special Edition
Quicken 2007
QuickTime
Rhapsody
Rhapsody Player Engine
SanDisk Wi-Fi SD Card for Windows CE 4.00
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spb Full Screen Keyboard
Spybot - Search & Destroy 1.4
TurboTax Home & Business 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
TurboTax Premier 2005
Uniblue SpeedUpMyPC 3
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
USB Storage Adapter FX (MXO)
Viewpoint Media Player
WebIQ Client Software
WexTech AnswerWorks
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
ZipGenius 6 (6.0.2.1041)
  • 0

Advertisements


#2
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello hsc, and welcome to Geeks to go.
Sorry about the delay, everyone here has been very busy. If you could please post a new HijackThis log in your next reply.
  • 0

#3
hsc

hsc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi, here's the new HijackThis log. Thanks in advance for any help you can provide.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:05 AM, on 8/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Plaxo\2.13.1.6\PlaxoHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.6\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\PROGRA~1\QUICKEN\bagent.exe
O4 - HKUS\S-1-5-21-3783837213-2937439766-3319840945-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Jeff Andrews')
O4 - HKUS\S-1-5-21-3783837213-2937439766-3319840945-1008\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'Jeff Andrews')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post To &WP : The diaBLOG - java script:doc=external.menuArguments.document;Q=doc.selection.createRange().text;vo
id(btw=window.open('http://www.dialogicconsulting.com/diaBLOG/wp-admin/bookmarklet.php?text='+escape(Q)+'&popupurl='+escape(doc.location.href)+'&popuptitle='+escape(doc.title),'bookmarklet','scrollbars=no,width=480,height=550,left=100,top=150,status=yes'));btw.focus();
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwda.ops.p...quicksilver.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.q...147/qboax10.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://w1.webex.com...bex/ieatgpc.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8792 bytes
  • 0

#4
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello hsc,
STEP 1
I do not see a Firewall on your computer. A firewall can help protect you from Hackers and some types of Malware. I recommend you download a firewall. Here are a few to chose from(all are free).
Comodo
Zone Alarm
OutPost
Out of these I would recommend Comodo, please only install one firewall at a time. If you need any help installing/using one of these firewalls please let me know.

STEP 2
Please download Runscanner to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
  • Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here.

  • 0

#5
hsc

hsc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi, here's the .run file attached.

I downloaded Comodo as you suggested. One thing I thought strange was that it kept saying that runscanner was trying to modify many (30+) files in my Avast directory. I allowed them but wanted to run that by you in case it was indication of a problem.

Thanks,
hsc

Attached Files


  • 0

#6
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello hsc,

One thing I thought strange was that it kept saying that runscanner was trying to modify many (30+) files in my Avast directory. I allowed them but wanted to run that by you in case it was indication of a problem.

I don't think there is any problems with that. :)


