Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help with Windows Security Alert- Trojan-Clicker.Win32.Tiny.h [RESOLVE

Started by Atlanta Lounge , Aug 19 2008 05:11 PM

This topic is locked

#1
Atlanta Lounge

Posted 19 August 2008 - 05:11 PM

Member

Member
32 posts

I am having problems with a "Windows Security Alert" pop up. I have found enough information on the web to know this is spyware of some sort. The one on my computer now says the name of the problem is "Trojan-Clicker.Win32.Tiny.h. Every time I close the pop up, another comes with in a few minutes. The name of the trojan varies each time. I think one said green screen. One said Keylogger. I haven't been able to get any of the suggested anti-spyware programs to find any problems. I have run the following scans: MalewareBytes Anti-Malware, Avira, SD Fix, ATF Cleaner, and others. I am not sure if I am doing something wrong, but it won't go away. I have run through the steps required to post and am still having it pop up. Any help in removing this would be GREATLY appreciated.

#2
fenzodahl512

Posted 25 August 2008 - 03:16 PM

Malware Removal
9,863 posts

Hello and welcome to GTG...

Please download RUNSCANNER to your desktop and run it.

When the first page comes up select Beginner Mode
On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
It will then ask you to save two files, the .run file and the log. Save both of them in your Desktop.
You will see the .run file on your desktop. Please zip the .run file and attach it in your next reply

Then upload that as an attachment in your next post.

#3
Atlanta Lounge

Posted 25 August 2008 - 03:52 PM

Member

Topic Starter
Member
32 posts

Hello. Thanks so much for your help. Attached should be the zipped file.

Attached Files

runscanner.run 270.62KB 348 downloads

#4
fenzodahl512

Posted 25 August 2008 - 04:26 PM

Malware Removal
9,863 posts

Please download OTViewIt to your desktop.

Close all windows and double click OTViewIt
Place a tick in the Scan all Users box
In the File Age drop down box select 90 days
Click Run Scan and let the program run uninterrupted
On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.

#5
Atlanta Lounge

Posted 25 August 2008 - 05:21 PM

Member

Topic Starter
Member
32 posts

OTViewIt logfile created on: 8/25/2008 7:14:51 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.40 Mb Total Physical Memory | 180.83 Mb Available Physical Memory | 35.36% Memory free
1.22 Gb Paging File | 0.64 Gb Available in Paging File | 52.69% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.56 Gb Total Space | 11.95 Gb Free Space | 36.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.01 Gb Total Space | 137.64 Gb Free Space | 92.37% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Tim
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

===== Processes - Non-Microsoft Only =====

[09/07/2004 05:02 PM | 00,086,016 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[09/07/2004 05:05 PM | 00,360,521 | ---- | M] (Intel Corporation ) - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[09/07/2004 05:12 PM | 00,225,353 | ---- | M] (Intel® Corporation) - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
[09/06/2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[01/09/2008 04:50 PM | 00,767,976 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\MSC\mcmscsvc.exe
[01/25/2008 01:38 AM | 02,458,128 | ---- | M] (McAfee, Inc.) - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[08/15/2007 01:36 PM | 00,359,248 | ---- | M] (McAfee, Inc.) - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[07/24/2007 01:02 PM | 00,144,704 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan\Mcshield.exe
[07/18/2007 04:54 PM | 00,856,864 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\MPF\MpfSrv.exe
[03/04/2005 12:29 AM | 00,356,352 | ---- | M] (Dell Inc.) - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
[12/01/2004 12:05 AM | 00,127,044 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[09/07/2004 05:02 PM | 00,139,264 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[11/15/2007 10:23 AM | 00,202,544 | ---- | M] (SupportSoft, Inc.) - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
[03/30/2006 10:15 AM | 00,096,341 | ---- | M] (Canon Inc.) - C:\Program Files\Canon\CAL\CALMAIN.exe
[12/05/2007 10:04 AM | 00,695,624 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[09/07/2004 05:08 PM | 00,389,120 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[08/03/2007 11:33 PM | 00,582,992 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee.com\Agent\mcagent.exe
[09/07/2004 05:03 PM | 00,245,760 | ---- | M] (Intel) - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[09/13/2004 05:33 PM | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\Apoint\Apoint.exe
[10/30/2004 03:59 PM | 00,385,024 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[03/04/2005 12:26 PM | 00,606,208 | ---- | M] () - C:\Program Files\Dell\QuickSet\quickset.exe
[02/23/2005 05:19 PM | 00,053,248 | ---- | M] (CyberLink Corp.) - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[08/03/2005 05:36 AM | 00,026,112 | ---- | M] (RealNetworks, Inc.) - C:\Program Files\Real\RealPlayer\realplay.exe
[12/06/2004 02:05 AM | 00,127,035 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfswctrl.exe
[08/09/2004 07:03 AM | 00,081,920 | ---- | M] (InstallShield Software Corporation) - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[07/24/2006 04:28 PM | 00,035,992 | ---- | M] (McAfee, Inc.) - C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
[02/16/2005 11:11 PM | 00,049,152 | ---- | M] (Hewlett-Packard Co.) - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[02/02/2006 09:12 AM | 00,045,056 | ---- | M] (HP) - C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
[08/19/2004 03:40 PM | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\Apoint\ApntEx.exe
[11/15/2007 10:23 AM | 00,202,544 | ---- | M] (SupportSoft, Inc.) - C:\Program Files\Dell Support Center\bin\sprtcmd.exe
[07/15/2005 05:48 PM | 00,479,232 | ---- | M] (Google Inc.) - C:\Program Files\Google\Gmail Notifier\gnotify.exe
[06/02/2008 11:13 AM | 00,267,048 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[05/19/2007 03:54 AM | 00,068,856 | ---- | M] (Google Inc.) - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[03/15/2007 11:09 AM | 00,460,784 | ---- | M] (Gteko Ltd.) - C:\Program Files\DellSupport\DSAgnt.exe
[08/18/2008 02:36 PM | 00,094,208 | ---- | M] () - C:\WINDOWS\system32\wpixazwn.exe
[10/29/2003 04:06 AM | 00,024,576 | ---- | M] (BVRP Software) - C:\Program Files\Digital Line Detect\DLG.exe
[06/02/2008 11:13 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[01/15/2008 09:15 PM | 00,188,416 | ---- | M] (RealNetworks, Inc.) - C:\Program Files\Rhapsody\rhaphlpr.exe
[08/25/2008 07:11 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Tim\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[09/06/2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(CCALib8) Canon Camera Access Library 8 [Auto | Running]
[03/30/2006 10:15 AM | 00,096,341 | ---- | M] (Canon Inc.) - C:\Program Files\Canon\CAL\CALMAIN.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/10/2004 06:00 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(DSBrokerService) DSBrokerService [On_Demand | Stopped]
[03/07/2007 03:47 PM | 00,076,848 | ---- | M] () - C:\Program Files\DellSupport\brkrsvc.exe