STEP 1
Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
STEP 2
Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you (it gets saved on your desktop as well ), post that log here.
~~~~~~~~~~~
In your next reply please have these logs/info.
The Kaspersky log
The OTViewIt log
And please tell me how your computer is running
  • 0

#7
hsc

hsc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Jimmy2012,

The two logs are posted below for your review. As far as how my computer is running: it's the same. Outlook crashed after only an hour or so today (not responding); a couple of IE browser windows tried to open but were immediately frozen (not responding). Task Manager is still MIA (from both CTL+A+DEL or by selecting it in the drop down menu via reverse clicking on the taskbar.)

One other quirk I forgot to mention before: my sound icon is also missing from the task bar icons, and when I use the keyboard function commands to raise/lower/mute the sound, it works but the bar graphic that used to pop up to show level no longer appears.

I believe these both disappeared at the same time.

Here are the logs, Kaspersky followed by Oldtimers. They don't seem to show much but I guess if I knew what I was looking for, I'd be answering this question instead of asking it!

Thanks,
hsc

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, August 22, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 22, 2008 14:54:09
Records in database: 1123692
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 101727
Threat name: 1
Infected objects: 0
Suspicious objects: 1
Duration of the scan: 04:16:28


File name / Threat name / Threats count
C:\Documents and Settings\Heather Campbell\Local Settings\Application Data\Microsoft\Outlook\archive.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1

The selected area was scanned.




--------------------------------------------------------------------------------------------------
OTViewIt logfile created on: 8/22/2008 3:36:04 PM
OTViewIt by OldTimer - Version 1.0.0.5 Folder = C:\Documents and Settings\Heather Campbell\Desktop\bug hunting
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 218.93 Mb Available Physical Memory | 43.49% Memory free
1.20 Gb Paging File | 0.71 Gb Available in Paging File | 58.96% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.40 Gb Total Space | 8.46 Gb Free Space | 16.14% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 243.16 Mb Total Space | 18.88 Mb Free Space | 7.76% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIALOGIC
Current User Name: Heather Campbell
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[09/07/2004 05:02 PM | 0,008,6016 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[09/07/2004 05:05 PM | 0,036,0521 | ---- | M] (Intel Corporation ) - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[09/07/2004 05:12 PM | 0,022,5353 | ---- | M] (Intel® Corporation) - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
[07/19/2008 10:25 AM | 0,001,6056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[07/19/2008 10:38 AM | 0,014,7640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
[09/07/2004 05:08 PM | 0,038,9120 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[08/20/2008 09:22 PM | 0,051,9936 | ---- | M] () - C:\Program Files\COMODO\Firewall\cmdagent.exe
[09/13/2004 05:33 PM | 0,015,5648 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\Apoint\Apoint.exe
[11/11/2004 07:18 PM | 0,035,6352 | ---- | M] (Dell Inc.) - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
[09/07/2004 05:02 PM | 0,013,9264 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[08/19/2004 03:40 PM | 0,004,5056 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\Apoint\ApntEx.exe
[07/19/2008 10:38 AM | 0,025,0040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[07/23/2008 10:25 AM | 0,034,8344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[10/08/2004 09:27 PM | 0,012,6976 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\hkcmd.exe
[02/22/2008 04:25 AM | 0,014,4784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[10/30/2004 03:59 PM | 0,038,5024 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[10/12/2004 05:54 PM | 0,005,7344 | ---- | M] (CyberLink Corp.) - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[12/06/2004 02:05 AM | 0,012,7035 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfswctrl.exe
[02/06/2006 02:42 PM | 0,009,4208 | ---- | M] (Cypress Semiconductor) - C:\WINDOWS\MXOALDR.EXE
[12/22/2004 08:21 AM | 0,082,3296 | ---- | M] (Maxtor Corporation) - C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
[07/19/2008 10:38 AM | 0,007,8008 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[09/07/2007 04:55 PM | 0,026,7064 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[08/20/2008 09:22 PM | 0,165,5552 | ---- | M] () - C:\Program Files\COMODO\Firewall\cfp.exe
[04/14/2008 05:36 PM | 0,022,7914 | ---- | M] (Plaxo, Inc.) - C:\Program Files\Plaxo\2.13.1.6\PlaxoHelper.exe
[05/31/2005 02:04 AM | 0,141,5824 | ---- | M] (Safer Networking Limited) - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[09/07/2007 04:55 PM | 0,050,3608 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[08/22/2008 03:34 PM | 0,139,7248 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Heather Campbell\Desktop\bug hunting\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(aswUpdSv) avast! iAVS4 Control Service [Auto | Running]
[07/19/2008 10:25 AM | 0,001,6056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

(avast! Antivirus) avast! Antivirus [Auto | Running]
[07/19/2008 10:38 AM | 0,014,7640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe

(avast! Mail Scanner) avast! Mail Scanner [On_Demand | Running]
[07/19/2008 10:38 AM | 0,025,0040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

(avast! Web Scanner) avast! Web Scanner [On_Demand | Running]
[07/23/2008 10:25 AM | 0,034,8344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

(cmdAgent) COMODO Firewall Pro Helper Service [Auto | Running]
[08/20/2008 09:22 PM | 0,051,9936 | ---- | M] () - C:\Program Files\COMODO\Firewall\cmdagent.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 06:00 AM | 0,022,4768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(EvtEng) EvtEng [Auto | Running]
[09/07/2004 05:02 PM | 0,008,6016 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[04/04/2005 01:41 AM | 0,006,9632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

(iPod Service) iPod Service [On_Demand | Running]
[09/07/2007 04:55 PM | 0,050,3608 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(NICCONFIGSVC) NICCONFIGSVC [Auto | Running]
[11/11/2004 07:18 PM | 0,035,6352 | ---- | M] (Dell Inc.) - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe

(Pml Driver HPZ12) Pml Driver HPZ12 [On_Demand | Stopped]
[03/09/2003 09:31 PM | 0,006,5795 | ---- | M] (HP) - C:\WINDOWS\system32\HPZipm12.exe

(RegSrvc) RegSrvc [Auto | Running]
[09/07/2004 05:02 PM | 0,013,9264 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

(S24EventMonitor) Spectrum24 Event Monitor [Auto | Running]
[09/07/2004 05:05 PM | 0,036,0521 | ---- | M] (Intel Corporation ) - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

(WLANKEEPER) WLANKEEPER [Auto | Running]
[09/07/2004 05:12 PM | 0,022,5353 | ---- | M] (Intel® Corporation) - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