(EvtEng) EvtEng [Auto | Running]
[09/07/2004 05:02 PM | 00,086,016 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

(gusvc) Google Updater Service [On_Demand | Stopped]
[02/01/2007 01:31 AM | 00,138,168 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(iPod Service) iPod Service [On_Demand | Running]
[06/02/2008 11:13 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(mcmscsvc) McAfee Services [Auto | Running]
[01/09/2008 04:50 PM | 00,767,976 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\MSC\mcmscsvc.exe

(McNASvc) McAfee Network Agent [Auto | Running]
[01/25/2008 01:38 AM | 02,458,128 | ---- | M] (McAfee, Inc.) - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

(McODS) McAfee Scanner [On_Demand | Stopped]
[11/07/2007 09:35 AM | 00,378,184 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan\mcods.exe

(McProxy) McAfee Proxy Service [Auto | Running]
[08/15/2007 01:36 PM | 00,359,248 | ---- | M] (McAfee, Inc.) - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

(McShield) McAfee Real-time Scanner [Unknown | Running]
[07/24/2007 01:02 PM | 00,144,704 | ---- | M] (McAfee, Inc.) - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

(McSysmon) McAfee SystemGuards [On_Demand | Running]
[12/05/2007 10:04 AM | 00,695,624 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan\mcsysmon.exe

(MpfService) McAfee Personal Firewall Service [Auto | Running]
[07/18/2007 04:54 PM | 00,856,864 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\MPF\MpfSrv.exe

(NICCONFIGSVC) NICCONFIGSVC [Auto | Running]
[03/04/2005 12:29 AM | 00,356,352 | ---- | M] (Dell Inc.) - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[12/01/2004 12:05 AM | 00,127,044 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(RegSrvc) RegSrvc [Auto | Running]
[09/07/2004 05:02 PM | 00,139,264 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

(S24EventMonitor) Spectrum24 Event Monitor [Auto | Running]
[09/07/2004 05:05 PM | 00,360,521 | ---- | M] (Intel Corporation ) - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Auto | Running]
[11/15/2007 10:23 AM | 00,202,544 | ---- | M] (SupportSoft, Inc.) - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

(WLANKEEPER) WLANKEEPER [Auto | Running]
[09/07/2004 05:12 PM | 00,225,353 | ---- | M] (Intel® Corporation) - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

===== Driver Services - Non-Microsoft Only =====

(AegisP) AEGIS Protocol (IEEE 802.1x) v3.1.0.1 [Auto | Running]
[08/03/2005 05:28 AM | 00,017,056 | ---- | M] (Meetinghouse Data Communications) - C:\WINDOWS\system32\drivers\AegisP.sys

(AliIde) AliIde [Disabled | Stopped]
[08/17/2001 02:51 PM | 00,005,248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\system32\drivers\aliide.sys

(amdagp) AMD AGP Bus Filter Driver [Disabled | Stopped]
[08/04/2004 12:07 AM | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) - C:\WINDOWS\system32\drivers\AMDAGP.SYS

(AngelUsb) Angel USB MPEG Device [On_Demand | Stopped]
[02/17/2005 10:06 AM | 00,375,424 | ---- | M] (Emuzed, Inc.) - C:\WINDOWS\system32\drivers\AngelUsb.sys

(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [On_Demand | Running]
[11/16/2004 05:03 PM | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.) - C:\WINDOWS\system32\drivers\Apfiltr.sys

(APPDRV) APPDRV [System | Running]
[08/18/2004 03:53 PM | 00,016,128 | ---- | M] (Dell Inc) - C:\WINDOWS\system32\drivers\APPDRV.SYS

(asc) asc [Disabled | Stopped]
[08/17/2001 02:52 PM | 00,026,496 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc.sys

(asc3550) asc3550 [Disabled | Stopped]
[08/17/2001 02:51 PM | 00,014,848 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc3550.sys

(ASCTRM) ASCTRM [Auto | Running]
[08/03/2005 05:36 AM | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) - C:\WINDOWS\System32\drivers\asctrm.sys

(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [On_Demand | Running]
[05/26/2004 09:18 PM | 00,044,928 | ---- | M] (Broadcom Corporation) - C:\WINDOWS\system32\drivers\bcm4sbxp.sys

(bvrp_pci) bvrp_pci [On_Demand | Stopped]
[03/24/2004 11:12 AM | 00,004,272 | ---- | M] () - C:\WINDOWS\System32\drivers\bvrp_pci.sys

(BW2NDIS5) BW2NDIS5 [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\Drivers\BW2NDIS5.sys

(CmdIde) CmdIde [Disabled | Stopped]
[08/17/2001 02:51 PM | 00,006,656 | ---- | M] (CMD Technology, Inc.) - C:\WINDOWS\system32\drivers\cmdide.sys

(dac2w2k) dac2w2k [Disabled | Stopped]
[08/17/2001 02:52 PM | 00,179,584 | ---- | M] (Mylex Corporation) - C:\WINDOWS\system32\drivers\dac2w2k.sys

(dmboot) dmboot [Disabled | Stopped]
[08/10/2004 06:00 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[08/10/2004 06:00 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Disabled | Stopped]
[08/10/2004 06:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(drvmcdb) drvmcdb [Boot | Running]
[12/01/2004 04:22 AM | 00,087,488 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\drvmcdb.sys

(drvnddm) drvnddm [Auto | Running]
[11/23/2004 03:56 AM | 00,040,480 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\drvnddm.sys

(DSproct) DSproct [On_Demand | Running]
[10/05/2006 04:07 PM | 00,004,736 | ---- | M] (Gteko Ltd.) - C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

(dsunidrv) DellSupport UniDriver [Auto | Running]
[02/25/2007 12:10 PM | 00,005,376 | --S- | M] (Gteko Ltd.) - C:\WINDOWS\system32\drivers\dsunidrv.sys

(E100B) Intel® PRO Adapter Driver [On_Demand | Stopped]
[08/17/2001 01:12 PM | 00,117,760 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(HPFXBULK) HPFXBULK [On_Demand | Running]
[04/04/2006 05:20 PM | 00,009,344 | ---- | M] (Hewlett Packard) - C:\WINDOWS\system32\drivers\hpfxbulk.sys

(HPZid412) IEEE-1284.4 Driver HPZid412 [On_Demand | Running]
[10/28/2005 01:01 PM | 00,049,920 | R--- | M] (HP) - C:\WINDOWS\system32\drivers\HPZid412.sys

(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [On_Demand | Running]
[10/21/2005 01:58 PM | 00,016,496 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZipr12.sys

(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [On_Demand | Running]
[10/21/2005 01:52 PM | 00,021,568 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZius12.sys

(HSFHWICH) HSFHWICH [On_Demand | Running]
[06/17/2004 09:57 PM | 00,200,064 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSFHWICH.sys

(HSF_DP) HSF_DP [On_Demand | Running]
[06/17/2004 09:55 PM | 01,041,536 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_DP.sys

(IWCA) Intel Wireless Connection Agent Miniport for Win XP [On_Demand | Running]
[08/12/2004 09:44 AM | 00,234,496 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\iwca.sys

(MCSTRM) MCSTRM [Auto | Running]
[03/22/2008 08:51 PM | 00,008,413 | ---- | M] (RealNetworks, Inc.) - C:\WINDOWS\System32\drivers\mcstrm.sys

(mdmxsdk) mdmxsdk [Auto | Running]
[03/17/2004 07:04 PM | 00,013,059 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\mdmxsdk.sys

(mfeavfk) McAfee Inc. mfeavfk [On_Demand | Running]
[11/22/2007 06:44 AM | 00,079,304 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfeavfk.sys

(mfebopk) McAfee Inc. mfebopk [On_Demand | Running]
[11/22/2007 06:44 AM | 00,035,240 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfebopk.sys

(mfehidk) McAfee Inc. mfehidk [System | Running]
[11/22/2007 06:44 AM | 00,201,320 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfehidk.sys

(mferkdk) McAfee Inc. mferkdk [On_Demand | Stopped]
[11/22/2007 06:44 AM | 00,033,832 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mferkdk.sys

(mfesmfk) McAfee Inc. mfesmfk [On_Demand | Running]
[12/02/2007 12:51 PM | 00,040,488 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfesmfk.sys

(MPFP) MPFP [System | Running]
[07/13/2007 10:20 AM | 00,113,952 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\Mpfp.sys

(mraid35x) mraid35x [Disabled | Stopped]
[08/17/2001 02:52 PM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys

(nv) nv [On_Demand | Running]
[12/01/2004 12:05 AM | 02,842,432 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(omci) OMCI WDM Device Driver [System | Running]
[02/13/2004 05:46 PM | 00,017,153 | ---- | M] (Dell Inc) - C:\WINDOWS\system32\drivers\omci.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/10/2004 06:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[01/26/2005 03:03 AM | 00,020,576 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(ql1080) ql1080 [Disabled | Stopped]
[08/17/2001 02:52 PM | 00,040,320 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1080.sys

(ql12160) ql12160 [Disabled | Stopped]
[08/17/2001 02:52 PM | 00,045,312 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql12160.sys

(ql1280) ql1280 [Disabled | Stopped]
[08/17/2001 02:52 PM | 00,049,024 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1280.sys

(s24trans) WLAN Transport [Auto | Running]
[08/31/2004 09:53 AM | 00,011,354 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\s24trans.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 06:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(sisagp) SIS AGP Bus Filter [Disabled | Stopped]
[08/04/2004 12:07 AM | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\SISAGP.SYS

(Sparrow) Sparrow [Disabled | Stopped]
[08/17/2001 03:07 PM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys

(sscdbhk5) sscdbhk5 [System | Running]
[07/14/2004 12:29 PM | 00,005,627 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\sscdbhk5.sys

(ssrtln) ssrtln [System | Running]
[07/14/2004 12:28 PM | 00,023,545 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\ssrtln.sys

(STAC97) SigmaTel C-Major Audio [On_Demand | Running]
[03/10/2005 11:56 PM | 00,273,168 | ---- | M] (SigmaTel, Inc.) - C:\WINDOWS\system32\drivers\STAC97.sys

(symc810) symc810 [Disabled | Stopped]
[08/17/2001 03:07 PM | 00,016,256 | ---- | M] (Symbios Logic Inc.) - C:\WINDOWS\system32\drivers\symc810.sys

(symc8xx) symc8xx [Disabled | Stopped]
[08/17/2001 03:07 PM | 00,032,640 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\symc8xx.sys

(sym_hi) sym_hi [Disabled | Stopped]
[08/17/2001 03:07 PM | 00,028,384 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_hi.sys

(sym_u3) sym_u3 [Disabled | Stopped]
[08/17/2001 03:07 PM | 00,030,688 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_u3.sys

(tfsnboio) tfsnboio [Auto | Running]
[12/06/2004 02:05 AM | 00,025,883 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnboio.sys

(tfsncofs) tfsncofs [Auto | Running]
[12/06/2004 02:05 AM | 00,034,843 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsncofs.sys

(tfsndrct) tfsndrct [Auto | Running]
[12/06/2004 02:05 AM | 00,004,123 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsndrct.sys

(tfsndres) tfsndres [Auto | Running]
[12/06/2004 02:05 AM | 00,002,239 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsndres.sys

(tfsnifs) tfsnifs [Auto | Running]
[12/06/2004 02:05 AM | 00,086,586 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnifs.sys