===== Driver Services - Non-Microsoft Only =====

(Aavmker4) avast! Asynchronous Virus Monitor [System | Running]
[07/19/2008 10:32 AM | 0,002,6944 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys

(AegisP) AEGIS Protocol (IEEE 802.1x) v3.1.0.1 [Auto | Running]
[04/08/2005 12:44 PM | 0,001,7056 | ---- | M] (Meetinghouse Data Communications) - C:\WINDOWS\system32\drivers\AegisP.sys

(AliIde) AliIde [Disabled | Stopped]
[08/17/2001 02:51 PM | 0,000,5248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\system32\drivers\aliide.sys

(amdagp) AMD AGP Bus Filter Driver [Disabled | Stopped]
[08/04/2004 12:07 AM | 0,004,3008 | ---- | M] (Advanced Micro Devices, Inc.) - C:\WINDOWS\system32\drivers\AMDAGP.SYS

(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [On_Demand | Running]
[11/16/2004 05:03 PM | 0,010,8791 | ---- | M] (Alps Electric Co., Ltd.) - C:\WINDOWS\system32\drivers\Apfiltr.sys

(Appdrv) Appdrv [On_Demand | Running]
[06/30/2004 10:39 AM | 0,001,6128 | ---- | M] (Dell Inc) - C:\Program Files\Dell\NicConfigSvc\Appdrv.sys

(asc) asc [Disabled | Stopped]
[08/17/2001 02:52 PM | 0,002,6496 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc.sys

(asc3550) asc3550 [Disabled | Stopped]
[08/17/2001 02:51 PM | 0,001,4848 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc3550.sys

(aswFsBlk) aswFsBlk [Auto | Running]
[07/19/2008 10:37 AM | 0,002,0560 | ---- | M] (ALWIL Software) - C:\WINDOWS\system32\drivers\aswFsBlk.sys

(aswMon2) avast! Standard Shield Support [Auto | Running]
[07/19/2008 10:37 AM | 0,009,4416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys

(aswRdr) aswRdr [On_Demand | Running]
[07/19/2008 10:33 AM | 0,002,3152 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys

(aswSP) avast! Self Protection [System | Running]
[07/19/2008 10:35 AM | 0,007,8416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys

(aswTdi) avast! Network Shield Support [System | Running]
[07/19/2008 10:32 AM | 0,004,2912 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys

(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [On_Demand | Running]
[05/26/2004 09:18 PM | 0,004,4928 | ---- | M] (Broadcom Corporation) - C:\WINDOWS\system32\drivers\bcm4sbxp.sys

(cmdGuard) COMODO Firewall Pro Sandbox Driver [System | Running]
[08/20/2008 09:22 PM | 0,008,7056 | ---- | M] (COMODO) - C:\WINDOWS\system32\drivers\cmdguard.sys

(cmdHlp) COMODO Firewall Pro Helper Driver [System | Running]
[08/20/2008 09:22 PM | 0,002,4208 | ---- | M] (COMODO) - C:\WINDOWS\system32\drivers\cmdhlp.sys

(CmdIde) CmdIde [Disabled | Stopped]
[08/17/2001 02:51 PM | 0,000,6656 | ---- | M] (CMD Technology, Inc.) - C:\WINDOWS\system32\drivers\cmdide.sys

(dac2w2k) dac2w2k [Disabled | Stopped]
[08/17/2001 02:52 PM | 0,017,9584 | ---- | M] (Mylex Corporation) - C:\WINDOWS\system32\drivers\dac2w2k.sys

(dmboot) dmboot [Disabled | Stopped]
[08/04/2004 06:00 AM | 0,079,9744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[08/04/2004 06:00 AM | 0,015,3344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Disabled | Stopped]
[08/04/2004 06:00 AM | 0,000,5888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(drvmcdb) drvmcdb [Boot | Running]
[12/01/2004 04:22 AM | 0,008,7488 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\drvmcdb.sys

(drvnddm) drvnddm [Auto | Running]
[11/23/2004 03:56 AM | 0,004,0480 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\drvnddm.sys

(E100B) Intel® PRO Adapter Driver [On_Demand | Stopped]
[08/17/2001 01:12 PM | 0,011,7760 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys

(GEARAspiWDM) GEAR CDRom Filter [On_Demand | Running]
[09/19/2006 04:44 PM | 0,001,5664 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(HPZid412) IEEE-1284.4 Driver HPZid412 [On_Demand | Running]
[03/09/2003 09:31 PM | 0,005,1024 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\hpzid412.sys

(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [On_Demand | Running]
[03/09/2003 09:31 PM | 0,001,6080 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZipr12.sys

(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [On_Demand | Running]
[03/09/2003 09:31 PM | 0,002,1456 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZius12.sys

(HSFHWICH) HSFHWICH [On_Demand | Running]
[06/17/2004 09:57 PM | 0,020,0064 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSFHWICH.sys

(HSF_DP) HSF_DP [On_Demand | Running]
[06/17/2004 09:55 PM | 0,104,1536 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_DP.sys

(ialm) ialm [On_Demand | Running]
[10/08/2004 09:54 PM | 0,075,2093 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmnt5.sys

(Inspect) COMODO Firewall Pro Firewall Driver [Boot | Running]
[08/20/2008 09:22 PM | 0,007,9760 | ---- | M] (COMODO) - C:\WINDOWS\system32\drivers\inspect.sys

(IWCA) Intel Wireless Connection Agent Miniport for Win XP [On_Demand | Stopped]
[08/12/2004 09:44 AM | 0,023,4496 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\iwca.sys

(mdmxsdk) mdmxsdk [Auto | Running]
[03/17/2004 07:04 PM | 0,001,3059 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\mdmxsdk.sys

(mraid35x) mraid35x [Disabled | Stopped]
[08/17/2001 02:52 PM | 0,001,7280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys

(MXOFX) USB Storage Adapter FX (MXO) [On_Demand | Stopped]
[10/10/2003 05:23 AM | 0,003,2640 | ---- | M] (Cypress Semiconductor) - C:\WINDOWS\system32\drivers\MXOFX.SYS

(MXOPSWD) Maxtor OneTouch Security Driver [On_Demand | Stopped]
[10/07/2004 11:21 AM | 0,001,5360 | ---- | M] (Maxtor Corp.) - C:\WINDOWS\system32\drivers\mxopswd.sys

(ndiscm) Motorola SURFboard USB Cable Modem Windows Driver [On_Demand | Stopped]
[02/09/2004 01:06 PM | 0,001,5360 | ---- | M] (Motorola Inc.) - C:\WINDOWS\system32\drivers\NetMotCM.sys

(nv) nv [On_Demand | Stopped]
[08/03/2004 11:29 PM | 0,189,7408 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(omci) OMCI WDM Device Driver [System | Running]
[02/13/2004 05:46 PM | 0,001,7153 | ---- | M] (Dell Inc) - C:\WINDOWS\system32\drivers\omci.sys

(portD) CMS PortIO Service [Auto | Running]
[11/14/2005 03:59 PM | 0,000,7424 | ---- | M] (CMS Peripherals, Inc.) - C:\WINDOWS\system32\drivers\portd2k.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 06:00 AM | 0,001,7792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[05/09/2005 11:20 AM | 0,002,0576 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(ql1080) ql1080 [Disabled | Stopped]
[08/17/2001 02:52 PM | 0,004,0320 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1080.sys

(ql12160) ql12160 [Disabled | Stopped]
[08/17/2001 02:52 PM | 0,004,5312 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql12160.sys

(ql1280) ql1280 [Disabled | Stopped]
[08/17/2001 02:52 PM | 0,004,9024 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1280.sys

(s24trans) WLAN Transport [Auto | Running]
[08/31/2004 09:53 AM | 0,001,1354 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\s24trans.sys

(SDDMI2) SDDMI2 [On_Demand | Stopped]
File not found - C:\WINDOWS\system32\DDMI2.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 06:25 AM | 0,002,0480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(sisagp) SIS AGP Bus Filter [Disabled | Stopped]
[08/04/2004 12:07 AM | 0,004,1088 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\SISAGP.SYS

(Sparrow) Sparrow [Disabled | Stopped]