(tfsnopio) tfsnopio [Auto | Running]
[12/06/2004 02:05 AM | 00,015,227 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnopio.sys

(tfsnpool) tfsnpool [Auto | Running]
[12/06/2004 02:05 AM | 00,006,363 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnpool.sys

(tfsnudf) tfsnudf [Auto | Running]
[12/06/2004 02:05 AM | 00,098,714 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnudf.sys

(tfsnudfa) tfsnudfa [Auto | Running]
[12/06/2004 02:05 AM | 00,100,603 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnudfa.sys

(ultra) ultra [Disabled | Stopped]
[08/17/2001 02:52 PM | 00,036,736 | ---- | M] (Promise Technology, Inc.) - C:\WINDOWS\system32\drivers\ultra.sys

(USBAAPL) Apple Mobile USB Driver [On_Demand | Stopped]
[10/31/2007 03:09 PM | 00,030,464 | ---- | M] (Apple, Inc.) - C:\WINDOWS\system32\drivers\usbaapl.sys

(w29n51) Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP [On_Demand | Running]
[10/21/2004 09:56 PM | 03,210,496 | ---- | M] (Intel® Corporation) - C:\WINDOWS\system32\drivers\w29n51.sys

(wanatw) WAN Miniport (ATW) [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\wanatw4.sys

(winachsf) winachsf [On_Demand | Running]
[06/17/2004 09:55 PM | 00,685,056 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_CNXT.sys

(WLNR) WLNR [On_Demand | Stopped]
[03/20/2006 06:38 PM | 00,144,896 | --S- | M] () - C:\WINDOWS\system32\drivers\WLNR.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"" = File not found
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = C:\Program Files\Google\Gmail Notifier\gnotify.exe [07/15/2005 05:48 PM | 00,479,232 | ---- | M] (Google Inc.)
"Apoint" = C:\Program Files\Apoint\Apoint.exe [09/13/2004 05:33 PM | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.)
"Dell QuickSet" = C:\Program Files\Dell\QuickSet\quickset.exe [03/04/2005 12:26 PM | 00,606,208 | ---- | M] ()
"DellSupportCenter" = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [11/15/2007 10:23 AM | 00,202,544 | ---- | M] (SupportSoft, Inc.)
"dla" = C:\WINDOWS\system32\dla\tfswctrl.exe [12/06/2004 02:05 AM | 00,127,035 | ---- | M] (Sonic Solutions)
"dscactivate" = "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM | 00,016,384 | ---- | M] ( )
"DVDLauncher" = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM | 00,053,248 | ---- | M] (CyberLink Corp.)
"HP Software Update" = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [02/16/2005 11:11 PM | 00,049,152 | ---- | M] (Hewlett-Packard Co.)
"IntelWireless" = C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless [10/30/2004 03:59 PM | 00,385,024 | ---- | M] (Intel Corporation)
"ISUSPM Startup" = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [07/27/2004 05:50 PM | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [08/09/2004 07:03 AM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13 AM | 00,267,048 | ---- | M] (Apple Inc.)
"mcagent_exe" = C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey [08/03/2007 11:33 PM | 00,582,992 | ---- | M] (McAfee, Inc.)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [12/01/2004 12:05 AM | 04,636,672 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /installquiet [12/01/2004 12:05 AM | 00,921,600 | ---- | M] (NVIDIA Corporation)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"RealTray" = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [08/03/2005 05:36 AM | 00,026,112 | ---- | M] (RealNetworks, Inc.)
"SiteAdvisor" = C:\Program Files\SiteAdvisor\6172\SiteAdv.exe [07/24/2006 04:28 PM | 00,035,992 | ---- | M] (McAfee, Inc.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"ToolBoxFX" = "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on [02/02/2006 09:12 AM | 00,045,056 | ---- | M] (HP)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"appmsgsmart" = C:\WINDOWS\system32\wpixazwn.exe [08/18/2008 02:36 PM | 00,094,208 | ---- | M] ()
"DellSupport" = "C:\Program Files\DellSupport\DSAgnt.exe" /startup [03/15/2007 11:09 AM | 00,460,784 | ---- | M] (Gteko Ltd.)
"DellSupportCenter" = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [11/15/2007 10:23 AM | 00,202,544 | ---- | M] (SupportSoft, Inc.)
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [05/19/2007 03:54 AM | 00,068,856 | ---- | M] (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-3875327452-380263002-1513438926-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"appmsgsmart" = C:\WINDOWS\system32\wpixazwn.exe [08/18/2008 02:36 PM | 00,094,208 | ---- | M] ()
"DellSupport" = "C:\Program Files\DellSupport\DSAgnt.exe" /startup [03/15/2007 11:09 AM | 00,460,784 | ---- | M] (Gteko Ltd.)
"DellSupportCenter" = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [11/15/2007 10:23 AM | 00,202,544 | ---- | M] (SupportSoft, Inc.)
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [05/19/2007 03:54 AM | 00,068,856 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-3875327452-380263002-1513438926-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[04/23/2008 03:38 AM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[10/29/2003 04:06 AM | 00,024,576 | ---- | M] (BVRP Software) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
File not found - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpzrcv01.LNK = C:\Program Files\HP\Temp\{B94428F6-E93C-4d1d-8580-46D70FA07A9D}\setup\hpzstub.exe
[11/11/2004 12:59 PM | 00,806,912 | ---- | M] (Intuit, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

[Tim Startup Folder - C:\Documents and Settings\Tim\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [12/18/2006 04:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - [12/04/2007 05:02 PM | 00,927,008 | ---- | M] () C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
HKLM CLSID: (DriveLetterAccess) - [12/06/2004 02:05 AM | 00,118,842 | ---- | M] (Sonic Solutions) C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
HKLM CLSID: (scriptproxy) - [10/24/2007 06:51 AM | 00,058,688 | ---- | M] (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\scriptsn.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
HKLM CLSID: (Google Toolbar Helper) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
HKLM CLSID: (Google Toolbar Notifier BHO) - [04/20/2008 10:07 AM | 00,734,704 | ---- | M] (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0BF43445-2F28-4351-9252-17FE6E806AA0}"
HKLM CLSID: (McAfee SiteAdvisor) - [12/04/2007 05:02 PM | 00,927,008 | ---- | M] () C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll

"{C7768536-96F8-4001-B1A2-90EE21279187}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll

"{C7768536-96F8-4001-B1A2-90EE21279187}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_USERS\S-1-5-21-3875327452-380263002-1513438926-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"InstallVisualStyle" = C:\WINDOWS\Resources\Themes\Royale\Royale.mss File not found
"InstallTheme" = C:\WINDOWS\Resources\Themes\Royale.the File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr" = 0
"NoDispBackgroundPage" = 0
"NoDispScrSavPage" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-21-3875327452-380263002-1513438926-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-21-3875327452-380263002-1513438926-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr" = 0
"NoDispBackgroundPage" = 0
"NoDispScrSavPage" = 0

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/10/2004 06:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 08:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 12:24 PM | 01,694,208 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/10/2004 06:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 08:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [01/25/2008 01:38 AM | 02,458,128 | ---- | M] (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [06/02/2008 11:13 AM | 20,638,504 | ---- | M] (Apple Inc.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 06:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/10/2004 06:00 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/10/2004 06:00 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/10/2004 06:00 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
"DllName" = C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [09/07/2004 05:08 PM | 00,110,592 | ---- | M] (Intel Corporation)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{9F9C7821-0828-4FBA-97F4-6559EF09D34B}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{B5284E90-C426-4FF4-95FD-BBDD3978CD9E}]
Servers: | Description: Broadcom 440x 10/100 Integrated Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C32B95DE-610A-460D-974F-7A2430606F43}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{D6BD0BBB-101B-4D90-9D32-08E336FFCAAE}]
Servers: | Description: Intel® PRO/Wireless 2200BG Network Connection

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[08/19/2004 05:07 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

autorun []
[08/08/2006 09:59 AM | ---D | M] E:\autorun [ FAT32 ]

autorun.inf [[autorun] | ICON=AUTORUN\WDLOGO.ICO | ]
[11/15/2005 11:08 AM | 00,000,036 | -H-- | M] () E:\autorun.inf [ FAT32 ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5747066f-25b4-11dd-b804-00123fdf560f}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5747066f-25b4-11dd-b804-00123fdf560f}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5747066f-25b4-11dd-b804-00123fdf560f}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d35c800-c153-11db-b71d-00038a000015}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d35c800-c153-11db-b71d-00038a000015}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d35c800-c153-11db-b71d-00038a000015}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

===== Hosts File =====

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

[Files/Folders - Created Within 90 days]
[08/18/2008 10:49 PM | ---D | C] - C:\SDFix
[08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[1 C:\WINDOWS\System32\*.tmp files]
[02/05/2007 07:49 PM | 00,188,416 | ---- | C] (Hewlett Packard) - C:\WINDOWS\System32\hppcew01.dll
[03/15/2007 03:45 PM | 00,000,630 | ---- | C] () - C:\WINDOWS\System32\HPPCPR01.DAT
[03/21/2007 08:54 PM | 00,229,376 | ---- | C] () - C:\WINDOWS\System32\HPPCPR01.DLL
[03/22/2007 01:45 PM | 00,573,440 | ---- | C] (Hewlett-Packard) - C:\WINDOWS\System32\hpxp3390.dll
[03/28/2007 07:36 PM | 00,327,680 | ---- | C] (Hewlett-Packard) - C:\WINDOWS\System32\HPPEPR01.DLL
[03/29/2007 05:01 PM | 00,372,736 | ---- | C] (Hewlett-Packard) - C:\WINDOWS\System32\hppldcoi.dll
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javacpl.cpl
[06/10/2008 02:32 AM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[06/29/2008 05:15 PM | ---D | C] - C:\WINDOWS\System32\NtmsData
[08/18/2008 02:36 PM | 00,094,208 | ---- | C] () - C:\WINDOWS\System32\wpixazwn.exe
[08/18/2008 02:36 PM | 00,194,560 | ---- | C] () - C:\WINDOWS\System32\qhihgvch.exe
[08/25/2008 07:14 PM | ---D | C] - C:\WINDOWS\System32\CatRoot_bak
[11/08/2006 06:35 PM | 00,053,248 | ---- | C] (Hewlett-Packard) - C:\WINDOWS\System32\hpzipm12.dll
[01/25/2006 04:03 AM | 00,002,037 | ---- | C] () - C:\WINDOWS\hppmdl02.dat.temp
[02/13/2007 11:42 PM | 00,001,432 | ---- | C] () - C:\WINDOWS\hpbvnstp.bu1
[02/13/2007 11:42 PM | 00,003,927 | ---- | C] () - C:\WINDOWS\hpbvnstp.hi1
[02/13/2007 11:43 PM | 00,000,560 | ---- | C] () - C:\WINDOWS\hpbvspst.bu1
[02/13/2007 11:43 PM | 00,000,940 | ---- | C] () - C:\WINDOWS\hpbvspst.hi1
[02/13/2007 11:53 PM | 00,053,630 | ---- | C] () - C:\WINDOWS\hppins02.dat.temp
[08/18/2008 10:33 PM | ---D | C] - C:\WINDOWS\pss
[08/25/2008 07:11 PM | ---D | C] - C:\WINDOWS\LastGood
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[07/05/2008 06:58 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Adobe
[08/18/2008 02:36 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\unelmvyx
[08/18/2008 06:43 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/25/2008 05:47 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\WinZip
[06/29/2008 11:58 PM | ---D | C] - C:\Documents and Settings\Tim\Application Data\Mozilla
[06/29/2008 11:58 PM | ---D | C] - C:\Documents and Settings\Tim\Application Data\Talkback
[07/05/2008 06:49 PM | ---D | C] - C:\Documents and Settings\Tim\Application Data\AdobeUM
[07/06/2008 01:19 PM | ---D | C] - C:\Documents and Settings\Tim\Application Data\Move Networks
[07/06/2008 02:04 AM | ---D | C] - C:\Documents and Settings\Tim\Application Data\Real
[08/18/2008 06:44 PM | ---D | C] - C:\Documents and Settings\Tim\Application Data\Malwarebytes
[08/25/2008 09:56 AM | ---D | C] - C:\Documents and Settings\Tim\Application Data\ZoomBrowser EX
[06/29/2008 11:58 PM | ---D | C] - C:\Documents and Settings\Tim\Local Settings\Application Data\Mozilla
[07/05/2008 07:03 PM | ---D | C] - C:\Documents and Settings\Tim\Local Settings\Application Data\NOS
[07/09/2008 04:32 PM | ---D | C] - C:\Documents and Settings\Tim\Local Settings\Application Data\Downloaded Installations
[07/10/2008 02:46 PM | ---D | C] - C:\Documents and Settings\Tim\Local Settings\Application Data\Identities
[07/11/2008 05:32 PM | ---D | C] - C:\Documents and Settings\Tim\Local Settings\Application Data\AOL
[08/25/2008 05:19 PM | ---D | C] - C:\Documents and Settings\Tim\Local Settings\Application Data\Runscanner.net
[1 C:\Documents and Settings\Tim\My Documents\*.tmp files]
[07/11/2008 04:33 PM | ---D | C] - C:\Documents and Settings\Tim\My Documents\BBK Statements
[07/11/2008 04:35 PM | ---D | C] - C:\Documents and Settings\Tim\My Documents\Resumes
[07/16/2008 07:52 PM | ---D | C] - C:\Documents and Settings\Tim\My Documents\My Scans
[07/16/2008 08:02 PM | ---D | C] - C:\Documents and Settings\Tim\My Documents\Hall Street Investments, LLC
[07/24/2008 10:49 PM | 03,399,680 | ---- | C] () - C:\Documents and Settings\Tim\My Documents\Upper Wooten Flyer.ppt
[07/29/2008 08:43 PM | 00,014,336 | ---- | C] () - C:\Documents and Settings\Tim\My Documents\Montrose Rehab Budget.xls
[08/16/2008 12:11 AM | ---D | C] - C:\Documents and Settings\Tim\My Documents\Paintings
[08/25/2008 04:27 PM | ---D | C] - C:\Documents and Settings\Tim\My Documents\Kolter Documents
[06/30/2008 04:40 PM | 00,001,604 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[07/05/2008 04:48 PM | 00,002,137 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[07/05/2008 06:59 PM | 00,001,740 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[08/19/2008 05:55 PM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/25/2008 05:47 PM | 00,001,732 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[08/13/2008 09:23 AM | 00,000,203 | ---- | C] () - C:\Documents and Settings\Tim\Desktop\Free GoToMeeting Trial.url
[08/18/2008 06:43 PM | 02,085,176 | ---- | C] (Malwarebytes Corporation ) - C:\Documents and Settings\Tim\Desktop\mbam-setup.exe
[08/19/2008 04:29 PM | 01,463,521 | ---- | C] () - C:\Documents and Settings\Tim\Desktop\SDFix.exe
[08/19/2008 05:32 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\Tim\Desktop\HijackThis.lnk
[08/19/2008 05:32 PM | 00,812,344 | ---- | C] (Trend Micro Inc.) - C:\Documents and Settings\Tim\Desktop\HJTInstall.exe
[08/19/2008 05:48 PM | 00,050,688 | ---- | C] (Atribune.org) - C:\Documents and Settings\Tim\Desktop\ATF_Cleaner.exe
[08/19/2008 05:53 PM | 00,128,368 | ---- | C] (Digital River) - C:\Documents and Settings\Tim\Desktop\Download_mbam-setup.exe
[08/19/2008 09:56 AM | 00,366,627 | ---- | C] (Avira GmbH) - C:\Documents and Settings\Tim\Desktop\tool_en.exe
[08/19/2008 10:45 AM | 00,490,740 | ---- | C] () - C:\Documents and Settings\Tim\Desktop\EQUEST
[08/20/2008 08:41 AM | 00,029,696 | ---- | C] () - C:\Documents and Settings\Tim\Desktop\OREO
[08/25/2008 05:33 PM | 00,277,118 | ---- | C] () - C:\Documents and Settings\Tim\Desktop\runscanner.run
[08/25/2008 05:33 PM | 02,065,549 | ---- | C] () - C:\Documents and Settings\Tim\Desktop\runscanner.zip
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\runscanner.zip:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
[08/25/2008 05:42 PM | 13,665,632 | ---- | C] () - C:\Documents and Settings\Tim\Desktop\winzip112.exe
[08/25/2008 07:11 PM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\Tim\Desktop\OTViewIt.exe
[07/05/2008 06:59 PM | 00,001,757 | ---- | C] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[07/09/2008 04:38 PM | 00,001,051 | ---- | C] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpzrcv01.LNK
[08/19/2008 05:54 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[06/30/2008 04:41 PM | ---D | C] - C:\Program Files\QuickTime
[06/30/2008 04:44 PM | ---D | C] - C:\Program Files\iPod
[06/30/2008 04:44 PM | ---D | C] - C:\Program Files\iTunes
[08/13/2008 09:22 AM | ---D | C] - C:\Program Files\Citrix
[08/18/2008 02:36 PM | ---D | C] - C:\Program Files\ycaubae
[08/18/2008 06:32 PM | ---D | C] - C:\Program Files\Enigma Software Group
[08/19/2008 05:32 PM | ---D | C] - C:\Program Files\Trend Micro
[08/19/2008 05:55 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/25/2008 05:47 PM | ---D | C] - C:\Program Files\WinZip