[08/17/2001 03:07 PM | 0,001,9072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys

(sscdbhk5) sscdbhk5 [System | Running]
[07/14/2004 12:29 PM | 0,000,5627 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\sscdbhk5.sys

(ssrtln) ssrtln [System | Running]
[07/14/2004 12:28 PM | 0,002,3545 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\ssrtln.sys

(STAC97) SigmaTel C-Major Audio [On_Demand | Running]
[09/16/2004 01:53 AM | 0,027,1704 | ---- | M] (SigmaTel, Inc.) - C:\WINDOWS\system32\drivers\STAC97.sys

(symc810) symc810 [Disabled | Stopped]
[08/17/2001 03:07 PM | 0,001,6256 | ---- | M] (Symbios Logic Inc.) - C:\WINDOWS\system32\drivers\symc810.sys

(symc8xx) symc8xx [Disabled | Stopped]
[08/17/2001 03:07 PM | 0,003,2640 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\symc8xx.sys

(sym_hi) sym_hi [Disabled | Stopped]
[08/17/2001 03:07 PM | 0,002,8384 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_hi.sys

(sym_u3) sym_u3 [Disabled | Stopped]
[08/17/2001 03:07 PM | 0,003,0688 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_u3.sys

(tfsnboio) tfsnboio [Auto | Running]
[12/06/2004 02:05 AM | 0,002,5883 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnboio.sys

(tfsncofs) tfsncofs [Auto | Running]
[12/06/2004 02:05 AM | 0,003,4843 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsncofs.sys

(tfsndrct) tfsndrct [Auto | Running]
[12/06/2004 02:05 AM | 0,000,4123 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsndrct.sys

(tfsndres) tfsndres [Auto | Running]
[12/06/2004 02:05 AM | 0,000,2239 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsndres.sys

(tfsnifs) tfsnifs [Auto | Running]
[12/06/2004 02:05 AM | 0,008,6586 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnifs.sys

(tfsnopio) tfsnopio [Auto | Running]
[12/06/2004 02:05 AM | 0,001,5227 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnopio.sys

(tfsnpool) tfsnpool [Auto | Running]
[12/06/2004 02:05 AM | 0,000,6363 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnpool.sys

(tfsnudf) tfsnudf [Auto | Running]
[12/06/2004 02:05 AM | 0,009,8714 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnudf.sys

(tfsnudfa) tfsnudfa [Auto | Running]
[12/06/2004 02:05 AM | 0,010,0603 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnudfa.sys

(tmcomm) tmcomm [Auto | Running]
[08/12/2008 11:11 AM | 0,010,2664 | ---- | M] (Trend Micro Inc.) - C:\WINDOWS\system32\drivers\tmcomm.sys

(ultra) ultra [Disabled | Stopped]
[08/17/2001 02:52 PM | 0,003,6736 | ---- | M] (Promise Technology, Inc.) - C:\WINDOWS\system32\drivers\ultra.sys

(w29n51) Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP [On_Demand | Running]
[10/21/2004 09:56 PM | 0,321,0496 | ---- | M] (Intel® Corporation) - C:\WINDOWS\system32\drivers\w29n51.sys

(Wdm1) USB Bridge Cable Driver [On_Demand | Stopped]
[01/08/2001 09:53 AM | 0,001,5576 | ---- | M] () - C:\WINDOWS\system32\drivers\usbbc.sys

(winachsf) winachsf [On_Demand | Running]
[06/17/2004 09:55 PM | 0,068,5056 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_CNXT.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"" = File not found
"Apoint" = C:\Program Files\Apoint\Apoint.exe [09/13/2004 05:33 PM | 0,015,5648 | ---- | M] (Alps Electric Co., Ltd.)
"avast!" = C:\Program Files\Alwil Software\Avast4\ashDisp.exe [07/19/2008 10:38 AM | 0,007,8008 | ---- | M] (ALWIL Software)
"COMODO Firewall Pro" = "C:\Program Files\COMODO\Firewall\cfp.exe" -h [08/20/2008 09:22 PM | 0,165,5552 | ---- | M] ()
"DellSupportCenter" = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
"dla" = C:\WINDOWS\system32\dla\tfswctrl.exe [12/06/2004 02:05 AM | 0,012,7035 | ---- | M] (Sonic Solutions)
"DVDLauncher" = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 05:54 PM | 0,005,7344 | ---- | M] (CyberLink Corp.)
"HotKeysCmds" = C:\WINDOWS\system32\hkcmd.exe [10/08/2004 09:27 PM | 0,012,6976 | ---- | M] (Intel Corporation)
"IgfxTray" = C:\WINDOWS\system32\igfxtray.exe [10/08/2004 09:31 PM | 0,015,5648 | ---- | M] (Intel Corporation)
"IntelWireless" = C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless [10/30/2004 03:59 PM | 0,038,5024 | ---- | M] (Intel Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM | 0,026,7064 | ---- | M] (Apple Inc.)
"MaxtorOneTouch" = C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe [12/22/2004 08:21 AM | 0,082,3296 | ---- | M] (Maxtor Corporation)
"MXOBG" = C:\WINDOWS\MXOALDR.EXE [02/06/2006 02:42 PM | 0,009,4208 | ---- | M] (Cypress Semiconductor)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [06/29/2007 06:24 AM | 0,028,6720 | ---- | M] (Apple Inc.)
"SpyHunter" = C:\Program Files\Alwil Software\Avast4\ashDisp.exe [07/19/2008 10:38 AM | 0,007,8008 | ---- | M] (ALWIL Software)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM | 0,014,4784 | ---- | M] (Sun Microsystems, Inc.)
"UpdateManager" = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r [01/07/2004 02:01 AM | 0,011,0592 | ---- | M] (Sonic Solutions)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed" = 1
"NoChange" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6" = File not found
"H/PC Connection Agent" = "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" File not found
"PlaxoUpdate" = C:\Program Files\Plaxo\2.13.1.6\PlaxoHelper.exe -a [04/14/2008 05:36 PM | 0,022,7914 | ---- | M] (Plaxo, Inc.)
"QuickenScheduledUpdates" = C:\PROGRA~1\QUICKEN\bagent.exe [05/07/2007 02:17 PM | 0,008,7592 | ---- | M] (Intuit Inc.)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [05/31/2005 02:04 AM | 0,141,5824 | ---- | M] (Safer Networking Limited)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - File not found C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - [05/31/2005 02:04 AM | 0,085,3672 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
HKLM CLSID: (DriveLetterAccess) - [12/06/2004 02:05 AM | 0,011,8842 | ---- | M] (Sonic Solutions) C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [02/22/2008 04:25 AM | 0,050,9328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

===== Toolbars =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (&Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = 1
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}" = 1073741857
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}" = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr" = 0

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
" C:\WINDOWS\system32\guard32.dll" - [08/20/2008 09:22 PM | 0,014,3104 | ---- | M] () C:\WINDOWS\system32\guard32.dll

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 06:00 AM | 0,014,0800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 08:44 AM | 0,055,7568 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 06:00 AM | 0,014,0800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\EnableBCM.exe" = C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\EnableBCM.exe File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\iexplore.exe [06/23/2008 05:20 AM | 0,062,5664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Support.com\bin\tgcmd.exe" = C:\Program Files\Support.com\bin\tgcmd.exe [01/30/2004 09:44 AM | 0,192,1024 | ---- | M] (SupportSoft, Inc.)
"C:\Program Files\Wireless Sync\Client\Monitor.exe" = C:\Program Files\Wireless Sync\Client\Monitor.exe File not found