[Files/Folders - Modified Within 90 days]
[08/18/2008 06:24 PM | -HSD | M] - C:\System Volume Information
[08/18/2008 10:49 PM | ---D | M] - C:\SDFix
[08/25/2008 05:46 PM | R--D | M] - C:\Program Files
[08/25/2008 05:47 PM | -HSD | M] - C:\Config.Msi
[08/25/2008 07:14 PM | ---D | M] - C:\WINDOWS
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/18/2008 03:11 PM | ---D | M] - C:\WINDOWS\System32\drivers\etc
[1 C:\WINDOWS\System32\*.tmp files]
[06/10/2008 01:21 AM | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 01:21 AM | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javacpl.cpl
[06/10/2008 02:32 AM | 00,139,264 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[06/29/2008 05:15 PM | ---D | M] - C:\WINDOWS\System32\NtmsData
[07/09/2008 04:31 PM | 00,064,262 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[07/09/2008 04:31 PM | 00,405,878 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[07/09/2008 04:31 PM | 00,475,908 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[07/09/2008 04:34 PM | ---D | M] - C:\WINDOWS\System32\DRVSTORE
[07/09/2008 04:37 PM | ---D | M] - C:\WINDOWS\System32\ReinstallBackups
[07/10/2008 08:39 AM | ---D | M] - C:\WINDOWS\System32\FxsTmp
[07/11/2008 04:43 PM | ---D | M] - C:\WINDOWS\System32\Macromed
[07/11/2008 04:46 PM | ---D | M] - C:\WINDOWS\System32\appmgmt
[07/12/2008 06:25 PM | 00,000,664 | ---- | M] () - C:\WINDOWS\System32\d3d9caps.dat
[08/14/2008 08:12 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/18/2008 02:36 PM | 00,094,208 | ---- | M] () - C:\WINDOWS\System32\wpixazwn.exe
[08/18/2008 02:36 PM | 00,194,560 | ---- | M] () - C:\WINDOWS\System32\qhihgvch.exe
[08/18/2008 06:24 PM | ---D | M] - C:\WINDOWS\System32\Restore
[08/19/2008 05:55 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/25/2008 04:29 PM | 00,000,004 | ---- | M] () - C:\WINDOWS\System32\6A9592
[08/25/2008 04:29 PM | 00,870,128 | ---- | M] () - C:\WINDOWS\System32\mcs.rma
[08/25/2008 06:43 PM | 00,016,987 | ---- | M] () - C:\WINDOWS\System32\nvModes.001
[08/25/2008 06:43 PM | 00,016,987 | ---- | M] () - C:\WINDOWS\System32\nvModes.dat
[08/25/2008 07:11 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/25/2008 07:14 PM | ---D | M] - C:\WINDOWS\System32\CatRoot_bak
[08/25/2008 07:15 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/25/2008 07:48 AM | 00,062,872 | ---- | M] () - C:\WINDOWS\System32\Config.MPF
[08/25/2008 07:50 AM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/25/2008 07:50 AM | 00,017,146 | ---- | M] () - C:\WINDOWS\System32\nvapps.xml
[06/26/2008 10:49 AM | 00,000,376 | ---- | M] () - C:\WINDOWS\ODBC.INI
[06/28/2008 12:18 PM | -HSD | M] - C:\WINDOWS\CSC
[07/09/2008 04:36 PM | 00,000,390 | ---- | M] () - C:\WINDOWS\hpbvspst.ini
[07/09/2008 04:36 PM | 00,000,731 | ---- | M] () - C:\WINDOWS\hpbvspst.his
[07/09/2008 04:36 PM | 00,001,183 | ---- | M] () - C:\WINDOWS\hpbvnstp.ini
[07/09/2008 04:36 PM | 00,003,631 | ---- | M] () - C:\WINDOWS\hpbvnstp.his
[07/09/2008 04:38 PM | ---D | M] - C:\WINDOWS\twain_32
[07/09/2008 04:39 PM | 00,109,823 | ---- | M] () - C:\WINDOWS\hppins02.dat
[07/09/2008 05:44 PM | ---D | M] - C:\WINDOWS\Microsoft.NET
[07/09/2008 05:44 PM | R-SD | M] - C:\WINDOWS\assembly
[07/11/2008 04:46 PM | ---D | M] - C:\WINDOWS\Downloaded Installations
[07/11/2008 05:33 PM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[07/16/2008 07:50 PM | ---D | M] - C:\WINDOWS\WinSxS
[08/14/2008 11:10 PM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/14/2008 11:10 PM

#6
fenzodahl512

Posted 25 August 2008 - 05:42 PM

Malware Removal
9,863 posts

Hi.. Somehow your OTViewIt log has been cut-off.. can you please find and attach that log instead of post it?.. Thanks

#7
Atlanta Lounge

Posted 25 August 2008 - 07:34 PM

Member

Topic Starter
Member
32 posts

sure thing! it should be attached.

Attached Files

OTViewIt.Txt 117.7KB 411 downloads

#8
fenzodahl512

Posted 25 August 2008 - 08:10 PM

Malware Removal
9,863 posts

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\WINDOWS\system32\wpixazwn.exe
E:\autorun.inf
C:\WINDOWS\System32\qhihgvch.exe
C:\Documents and Settings\All Users\Application Data\unelmvyx
EmptyTemp
purity
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If above OTMoveIt2 link above is broken, please use this link instead..

NEXT

I noticed that you already have Malwarebytes' Anti-Malware.. Please run and update it..

Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please post these logs in your next reply..

1. OTMoveIt2
2. Malwarebytes'
3. A fresh HijackThis log (after Malwarebytes' step)
4. Tell me about your computer behaviour..

#9
Atlanta Lounge

Posted 26 August 2008 - 05:15 AM

Member

Topic Starter
Member
32 posts

Behavior of my computer is good right now. Mainly I have just been getting pop ups. Computer speed is about the same as always.

Explorer killed successfully
C:\WINDOWS\system32\wpixazwn.exe moved successfully.
E:\autorun.inf moved successfully.
C:\WINDOWS\System32\qhihgvch.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\unelmvyx moved successfully.
< EmptyTemp >
File delete failed. C:\WINDOWS\temp\mcmsc_K4hSiH7H02V7Mb2 scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08252008_221819

Files moved on Reboot...
File C:\WINDOWS\temp\mcmsc_K4hSiH7H02V7Mb2 not found!

Malwarebytes' Anti-Malware 1.25
Database version: 1087
Windows 5.1.2600 Service Pack 2

7:10:01 AM 8/26/2008
mbam-log-08-26-2008 (07-10-01).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 117644
Time elapsed: 1 hour(s), 18 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:45 AM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Apoint\Apoint.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [appmsgsmart] C:\WINDOWS\system32\wpixazwn.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hpzrcv01.LNK = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O21 - SSODL: webdsc - {5629C229-99A6-06E4-D31B-00CF0FD02085} - C:\Program Files\ycaubae\webdsc.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11526 bytes

#10
fenzodahl512

Posted 26 August 2008 - 09:37 AM

Malware Removal
9,863 posts

Behavior of my computer is good right now. Mainly I have just been getting pop ups. Computer speed is about the same as always.