"D:\Utility\Installer\PrintScan\InstallationManager.exe" = D:\Utility\Installer\PrintScan\InstallationManager.exe File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe File not found
"C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\FreeFTP.exe" = C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\FreeFTP.exe [05/03/2004 12:39 PM | 0,375,6032 | ---- | M] ()
"C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe [03/08/2007 01:25 AM | 0,995,0760 | ---- | M] (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe [03/24/2007 01:29 PM | 0,367,9784 | ---- | M] (Intuit, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [10/10/2006 01:53 PM | 0,001,0800 | ---- | M] (AOL LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [09/07/2007 04:55 PM | 1,599,5704 | ---- | M] (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 08:44 AM | 0,055,7568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe [06/10/2008 06:36 PM | 1,412,3008 | ---- | M] (RealNetworks, Inc.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 06:23 AM | 0,103,3216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 06:00 AM | 0,002,4576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 06:00 AM | 0,051,4560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/25/2007 11:34 PM | 0,846,0288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 06:00 AM | 0,029,8496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxsrvc.dll [10/08/2004 09:27 PM | 0,034,4064 | ---- | M] (Intel Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
"DllName" = C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [09/07/2004 05:08 PM | 0,011,0592 | ---- | M] (Intel Corporation)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom]
"0" = C:\Documents and Settings\Heather Campbell\Desktop\msvbppc.armv4.cab File not found
"1" = C:\

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo]
"0" = C:\Documents and Settings\Heather Campbell\Desktop [08/22/2008 03:32 PM | ---D | M]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 0

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{528F0B23-561C-4F9B-8E94-B5DEE97C69D8}]
Servers: | Description: Intel® PRO/Wireless 2200BG Network Connection

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{A7478885-DDCE-4B4B-B2D2-5803760DB640}]
Servers: | Description: Broadcom 440x 10/100 Integrated Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{D3725705-EC87-4667-9EAC-467C1C4F9BCF}]
Servers: | Description: Motorola SURFboard SB5101 USB Cable Modem

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{EBDA5480-409C-4CBA-B3CB-9BD57C33F5FF}]
Servers: | Description: 1394 Net Adapter



[Files/Folders - Created Within 30 days]
[08/20/2008 09:22 PM | 0,008,7056 | ---- | M] (COMODO) - C:\WINDOWS\System32\drivers\cmdguard.sys
[08/20/2008 09:22 PM | 0,002,4208 | ---- | M] (COMODO) - C:\WINDOWS\System32\drivers\cmdhlp.sys
[08/20/2008 09:22 PM | 0,007,9760 | ---- | M] (COMODO) - C:\WINDOWS\System32\drivers\inspect.sys
[07/30/2008 08:07 PM | 0,001,7144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[07/30/2008 08:07 PM | 0,003,8472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/12/2008 11:11 AM | 0,010,2664 | ---- | M] (Trend Micro Inc.) - C:\WINDOWS\System32\drivers\tmcomm.sys
[08/07/2008 10:35 AM | ---D | C] - C:\WINDOWS\System32\drivers\UMDF
[08/07/2008 10:33 AM | 0,000,0000 | -H-- | M] () - C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[08/12/2008 04:00 PM | ---D | C] - C:\WINDOWS\System32\CatRoot_bak
[2 C:\WINDOWS\System32\*.tmp files]
[08/12/2008 11:00 AM | -H-D | C] - C:\WINDOWS\System32\GroupPolicy
[08/20/2008 09:22 PM | 0,014,3104 | ---- | M] () - C:\WINDOWS\System32\guard32.dll
[08/20/2008 09:29 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\comodo
[08/12/2008 12:48 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/22/2008 03:22 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[08/21/2008 09:05 AM | 0,000,0004 | ---- | M] () - C:\Documents and Settings\Heather Campbell\Application Data\BE1B01
[08/20/2008 09:22 PM | ---D | C] - C:\Documents and Settings\Heather Campbell\Application Data\Comodo
[08/12/2008 12:49 PM | ---D | C] - C:\Documents and Settings\Heather Campbell\Application Data\Malwarebytes
[08/21/2008 09:05 AM | 0,087,0128 | ---- | M] () - C:\Documents and Settings\Heather Campbell\Application Data\mcs.rma
[08/22/2008 03:22 PM | ---D | C] - C:\Documents and Settings\Heather Campbell\Application Data\NCH Swift Sound
[08/07/2008 10:27 AM | ---D | C] - C:\Documents and Settings\Heather Campbell\Application Data\Real
[07/31/2008 07:02 PM | ---D | C] - C:\Documents and Settings\Heather Campbell\Local Settings\Application Data\Plaxo
[08/20/2008 09:36 PM | ---D | C] - C:\Documents and Settings\Heather Campbell\Local Settings\Application Data\Runscanner.net
[08/20/2008 09:24 PM | 0,000,0718 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\COMODO Firewall Pro.lnk
[08/07/2008 10:26 AM | 0,000,0630 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk
[08/22/2008 03:19 PM | 0,000,0798 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
[08/12/2008 09:47 AM | 0,001,6384 | ---- | M] () - C:\Documents and Settings\Heather Campbell\Desktop\080808.xls
[08/22/2008 03:34 PM | ---D | C] - C:\Documents and Settings\Heather Campbell\Desktop\bug hunting
[3 C:\Documents and Settings\Heather Campbell\Desktop\*.tmp files]
[08/13/2008 12:39 PM | 0,006,9120 | ---- | M] () - C:\Documents and Settings\Heather Campbell\Desktop\Email Marketing Plan 2008.doc
[08/12/2008 03:33 PM | 0,000,1734 | ---- | M] () - C:\Documents and Settings\Heather Campbell\Desktop\HijackThis.lnk
[08/20/2008 09:57 PM | 0,020,8626 | ---- | M] () - C:\Documents and Settings\Heather Campbell\Desktop\hsc runscanner 082008.run
[08/20/2008 09:34 PM | 0,179,1702 | ---- | M] () - C:\Documents and Settings\Heather Campbell\Desktop\runscanner.zip
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\runscanner.zip:Zone.Identifier
[08/07/2008 10:29 AM | ---D | C] - C:\Program Files\Common Files\Real
[08/20/2008 09:22 PM | ---D | C] - C:\Program Files\COMODO
[08/12/2008 12:49 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/22/2008 03:18 PM | ---D | C] - C:\Program Files\NCH Swift Sound
[08/07/2008 10:26 AM | ---D | C] - C:\Program Files\Real
[08/07/2008 11:07 AM | ---D | C] - C:\Program Files\Rhapsody
[08/12/2008 04:40 PM | ---D | C] - C:\Program Files\Trend Micro

[Files/Folders - Modified Within 30 days]
[08/15/2008 03:12 AM | -HSD | M] - C:\Config.Msi
[08/05/2008 10:55 PM | ---D | M] - C:\Documents and Settings
[08/22/2008 09:39 AM | 5,278,92480 | -HS- | M] () - C:\hiberfil.sys
[08/22/2008 10:15 AM | 0,000,0525 | ---- | M] () - C:\hpfr3420.xml
[08/22/2008 03:18 PM | R--D | M] - C:\Program Files
[08/22/2008 09:39 AM | ---D | M] - C:\WINDOWS
[08/20/2008 09:22 PM | 0,008,7056 | ---- | M] (COMODO) - C:\WINDOWS\System32\drivers\cmdguard.sys
[08/20/2008 09:22 PM | 0,002,4208 | ---- | M] (COMODO) - C:\WINDOWS\System32\drivers\cmdhlp.sys
[08/20/2008 09:22 PM | 0,007,9760 | ---- | M] (COMODO) - C:\WINDOWS\System32\drivers\inspect.sys
[07/30/2008 08:07 PM | 0,001,7144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[07/30/2008 08:07 PM | 0,003,8472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/12/2008 11:11 AM | 0,010,2664 | ---- | M] (Trend Micro Inc.) - C:\WINDOWS\System32\drivers\tmcomm.sys
[08/07/2008 10:35 AM | ---D | M] - C:\WINDOWS\System32\drivers\UMDF
[08/07/2008 10:33 AM | 0,000,0000 | -H-- | M] () - C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[08/12/2008 04:00 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[2 C:\WINDOWS\System32\*.tmp files]
[08/22/2008 09:39 AM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/12/2008 04:00 PM | ---D | M] - C:\WINDOWS\System32\CatRoot_bak
[08/12/2008 03:23 PM | 0,000,2626 | ---- | M] () - C:\WINDOWS\System32\CONFIG.NT
[08/06/2008 05:17 PM | 0,000,1324 | ---- | M] () - C:\WINDOWS\System32\d3d9caps.dat
[08/22/2008 09:41 AM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/20/2008 09:22 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/12/2008 11:00 AM | -H-D | M] - C:\WINDOWS\System32\GroupPolicy
[08/20/2008 09:22 PM | 0,014,3104 | ---- | M] () - C:\WINDOWS\System32\guard32.dll
[08/22/2008 09:43 AM | ---D | M] - C:\WINDOWS\System32\inetsrv
[08/07/2008 10:33 AM | ---D | M] - C:\WINDOWS\System32\LogFiles
[08/22/2008 09:48 AM | 0,000,2206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/15/2008 03:04 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[1 C:\WINDOWS\*.tmp files]
[08/07/2008 10:45 AM | ---D | M] - C:\WINDOWS\AppPatch
[08/22/2008 09:39 AM | 0,000,2048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/10/2008 10:20 AM | 0,000,1924 | ---- | M] () - C:\WINDOWS\cdPlayer.ini
[08/12/2008 02:26 PM | ---D | M] - C:\WINDOWS\Debug
[08/21/2008 09:53 AM | ---D | M] - C:\WINDOWS\Help
[08/15/2008 03:02 AM | ---D | M] - C:\WINDOWS\ie7updates
[08/15/2008 03:04 AM | 0,000,1374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/21/2008 09:53 AM | -H-D | M] - C:\WINDOWS\inf
[08/13/2008 12:47 PM | -HSD | M] - C:\WINDOWS\Installer
[08/22/2008 03:22 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/22/2008 09:41 AM | 0,005,4156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/22/2008 09:38 AM | ---D | M] - C:\WINDOWS\system32
[08/22/2008 03:25 PM | ---D | M] - C:\WINDOWS\Temp
[08/07/2008 10:36 AM | 0,031,6640 | ---- | M] () - C:\WINDOWS\WMSysPr9.prx
[08/20/2008 07:56 AM | 0,000,0284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/22/2008 03:20 PM | 0,000,0412 | ---- | M] () - C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1136837927.job
[08/15/2008 06:30 PM | 0,000,0372 | ---- | M] () - C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D5VFQ771-Heather Campbell).job
[08/22/2008 09:39 AM | 0,000,0006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/21/2008 12:04 PM | 0,000,0292 | ---- | M] () - C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[08/21/2008 09:00 AM | 0,000,0416 | -H-- | M] () - C:\WINDOWS\tasks\{2B5C17F8-7F40-46D2-8602-C382A3CD45D8}_DIALOGIC_Heather Campbell.job
[08/15/2008 04:00 PM | 0,000,0416 | -H-- | M] () - C:\WINDOWS\tasks\{318BE66A-8555-42AB-83B1-280275A4D4D0}_DIALOGIC_Heather Campbell.job
[08/21/2008 04:00 PM | 0,000,0416 | -H-- | M] () - C:\WINDOWS\tasks\{7CBDEBE9-49B9-4B58-8A64-928B485B7FC5}_DIALOGIC_Heather Campbell.job
[08/20/2008 09:29 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\comodo
[08/12/2008 12:48 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/22/2008 03:22 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[08/21/2008 09:05 AM | 0,000,0004 | ---- | M] () - C:\Documents and Settings\Heather Campbell\Application Data\BE1B01
[08/20/2008 09:22 PM | ---D | M] - C:\Documents and Settings\Heather Campbell\Application Data\Comodo
[08/12/2008 12:49 PM | ---D | M] - C:\Documents and Settings\Heather Campbell\Application Data\Malwarebytes
[08/21/2008 09:05 AM | 0,087,0128 | ---- | M] () - C:\Documents and Settings\Heather Campbell\Application Data\mcs.rma
[08/22/2008 03:22 PM | ---D | M] - C:\Documents and Settings\Heather Campbell\Application Data\NCH Swift Sound
[08/07/2008 10:27 AM | ---D | M] - C:\Documents and Settings\Heather Campbell\Application Data\Real
[08/20/2008 09:35 PM | ---D | M] - C:\Documents and Settings\Heather Campbell\Application Data\ZipGenius
[08/19/2008 10:37 AM | 0,002,6624 | ---- | M] () - C:\Documents and Settings\Heather Campbell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/07/2008 11:03 AM | ---D | M] - C:\Documents and Settings\Heather Campbell\Local Settings\Application Data\Microsoft
[07/31/2008 07:02 PM | ---D | M] - C:\Documents and Settings\Heather Campbell\Local Settings\Application Data\Plaxo
[08/20/2008 09:36 PM | ---D | M] - C:\Documents and Settings\Heather Campbell\Local Settings\Application Data\Runscanner.net
[08/22/2008 01:35 PM | ---D | M] - C:\Documents and Settings\Heather Campbell\Local Settings\Application Data\WMTools Downloaded Files
[08/21/2008 05:16 PM | ---D | M] - C:\Documents and Settings\All Users\Documents\Activity
[08/22/2008 03:24 PM | R--D | M] - C:\Documents and Settings\All Users\Documents\My Music
[08/20/2008 09:24 PM | 0,000,0718 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\COMODO Firewall Pro.lnk
[08/07/2008 10:26 AM | 0,000,0630 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk
[08/22/2008 03:19 PM | 0,000,0798 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
[08/12/2008 09:47 AM | 0,001,6384 | ---- | M] () - C:\Documents and Settings\Heather Campbell\Desktop\080808.xls
[08/22/2008 03:34 PM | ---D | M] - C:\Documents and Settings\Heather Campbell\Desktop\bug hunting
[3 C:\Documents and Settings\Heather Campbell\Desktop\*.tmp files]
[08/13/2008 12:39 PM | 0,006,9120 | ---- | M] () - C:\Documents and Settings\Heather Campbell\Desktop\Email Marketing Plan 2008.doc
[08/12/2008 03:33 PM | 0,000,1734 | ---- | M] () - C:\Documents and Settings\Heather Campbell\Desktop\HijackThis.lnk
[08/20/2008 09:57 PM | 0,020,8626 | ---- | M] () - C:\Documents and Settings\Heather Campbell\Desktop\hsc runscanner 082008.run
[08/20/2008 09:34 PM | 0,179,1702 | ---- | M] () - C:\Documents and Settings\Heather Campbell\Desktop\runscanner.zip
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\runscanner.zip:Zone.Identifier
[08/12/2008 10:02 AM | 0,004,9152 | ---- | M] () - C:\Documents and Settings\Heather Campbell\Desktop\songs to buy and sing.xls
[07/30/2008 10:58 AM | ---D | M] - C:\Documents and Settings\Heather Campbell\Desktop\TWEC Graphics
[08/07/2008 10:29 AM | ---D | M] - C:\Program Files\Common Files\Real

< End of report >
  • 0

#8
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello hsc,
The Kaspersky scan found a bad email in your Outlook folder, please delete that email. The email can be found here.
C:\Documents and Settings\Heather Campbell\Local Settings\Application Data\Microsoft\Outlook\archive.pst

STEP 1
Please download DirLook by jpshortstuff from here.
  • Double-click DirLook.exe to run it.
  • Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
  • Copy the content of the following codebox into the main textfield:

    C:\Documents and Settings\Heather Campbell\Application Data\BE1B01
  • Click the DirLook button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\dl_log.txt)
Note: Scanning may take longer for large folders.

STEP 2
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\Documents and Settings\Heather Campbell\Desktop\080808.xls
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
And please do the same for this file as well.

C:\Documents and Settings\Heather Campbell\Desktop\songs to buy and sing.xls
~~~~~~~~~~
In your next reply please have these logs.
The DirLook log
The VirScan logs
And a fresh HijackThis log