Do you still have that pop-us?

Please show hidden files and folders. Please visit HERE if you don't know how.

Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
- C:\WINDOWS\system32\wpixazwn.exe
  C:\Program Files\ycaubae\webdsc.dll
Click on the Upload button. You can only submit one file per round
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

If VirScan.org server is too busy, please submit the file to VirusTotal instead.

#11
Atlanta Lounge

Posted 26 August 2008 - 10:40 PM

Member

Topic Starter
Member
32 posts

The file C:\WINDOWS\system32\wpixazwn.exe was not found.

The other file had the following log:

VirSCAN.org Scanned Report :
Scanned time : 2008/08/27 00:33:33 (EDT)
Scanner results: 3% Scanner(1/36) found malware!
File Name : webdsc.dll
File Size : 110592 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 081250f80d512fc517472e44ec92a55f
SHA1 : 47dfe282471474798a624c0be188a48e82a1b1d2
Online report : http://virscan.org/r...c6a9728a80.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.08.26 2008-08-26 7.43 -
AhnLab V3 2008.08.26.01 2008.08.26 2008-08-26 0.89 -
AntiVir 7.8.1.23 7.0.6.74 2008-08-26 2.25 -
Arcavir 1.0.5 200808261810 2008-08-26 1.20 -
AVAST! 3.0.1 080826-0 2008-08-26 0.01 -
AVG 7.5.51.442 270.6.9/1636 2008-08-26 1.53 -
BitDefender 7.60825.1611748 7.20684 2008-08-27 2.87 -
CA (VET) 9.0.0.143 31.6.6050 2008-08-26 4.22 -
ClamAV 0.93.3 8096 2008-08-27 0.03 -
Comodo 2.11 2.0.0.628 2008-08-26 0.42 -
CP Secure 1.1.0.715 2008.08.27 2008-08-27 6.34 -
Dr.Web 4.44.0.9170 2008.08.26 2008-08-26 3.13 -
ewido 4.0.0.2 2008.08.26 2008-08-26 2.67 -
F-Prot 4.4.4.56 20080826 2008-08-26 1.01 -
F-Secure 5.51.6100 2008.08.27.02 2008-08-27 0.04 -
Fortinet 2.81-3.11 9.472 2008-08-25 1.73 -
ViRobot 20080826 2008.08.26 2008-08-26 0.40 -
Ikarus T3.1.01.34 2008.08.26.71343 2008-08-26 3.17 -
JiangMin 11.0.706 2008.08.26 2008-08-26 1.16 -
Kaspersky 5.5.10 2008.08.27 2008-08-27 0.03 -
KingSoft 2008.1.14.15 2008.8.27.10 2008-08-27 0.65 -
McAfee 5.2.00 5370 2008-08-26 2.64 -
Microsoft 1.3807 2008.08.26 2008-08-26 4.60 -
mks_vir 2.01 2008.08.25 2008-08-25 2.63 -
Norman 5.93.01 5.93.00 2008-08-26 5.09 -
Panda 9.05.01 2008.08.26 2008-08-26 2.25 -
Trend Micro 8.700-1004 5.500.07 2008-08-26 0.03 -
Quick Heal 9.50 2008.08.26 2008-08-26 1.85 -
Rising 20.0 20.59.12.00 2008-08-26 0.96 -
Sophos 2.77.0 4.32 2008-08-27 1.99 Mal/EncPk-DG
Sunbelt 3.1.1582.1 2204 2008-08-25 0.80 -
Symantec 1.3.0.24 20080826.023 2008-08-26 0.05 -
nProtect 2008-08-25.00 1927364 2008-08-25 7.04 -
The Hacker 6.3.0.6 v00060 2008-08-22 0.41 -
VBA32 3.12.8.4 20080826.0635 2008-08-26 1.12 -
VirusBuster 4.5.11.10 10.84.12/598596 2008-08-26 0.86 -

#12
fenzodahl512

Posted 26 August 2008 - 11:06 PM

Malware Removal
9,863 posts

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
[*]Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
[*]Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\WINDOWS\system32\wpixazwn.exe
C:\Program Files\ycaubae
EmptyTemp
purity
[start explorer]

[*] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
[*]Click the red Moveit! button.
[*]A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
[*]Close OTMoveIt2
[/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

NEXT

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [appmsgsmart] C:\WINDOWS\system32\wpixazwn.exe
O21 - SSODL: webdsc - {5629C229-99A6-06E4-D31B-00CF0FD02085} - C:\Program Files\ycaubae\webdsc.dll

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis. Reboot your computer..

Post me OTMoveIt2 log along with a fresh HijackThis log (after HijackThis step) in your next reply..

#13
Atlanta Lounge

Posted 27 August 2008 - 06:53 AM

Member

Topic Starter
Member
32 posts

Explorer killed successfully
File/Folder C:\WINDOWS\system32\wpixazwn.exe not found.
C:\Program Files\ycaubae moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Tim\LOCALS~1\Temp\etilqs_PyjoicVqMtdnQMp4jGFD scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_k63lz4NiwOCS8a9 scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08272008_082730

Files moved on Reboot...
File C:\DOCUME~1\Tim\LOCALS~1\Temp\etilqs_PyjoicVqMtdnQMp4jGFD not found!
File C:\WINDOWS\temp\mcmsc_k63lz4NiwOCS8a9 not found!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:26 AM, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hpzrcv01.LNK = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11319 bytes

#14
fenzodahl512

Posted 27 August 2008 - 07:11 AM

Malware Removal
9,863 posts

Your log looks clean to me.. How is your computer now?.. Lets do an online scan to make sure we don't miss anything..

Please visit here and download >> install Java.. Then do below..

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

#15
Atlanta Lounge

Posted 27 August 2008 - 07:57 AM

Member

Topic Starter
Member
32 posts

Kaspersky runs the on-line scan but when it does the "Update Kaspersky Antivirus Database" it says my license has expired. I don't think I have ever had a license.