Edited by Jimmy2012, 23 August 2008 - 02:59 PM.

  • 0

#9
hsc

hsc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi,

I noted the infected email in the Kaperksy log; what I don't know is how to identify which of the emails in the Outlook archive.pst folder is the one that is infected and therefore needs to be deleted. (There are hundreds stored in this archive file.) Any thoughts?

In the meantime, here are the direlook, virscan and hijackThis logs:

DirLook.exe by jpshortstuff
Log created at 10:23:38 on Mon 08/25/2008

==============================

Contents of "C:\Documents and Settings\Heather Campbell\Application Data\BE1B01" (inc. hidden/system files/folders)

---FOLDERS---


---FILES---

ATF_Cleaner.exe (50688 bytes, created: 08/12/2008 12:24 PM) --a------
DirLook.exe (166912 bytes, created: 08/25/2008 10:22 AM) --a------
hsc 08 22 08.txt (973 bytes, created: 08/22/2008 03:33 PM) --a------
OTViewIt.exe (1397248 bytes, created: 08/22/2008 03:34 PM) --a------
OTViewIt.Txt (84404 bytes, created: 08/22/2008 03:37 PM) --a------
tempbat.bat (2107 bytes, created: 08/25/2008 10:23 AM) --a------

==============================

=EOF=




VirSCAN.org Scanned Report :
Scanned time : 2008/08/25 10:25:21 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : 080808.xls
File Size : 16384 byte
File Type : Microsoft Office Document
MD5 : adcdc3c9dc6d471a48baf90c9eec28a3
SHA1 : c96fc505be4b4a6329934aaedef5599c6b6013a0
Online report : http://virscan.org/r...1fd70d3485.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.08.24 2008-08-24 9.18 -
AhnLab V3 2008.08.25.01 2008.08.25 2008-08-25 1.16 -
AntiVir 7.8.1.23 7.0.6.64 2008-08-25 2.20 -
Arcavir 1.0.5 200808241228 2008-08-24 1.17 -
AVAST! 3.0.1 080825-0 2008-08-25 0.00 -
AVG 7.5.51.442 270.6.7/1632 2008-08-25 1.54 -
BitDefender 7.60825.1574957 7.20667 2008-08-25 2.87 -
CA (VET) 9.0.0.143 31.6.6047 2008-08-25 7.91 -
ClamAV 0.93.3 8086 2008-08-25 0.01 -
Comodo 2.11 2.0.0.627 2008-08-25 1.25 -
CP Secure 1.1.0.715 2008.08.21 2008-08-21 6.22 -
Dr.Web 4.44.0.9170 2008.08.25 2008-08-25 3.14 -
ewido 4.0.0.2 2008.08.25 2008-08-25 3.37 -
F-Prot 4.4.4.56 20080823 2008-08-23 1.01 -
F-Secure 5.51.6100 2008.08.25.02 2008-08-25 0.03 -
Fortinet 2.81-3.11 9.472 2008-08-25 3.28 -
ViRobot 20080822 2008.08.22 2008-08-22 0.71 -
Ikarus T3.1.01.34 2008.08.25.71336 2008-08-25 3.14 -
JiangMin 11.0.706 2008.08.25 2008-08-25 2.31 -
Kaspersky 5.5.10 2008.08.25 2008-08-25 0.02 -
KingSoft 2008.1.14.15 2008.8.25.17 2008-08-25 0.65 -
McAfee 5.2.00 5368 2008-08-22 3.33 -
Microsoft 1.3807 2008.08.25 2008-08-25 8.72 -
mks_vir 2.01 2008.08.25 2008-08-25 2.60 -
Norman 5.93.01 5.93.00 2008-08-22 5.14 -
Panda 9.05.01 2008.08.24 2008-08-24 3.83 -
Trend Micro 8.700-1004 5.498.09 2008-08-25 0.02 -
Quick Heal 9.50 2008.08.22 2008-08-22 1.90 -
Rising 20.0 20.59.00.00 2008-08-25 0.81 -
Sophos 2.77.0 4.32 2008-08-25 1.90 -
Sunbelt 3.1.1575.1 2202 2008-08-22 0.58 -
Symantec 1.3.0.24 20080824.007 2008-08-24 0.07 -
nProtect 2008-08-25.00 1910157 2008-08-25 4.99 -
The Hacker 6.3.0.6 v00060 2008-08-22 0.90 -
VBA32 3.12.8.4 20080825.0549 2008-08-25 1.16 -
VirusBuster 4.5.11.10 10.84.10/598500 2008-08-24 0.80 -





VirSCAN.org Scanned Report :
Scanned time : 2008/08/25 10:29:59 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : songs to buy and sing.xls
File Size : 49152 byte
File Type : Microsoft Office Document
MD5 : a0eaa7c3e31c76a5bce5ef15569a5c36
SHA1 : 17a1a5d16119755fb79ca0060f52387e1493480c
Online report : http://virscan.org/r...06759a40b1.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.08.24 2008-08-24 3.05 -
AhnLab V3 2008.08.25.01 2008.08.25 2008-08-25 0.91 -
AntiVir 7.8.1.23 7.0.6.64 2008-08-25 2.31 -
Arcavir 1.0.5 200808241228 2008-08-24 1.16 -
AVAST! 3.0.1 080825-0 2008-08-25 0.01 -
AVG 7.5.51.442 270.6.7/1632 2008-08-25 1.54 -
BitDefender 7.60825.1574957 7.20667 2008-08-25 2.88 -
CA (VET) 9.0.0.143 31.6.6047 2008-08-25 5.25 -
ClamAV 0.93.3 8086 2008-08-25 0.01 -
Comodo 2.11 2.0.0.627 2008-08-25 0.41 -
CP Secure 1.1.0.715 2008.08.21 2008-08-21 6.18 -
Dr.Web 4.44.0.9170 2008.08.25 2008-08-25 3.11 -
ewido 4.0.0.2 2008.08.25 2008-08-25 2.42 -
F-Prot 4.4.4.56 20080823 2008-08-23 0.98 -
F-Secure 5.51.6100 2008.08.25.02 2008-08-25 3.10 -
Fortinet 2.81-3.11 9.472 2008-08-25 1.73 -
ViRobot 20080822 2008.08.22 2008-08-22 0.42 -
Ikarus T3.1.01.34 2008.08.25.71336 2008-08-25 3.13 -
JiangMin 11.0.706 2008.08.25 2008-08-25 1.16 -
Kaspersky 5.5.10 2008.08.25 2008-08-25 0.02 -
KingSoft 2008.1.14.15 2008.8.25.17 2008-08-25 0.62 -
McAfee 5.2.00 5368 2008-08-22 2.91 -
Microsoft 1.3807 2008.08.25 2008-08-25 4.09 -
mks_vir 2.01 2008.08.25 2008-08-25 2.53 -
Norman 5.93.01 5.93.00 2008-08-22 4.93 -
Panda 9.05.01 2008.08.24 2008-08-24 2.13 -
Trend Micro 8.700-1004 5.498.09 2008-08-25 0.02 -
Quick Heal 9.50 2008.08.22 2008-08-22 1.67 -
Rising 20.0 20.59.00.00 2008-08-25 0.30 -
Sophos 2.77.0 4.32 2008-08-25 1.91 -
Sunbelt 3.1.1575.1 2202 2008-08-22 0.40 -
Symantec 1.3.0.24 20080824.007 2008-08-24 0.05 -
nProtect 2008-08-25.00 1910157 2008-08-25 3.42 -
The Hacker 6.3.0.6 v00060 2008-08-22 0.43 -
VBA32 3.12.8.4 20080825.0549 2008-08-25 1.12 -
VirusBuster 4.5.11.10 10.84.10/598500 2008-08-24 0.78 -



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:01 AM, on 8/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Plaxo\2.13.1.6\PlaxoHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Rhapsody\rhapsody.exe
C:\Program Files\Rhapsody\rhaphlpr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Heather Campbell\Desktop\bug hunting\DirLook.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.6\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\PROGRA~1\QUICKEN\bagent.exe
O4 - HKUS\S-1-5-21-3783837213-2937439766-3319840945-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Jeff Andrews')
O4 - HKUS\S-1-5-21-3783837213-2937439766-3319840945-1008\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'Jeff Andrews')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post To &WP : The diaBLOG - java script:doc=external.menuArguments.document;Q=doc.selection.createRange().text;vo
id(btw=window.open('http://www.dialogicconsulting.com/diaBLOG/wp-admin/bookmarklet.php?text='+escape(Q)+'&popupurl='+escape(doc.location.href)+'&popuptitle='+escape(doc.title),'bookmarklet','scrollbars=no,width=480,height=550,left=100,top=150,status=yes'));btw.focus();
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwda.ops.p...quicksilver.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.q...147/qboax10.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://w1.webex.com...bex/ieatgpc.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9328 bytes
  • 0

#10
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello hsc,

what I don't know is how to identify which of the emails in the Outlook archive.pst folder is the one that is infected and therefore needs to be deleted. (There are hundreds stored in this archive file.) Any thoughts?

I am not sure, the scan did not show what email was infected. And if you have hundreds there I don't know how to tell for sure what one it is.



Are you still having those same problems with your computer? If you are we will need to send you to another part of the forum for help with that, as your logs look clean.


Lets go ahead and clean up the tools we used and update a few things.


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



You are using a old version of Adobe Acrobat Reader, please update it here.



Please download OTCleanIt and save it to your Desktop.
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button to begin removing tools used to clean your computer
  • If you are prompted to Reboot during the cleanup, please select Yes

Please remove any leftover tools used to clean your computer as well.



Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spywareguard: Is realtime protection from spyware.

2. Spywareblaster: Helps protect against any bad ActiveX from installing on your computer.

3. SuperAntiSpyware: Use this program to remove any spyware that may have gotten on your computer.

4. FireFox: This is a great alternate browser over Internet Explorer. Firefox is much more secure then Internet Explorer and also has a bulilt in pop up blocker.

5. ATF Cleaner: This program cleans out your temporary files. This is a great tool that can help speed your computer up.

6. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.


To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0

#11
hsc

hsc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Are you still having those same problems with your computer? If you are we will need to send you to another part of the forum for help with that, as your logs look clean.


Unfortunately I am. If there is another forum that you think can help that would be great.

Thanks,
hsc
  • 0

#12
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello hsc,

Unfortunately I am. If there is another forum that you think can help that would be great.

Please post a new topic in the XP forum, and tell them what problems you are having with your computer. Someone over there should be able to help fix your problems.
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP