[Godjira]

I've been trying to research my problem for the past week. And I've come to the conclusion that I may have a virus of some sort.

I run Windows XP and I have D-Link 615 router. There is only one other computer that is linked to the wireless network and that is the labtop I'm using right now. It is the only one with a consistent connection to the net. My wired computer disconnects from the internet sporadically then reconnects after 30 minutes to an hour or so.

I haven't done anything new or out of the ordinary. The only thing I can think of is that I had to reset my router and set up my network from scratch. After that, my connection hasn't been the same. I've called DLink about my problem, but the best answer they could give me is plugging into another port on my router.

I don't believe my router is the issue. When I run Network Diagnostics on internet explorer I get an error on my WinSock Status. It says error attempting to validate the Winsock Base Providers: 2. At first I thought the winsock was the problem and I've opened up the command prompt and have reset it as well as downloaded Winsock XP Fix. I also recieve an error on my HTTP, HTTPS, FTP connectivity.

I've also ran Network Diagnostics in Help and Support and the following has failed on my Network Adapters:
Default Gateway (same subnet)
DHCP server
DNSServerSearchOrder

I've tried to repair my connections but it always gets stuck on renewing my IP Address. It seems I never can do it.

I've also downloaded and ran ad-aware and spybot and super anti spy ware. All three picked up on different things,and I have taken the steps to rid them from my computer already.

If it's not an attack then why would my computer act differently when it was running just fine?

Anyway here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:12 PM, on 8/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\1196058878\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://franchiseece.../nav/login.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cox.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE" /P30 "EPSON Stylus Photo R340 Series" /O6 "USB003" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1196058878\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1205177798140
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 13868 bytes


Thank you so much for trying to help me out here. I'm so desperate and I want to avoid taking it in to a shop because of the rip offs and people claiming to be knowledgeable.

Edited by Godjira, 20 August 2008 - 10:05 PM.

[Advertisements]

Hello Godjira, and welcome to Geeks To Go! My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again.

Sorry for the delay, but as you can tell we are quite busy these days

I am looking over you log now, and I will post your first set of instructions shortly.

[BHowett]

Hello Godjira, and welcome to Geeks To Go! My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again.

Sorry for the delay, but as you can tell we are quite busy these days

I am looking over you log now, and I will post your first set of instructions shortly.

[Godjira]

Oh, thank you so much. I really appreciate your kindness. I'm just happy I got a response.

Take your time.

[BHowett]

Hi Godjira,


I’m not seeing much in your HJT log, and I suspect the problem may have something to due with:

The only thing I can think of is that I had to reset my router and set up my network from scratch. After that, my connection hasn't been the same.

My first question is why did you have to reset your router? What I will do here is take a look at your system and see if you have any infections. If you do we will clean them and see if that fixes your problem. Once I give you the all clear if you’re still having the same problem, I might have to refer you to the tech forums here at Geeks to Go.

Lets get started….

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
===============================================

OTViewIt
Download OTViewIt to your desktop.

• Close all windows and double click OTViewIt
• Place a tick in the Scan all Users box
• In the File Age drop down box select 60 days
• Click Run Scan and let the program run uninterrupted
• On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.

===============================================

Needed in your next reply:

Malwarebytes Log
OTViewIt.txt and Extras.txt logs

*NOTE* You may need to post the requested logs in more then one reply due to how long they are. Please check to make sure all of the logs are posted.

[Godjira]

Malwarebytes' Anti-Malware 1.25
Database version: 1088
Windows 5.1.2600 Service Pack 3

10:30:06 PM 8/26/2008
mbam-log-08-26-2008 (22-30-06).txt

Scan type: Quick Scan
Objects scanned: 52392
Time elapsed: 8 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

[Godjira]

OTViewIt logfile created on: 8/26/2008 10:50:10 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 207.44 Mb Available Physical Memory | 21.64% Memory free
2.26 Gb Paging File | 1.09 Gb Available in Paging File | 48.30% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.41 Gb Total Space | 34.45 Gb Free Space | 15.35% Space Free | Partition Type: NTFS
Drive D: | 8.45 Gb Total Space | 0.45 Gb Free Space | 5.33% Space Free | Partition Type: FAT32
Drive E: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MONICA
Current User Name: HP_Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

===== Processes - Non-Microsoft Only =====

[02/11/2008 05:22 PM | 00,169,320 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
[02/11/2008 05:22 PM | 00,191,848 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
[03/12/2007 06:30 PM | 00,517,768 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[10/01/2007 02:50 PM | 00,214,408 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
[05/11/2006 03:50 PM | 01,160,848 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
[01/31/2008 06:34 PM | 01,251,720 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[08/18/2008 02:08 PM | 00,611,664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[03/18/2008 04:27 PM | 00,013,312 | ---- | M] (Agere Systems) - C:\WINDOWS\system32\agrsmsvc.exe
[09/06/2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[08/02/2005 05:19 PM | 00,058,880 | ---- | M] (Microsoft) - C:\WINDOWS\arservice.exe
[05/15/2006 06:24 PM | 00,100,032 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[12/18/2005 07:26 PM | 00,073,728 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[05/23/2007 12:13 PM | 00,139,888 | ---- | M] (Symantec Corporation) - C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
[05/23/2007 12:13 PM | 00,046,704 | ---- | M] (Symantec Corporation) - C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE
[01/04/2008 08:56 PM | 03,572,592 | ---- | M] (Webroot Software, Inc.) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
[04/25/2005 09:00 PM | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION) - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAJA.EXE
[03/26/2008 05:27 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.) - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[02/02/2005 04:44 PM | 00,061,440 | ---- | M] (Hewlett-Packard Company) - C:\hp\KBD\kbd.exe
[11/01/2005 03:01 AM | 00,090,112 | ---- | M] (Sonic Solutions) - C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
[02/11/2008 05:22 PM | 00,053,096 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
[08/02/2005 05:19 PM | 00,077,312 | ---- | M] (Microsoft) - C:\WINDOWS\arpwrmsg.exe
[05/12/2005 12:12 AM | 00,049,152 | ---- | M] (Hewlett-Packard Co.) - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[05/12/2004 03:18 PM | 00,241,664 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[04/12/2007 02:23 PM | 00,042,032 | ---- | M] (AOL LLC) - C:\Program Files\Common Files\AOL\1196058878\ee\aolsoftware.exe
[03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[01/08/2008 05:20 PM | 00,451,896 | ---- | M] (Pure Networks, Inc.) - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
[01/04/2008 08:56 PM | 05,367,664 | ---- | M] (Webroot Software, Inc.) - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
[09/07/2007 04:01 PM | 00,043,008 | ---- | M] () - C:\Program Files\BitTorrent\bittorrent.exe
[08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited) - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[05/28/2004 10:31 PM | 00,241,664 | ---- | M] (Hewlett-Packard Co.) - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[11/29/2006 05:48 PM | 00,118,784 | ---- | M] (Nikon Corporation) - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
[03/07/2006 12:02 AM | 00,036,903 | ---- | M] (Hewlett-Packard) - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
[03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[08/26/2008 10:11 AM | 01,576,176 | ---- | M] (SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[05/28/2004 11:08 PM | 00,520,192 | ---- | M] (Hewlett-Packard Co.) - C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
[12/15/2006 01:36 PM | 00,750,720 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
[09/07/2004 06:47 AM | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\ALCXMNTR.EXE
[08/13/2005 10:05 PM | 00,344,064 | ---- | M] (ATI Technologies, Inc.) - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[05/07/1998 02:04 AM | 00,052,736 | ---- | M] (Hewlett-Packard Company) - c:\WINDOWS\system\hpsysdrv.exe
[07/18/2008 03:05 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
[05/23/2008 11:52 AM | 01,138,688 | ---- | M] (Last.fm) - C:\Program Files\Last.fm\LastFM.exe
[03/30/2008 10:36 AM | 20,638,504 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunes.exe
[02/18/2008 11:24 AM | 00,141,048 | ---- | M] () - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
[01/15/2008 02:48 AM | 00,014,864 | ---- | M] () - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
[01/04/2008 08:34 PM | 00,214,384 | ---- | M] () - C:\Program Files\Webroot\Spy Sweeper\ssu.exe
[04/04/2008 02:56 PM | 01,123,608 | ---- | M] (Diskeeper Corporation) - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
[08/26/2008 10:47 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\HP_Administrator\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(aawservice) Lavasoft Ad-Aware Service [Auto | Running]
[08/18/2008 02:08 PM | 00,611,664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

(Adobe LM Service) Adobe LM Service [On_Demand | Stopped]
[05/12/2006 08:45 PM | 00,068,096 | ---- | M] () - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

(AgereModemAudio) Agere Modem Call Progress Audio [Auto | Running]
[03/18/2008 04:27 PM | 00,013,312 | ---- | M] (Agere Systems) - C:\WINDOWS\system32\agrsmsvc.exe

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[09/06/2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(ARSVC) ARSVC [Auto | Running]
[08/02/2005 05:19 PM | 00,058,880 | ---- | M] (Microsoft) - C:\WINDOWS\arservice.exe

(Ati HotKey Poller) Ati HotKey Poller [Auto | Stopped]
[08/13/2005 02:29 PM | 00,376,832 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe

(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Auto | Running]
[05/15/2006 06:24 PM | 00,100,032 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

(ccEvtMgr) Symantec Event Manager [Auto | Running]
[02/11/2008 05:22 PM | 00,191,848 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE

(ccSetMgr) Symantec Settings Manager [Auto | Running]
[02/11/2008 05:22 PM | 00,169,320 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/13/2008 05:12 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[04/04/2005 12:41 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

(iPod Service) iPod Service [On_Demand | Running]
[03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(LightScribeService) LightScribeService Direct Disc Labeling Service [Auto | Running]
[12/18/2005 07:26 PM | 00,073,728 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(LiveUpdate) LiveUpdate [On_Demand | Stopped]
[05/15/2006 06:24 PM | 02,086,592 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE

(LiveUpdate Notice Service) LiveUpdate Notice Service [Auto | Running]
[03/12/2007 06:30 PM | 00,517,768 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

(navapsvc) Norton AntiVirus Auto-Protect Service [Auto | Running]
[05/23/2007 12:13 PM | 00,139,888 | ---- | M] (Symantec Corporation) - C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE

(NPFMntor) Norton AntiVirus Firewall Monitor Service [Auto | Running]
[05/23/2007 12:13 PM | 00,046,704 | ---- | M] (Symantec Corporation) - C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE

(NSCService) Norton Protection Center Service [On_Demand | Running]
[12/15/2006 01:36 PM | 00,750,720 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

(Pml Driver HPZ12) Pml Driver HPZ12 [Disabled | Stopped]
File not found - \SystemRoot\C:\WINDOWS\system32\HPZipm12.exe

(SAVScan) Symantec AVScan [On_Demand | Stopped]
[08/26/2005 02:22 PM | 00,198,368 | ---- | M] (Symantec Corporation) - C:\Program Files\Norton AntiVirus\SAVScan.exe

(SNDSrvc) Symantec Network Drivers Service [Auto | Running]
[10/01/2007 02:50 PM | 00,214,408 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

(SPBBCSvc) SPBBCSvc [Auto | Running]
[05/11/2006 03:50 PM | 01,160,848 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

(Symantec Core LC) Symantec Core LC [Auto | Running]
[01/31/2008 06:34 PM | 01,251,720 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Auto | Running]
[01/04/2008 08:56 PM | 03,572,592 | ---- | M] (Webroot Software, Inc.) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

(Diskeeper) Diskeeper [Auto | Running]
[04/04/2008 02:56 PM | 01,123,608 | ---- | M] (Diskeeper Corporation) - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

===== Driver Services - Non-Microsoft Only =====

(AgereSoftModem) Agere Systems Soft Modem [On_Demand | Running]
[03/21/2008 04:13 PM | 01,203,776 | ---- | M] (Agere Systems) - C:\WINDOWS\system32\drivers\AGRSM.sys

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running]
[08/29/2005 08:11 AM | 03,644,928 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS

(AmdK8) AMD Processor Driver [System | Running]
[03/09/2005 06:53 AM | 00,036,352 | ---- | M] (Advanced Micro Devices) - C:\WINDOWS\system32\drivers\AmdK8.sys

(ati2mtag) ati2mtag [On_Demand | Running]
[08/13/2005 02:35 PM | 01,313,792 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\drivers\ati2mtag.sys

(bb-run) Promise driver accelerator [Boot | Running]
[11/05/2003 12:45 AM | 00,017,408 | ---- | M] (Promise Technology, Inc.) - C:\WINDOWS\system32\drivers\bb-run.sys

(dmboot) dmboot [Disabled | Stopped]
[04/13/2008 11:44 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[04/13/2008 11:44 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[08/09/2004 02:00 PM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(eeCtrl) Symantec Eraser Control driver [System | Running]
[08/22/2008 01:00 AM | 00,371,248 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys

(EraserUtilRebootDrv) EraserUtilRebootDrv [On_Demand | Running]
[08/22/2008 01:00 AM | 00,099,376 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys

(ftsata2) ftsata2 [Boot | Running]
[06/29/2005 10:03 AM | 00,175,104 | ---- | M] (Promise Technology, Inc.) - C:\WINDOWS\system32\drivers\ftsata2.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(hcwPP2) Hauppauge WinTV PVR PCI II ([23|25|26]xxx) [On_Demand | Running]
[07/28/2005 11:07 AM | 00,156,800 | ---- | M] (Hauppauge Computer Works, Inc.) - C:\WINDOWS\system32\drivers\hcwPP2.sys

(HPZid412) IEEE-1284.4 Driver HPZid412 [On_Demand | Running]
[01/19/2007 11:46 AM | 00,049,920 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZid412.sys

(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [On_Demand | Running]
[01/19/2007 11:46 AM | 00,016,496 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZipr12.sys

(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [On_Demand | Running]
[10/21/2005 07:52 PM | 00,021,568 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZius12.sys

(iaStor) Intel RAID Controller [Boot | Running]
[06/16/2005 11:33 PM | 00,872,064 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\iaStor.sys

(NAVENG) NAVENG [On_Demand | Running]
[04/02/2007 01:00 AM | 00,077,688 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070511.019\NAVENG.SYS

(NAVEX15) NAVEX15 [On_Demand | Running]
[04/02/2007 01:00 AM | 00,852,824 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070511.019\NAVEX15.SYS

(pcouffin) VSO Software pcouffin [On_Demand | Running]
[08/30/2007 11:48 AM | 00,047,360 | ---- | M] (VSO Software) - C:\WINDOWS\system32\drivers\pcouffin.sys

(pnarp) Pure Networks Device Discovery Driver [Auto | Running]
[01/08/2008 05:16 PM | 00,023,992 | ---- | M] (Pure Networks, Inc.) - C:\WINDOWS\system32\drivers\pnarp.sys

(Ps2) Ps2 [On_Demand | Running]
[12/12/2005 05:27 PM | 00,019,072 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\drivers\PS2.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/09/2004 02:00 PM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[03/26/2008 06:01 PM | 00,036,624 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(RTL8023xp) Realtek 10/100/1000 PCI NIC Family NDIS XP Driver [On_Demand | Running]
[02/25/2008 12:54 PM | 00,105,088 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtnicxp.sys

(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [On_Demand | Stopped]
[08/03/2004 07:31 AM | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) - C:\WINDOWS\system32\drivers\RTL8139.sys

(SASENUM) SASENUM [On_Demand | Running]
[05/28/2008 10:33 AM | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

(SASKUTIL) SASKUTIL [System | Running]
[05/28/2008 10:33 AM | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

(SAVRT) SAVRT [On_Demand | Running]
[08/26/2005 02:22 PM | 00,334,984 | ---- | M] (Symantec Corporation) - C:\Program Files\Norton AntiVirus\savrt.sys

(SAVRTPEL) SAVRTPEL [System | Running]
[08/26/2005 02:22 PM | 00,053,896 | ---- | M] (Symantec Corporation) - C:\Program Files\Norton AntiVirus\Savrtpel.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 03:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(SPBBCDrv) SPBBCDrv [System | Running]
[05/11/2006 03:50 PM | 00,389,776 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

(SSFS0BB9) Spy Sweeper File System Filer Driver: 0BB9 [Boot | Running]
[01/04/2008 08:34 PM | 00,020,336 | ---- | M] (Webroot Software Inc (www.webroot.com)) - C:\WINDOWS\system32\drivers\SSFS0BB9.sys

(SSHRMD) Spy Sweeper Hookrack MiniDriver [Boot | Running]
[01/04/2008 08:34 PM | 00,021,872 | ---- | M] (Webroot Software Inc (www.webroot.com)) - C:\WINDOWS\system32\drivers\sshrmd.sys

(SSIDRV) Spy Sweeper Interdiction Driver [Boot | Running]
[01/04/2008 08:34 PM | 00,163,696 | ---- | M] (Webroot Software Inc (www.webroot.com)) - C:\WINDOWS\system32\drivers\ssidrv.sys

(SSKBFD) Webroot Spy Sweeper Keylogger Shield Keyboard Filter [On_Demand | Running]
[01/04/2008 08:34 PM | 00,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) - C:\WINDOWS\system32\drivers\sskbfd.sys

(SYMDNS) SYMDNS [On_Demand | Running]
[10/01/2007 02:48 PM | 00,012,680 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symdns.sys

(SymEvent) SymEvent [On_Demand | Running]
[05/31/2008 01:08 AM | 00,123,952 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\SYMEVENT.SYS

(SYMFW) SYMFW [On_Demand | Running]
[10/01/2007 02:49 PM | 00,098,184 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symfw.sys

(SYMIDS) SYMIDS [On_Demand | Running]
[10/01/2007 02:49 PM | 00,031,624 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symids.sys

(SYMIDSCO) SYMIDSCO [On_Demand | Running]
[02/13/2008 09:18 AM | 00,240,496 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20080813.001\SymIDSCo.sys

(symlcbrd) symlcbrd [Auto | Running]
[05/09/2006 07:52 PM | 00,010,344 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symlcbrd.sys

(SYMNDIS) SYMNDIS [On_Demand | Running]
[10/01/2007 02:49 PM | 00,028,040 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symndis.sys

(SYMREDRV) SYMREDRV [On_Demand | Running]
[10/01/2007 02:49 PM | 00,023,944 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symredrv.sys

(SYMTDI) SYMTDI [System | Running]
[10/01/2007 02:49 PM | 00,189,320 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symtdi.sys

(WN5301) LIteon Wireless PCI Network Adapter Service [On_Demand | Running]
[10/05/2005 03:44 AM | 00,468,768 | ---- | M] (Liteon Technology Inc.) - C:\WINDOWS\system32\drivers\wn5301.sys

(SASDIFSV) SASDIFSV [System | Running]
[05/28/2008 10:33 AM | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlwaysReady Power Message APP" = ARPWRMSG.EXE [08/02/2005 05:19 PM | 00,077,312 | ---- | M] (Microsoft)
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/11/2008 05:22 PM | 00,053,096 | ---- | M] (Symantec Corporation)
"DMAScheduler" = "c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [11/01/2005 03:01 AM | 00,090,112 | ---- | M] (Sonic Solutions)
"EPSON Stylus Photo R340 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE" /P30 "EPSON Stylus Photo R340 Series" /O6 "USB003" /M "Stylus Photo R340" [04/25/2005 09:00 PM | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION)
"HostManager" = "C:\Program Files\Common Files\AOL\1196058878\ee\AOLSoftware.exe" [04/12/2007 02:23 PM | 00,042,032 | ---- | M] (AOL LLC)
"HP Component Manager" = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 03:18 PM | 00,241,664 | ---- | M] (Hewlett-Packard Company)
"HP Software Update" = "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/12/2005 12:12 AM | 00,049,152 | ---- | M] (Hewlett-Packard Co.)
"HPBootOp" = "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run [11/09/2005 10:29 AM | 00,249,856 | ---- | M] (Hewlett-Packard Company)
"ISUSPM Startup" = "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup [08/11/2005 04:30 PM | 00,249,856 | ---- | M] (Macrovision Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [08/11/2005 04:30 PM | 00,081,920 | ---- | M] (Macrovision Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.)
"KBD" = C:\HP\KBD\KBD.EXE [02/02/2005 04:44 PM | 00,061,440 | ---- | M] (Hewlett-Packard Company)
"nmctxth" = "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [01/08/2008 05:20 PM | 00,451,896 | ---- | M] (Pure Networks, Inc.)
"PCDrProfiler" = File not found
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [03/28/2008 11:37 PM | 00,413,696 | ---- | M] (Apple Inc.)
"Recguard" = C:\WINDOWS\SMINST\RECGUARD.EXE [07/22/2005 04:14 PM | 00,237,568 | ---- | M] ()
"SpySweeper" = C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray [01/04/2008 08:56 PM | 05,367,664 | ---- | M] (Webroot Software, Inc.)
"Symantec PIF AlertEng" = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" [03/12/2007 06:30 PM | 00,517,768 | ---- | M] (Symantec Corporation)
"TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [03/26/2008 05:27 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent" = "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized [09/07/2007 04:01 PM | 00,043,008 | ---- | M] ()
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited)
"SUPERAntiSpyware" = "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [08/26/2008 10:11 AM | 01,576,176 | ---- | M] (SUPERAntiSpyware.com)
"updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 [03/30/2006 04:45 PM | 00,313,472 | R--- | M] (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-4000075821-4059151838-4144556686-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent" = "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized [09/07/2007 04:01 PM | 00,043,008 | ---- | M] ()
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited)
"SUPERAntiSpyware" = "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [08/26/2008 10:11 AM | 01,576,176 | ---- | M] (SUPERAntiSpyware.com)
"updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 [03/30/2006 04:45 PM | 00,313,472 | R--- | M] (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-4000075821-4059151838-4144556686-1008\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[11/04/1999 03:06 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[09/23/2005 10:05 PM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[05/28/2004 10:31 PM | 00,241,664 | ---- | M] (Hewlett-Packard Co.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[05/28/2004 11:06 PM | 00,053,248 | ---- | M] (Hewlett-Packard Co.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
[11/29/2006 05:48 PM | 00,118,784 | ---- | M] (Nikon Corporation) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
[03/07/2006 12:02 AM | 00,036,903 | ---- | M] (Hewlett-Packard) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]
[11/06/1999 04:11 PM | 00,027,136 | ---- | M] (Hewlett-Packard Co.) - C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe

[HP_Administrator Startup Folder - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
HKLM CLSID: (RealPlayer Download and Record Plugin for Internet Explorer) - [03/26/2008 05:28 PM | 00,308,856 | ---- | M] (RealPlayer) C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [07/07/2008 09:41 AM | 01,562,448 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

===== Toolbars =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [10/12/2006 11:38 AM | 02,108,480 | ---- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

"{C4069E3A-68F1-403E-B40E-20066696354B}"
HKLM CLSID: (Norton AntiVirus) - [05/23/2007 12:13 PM | 00,140,912 | ---- | M] (Symantec Corporation) C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [10/12/2006 11:38 AM | 02,108,480 | ---- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_USERS\S-1-5-21-4000075821-4059151838-4144556686-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [10/12/2006 11:38 AM | 02,108,480 | ---- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

"{C4069E3A-68F1-403E-B40E-20066696354B}"
HKLM CLSID: (Norton AntiVirus) - [05/23/2007 12:13 PM | 00,140,912 | ---- | M] (Symantec Corporation) C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL

[HKEY_USERS\S-1-5-21-4000075821-4059151838-4144556686-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [10/12/2006 11:38 AM | 02,108,480 | ---- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"InstallVisualStyle" = C:\WINDOWS\Resources\Themes\Royale\Royale.mss File not found
"InstallTheme" = C:\WINDOWS\Resources\Themes\Royale.the File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-4000075821-4059151838-4144556686-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 0

[HKEY_USERS\S-1-5-21-4000075821-4059151838-4144556686-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [03/07/2006 12:02 AM | 00,036,903 | ---- | M] (Hewlett-Packard)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 03:35 PM | 00,067,112 | ---- | M] (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [05/28/2004 10:31 PM | 00,241,664 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [05/12/2005 01:40 AM | 00,204,800 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [06/21/2004 11:04 PM | 00,225,280 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [06/21/2004 11:05 PM | 00,032,768 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [06/21/2004 10:57 PM | 00,081,920 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [05/26/2004 03:22 PM | 00,163,840 | ---- | M] ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [05/26/2004 03:20 PM | 00,876,544 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe [05/28/2004 11:06 PM | 00,512,000 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe File not found
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [06/21/2004 11:13 PM | 00,684,032 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe [03/12/2004 12:45 AM | 00,368,640 | ---- | M] ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe [09/16/2005 01:34 AM | 00,733,184 | ---- | M] ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [06/21/2004 10:59 PM | 00,053,248 | ---- | M] ()
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [03/07/2006 12:02 AM | 00,036,903 | ---- | M] (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [04/13/2008 05:12 PM | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [11/03/2006 12:17 AM | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\1148964563\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1148964563\ee\aolsoftware.exe File not found
"C:\Program Files\Common Files\AOL\1148964563\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1148964563\ee\aim6.exe File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 03:35 PM | 00,067,112 | ---- | M] (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe [09/07/2007 04:01 PM | 00,043,008 | ---- | M] ()
"C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe [05/23/2008 11:52 AM | 01,138,688 | ---- | M] (Last.fm)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [03/30/2008 10:36 AM | 20,638,504 | ---- | M] (Apple Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe [07/18/2008 03:05 PM | 00,307,712 | ---- | M] (Mozilla Corporation)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 05:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 05:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 05:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 05:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
"DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [08/26/2008 10:11 AM | 00,352,256 | ---- | M] (SUPERAntiSpyware.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DllName" = C:\WINDOWS\system32\ati2evxx.dll [08/13/2005 02:30 PM | 00,046,080 | ---- | M] (ATI Technologies Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"DllName" = C:\WINDOWS\system32\WRLogonNtf.dll [01/04/2008 08:34 PM | 00,219,504 | ---- | M] (Webroot Software, Inc.)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" =
"hkey" = HKLM
"command" =
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 0

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{635CB000-08D0-4E37-8DB2-4E972AAFE41C}]
Servers: | Description: Wireless LAN PCI 802.11 b/g adapter WN5301A

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{6C341FF1-6575-4862-951B-D170AF804158}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{892900FC-9814-4488-99C0-81491C1EE93D}]
Servers: | Description: HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C28DD0D0-B27E-46B6-91D7-47E96DCF1134}]
Servers: 192.168.0.1 | Description: Realtek RTL8139/810x Family Fast Ethernet NIC

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{D4D49B3B-B5CD-42E4-910B-3351723505FB}]
Servers: | Description: 1394 Net Adapter

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[03/06/2006 11:58 PM | 00,000,100 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

AUTOEXEC.BAT []
[07/27/2001 03:07 PM | 00,000,000 | -HS- | M] () D:\AUTOEXEC.BAT [ FAT32 ]

Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[04/30/2004 07:01 AM | 00,000,053 | -HS- | M] () D:\Autorun.inf [ FAT32 ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1675143a-76bf-11dc-ac5d-0016173147e8}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1675143a-76bf-11dc-ac5d-0016173147e8}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1675143a-76bf-11dc-ac5d-0016173147e8}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e18fc80-b419-11dc-aca2-0016173147e8}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e18fc80-b419-11dc-aca2-0016173147e8}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e18fc80-b419-11dc-aca2-0016173147e8}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fecfd9e-5ef2-11db-aad4-0016173147e8}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fecfd9e-5ef2-11db-aad4-0016173147e8}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fecfd9e-5ef2-11db-aad4-0016173147e8}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{535c7a6e-7751-11db-aaff-0016173147e8}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{535c7a6e-7751-11db-aaff-0016173147e8}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{535c7a6e-7751-11db-aaff-0016173147e8}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55a9826a-f9d4-11da-aa45-0016173147e8}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55a9826a-f9d4-11da-aa45-0016173147e8}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55a9826a-f9d4-11da-aa45-0016173147e8}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7095ca70-62f4-11db-aadc-0016173147e8}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7095ca70-62f4-11db-aadc-0016173147e8}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7095ca70-62f4-11db-aadc-0016173147e8}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

===== Hosts File =====

HOSTS File = (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 60 days]
[08/24/2008 12:37 AM | 27,970,1503 | ---- | C] () - C:\STORY_OF_RICKY_SCN.ISO
[07/22/2008 07:45 AM | 00,009,696 | ---- | C] () - C:\WINDOWS\System32\dllcache\drvmain.sdb
[07/22/2008 07:45 AM | 00,790,846 | ---- | C] () - C:\WINDOWS\System32\dllcache\apph_sp.sdb
[07/22/2008 07:45 AM | 01,214,526 | ---- | C] () - C:\WINDOWS\System32\dllcache\sysmain.sdb
[07/22/2008 08:14 PM | 00,218,362 | ---- | C] () - C:\WINDOWS\System32\dllcache\apphelp.sdb
[07/22/2008 08:18 PM | 00,080,642 | ---- | C] () - C:\WINDOWS\System32\dllcache\apps.chm
[04/13/2008 05:11 PM | 00,003,135 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv08nt5.dll
[04/13/2008 05:11 PM | 00,003,615 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv05nt5.dll
[04/13/2008 05:11 PM | 00,003,647 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv07nt5.dll
[04/13/2008 05:11 PM | 00,003,711 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv09nt5.dll
[04/13/2008 05:11 PM | 00,003,775 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv11nt5.dll
[04/13/2008 05:11 PM | 00,003,967 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv02nt5.dll
[04/13/2008 05:11 PM | 00,004,255 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv01nt5.dll
[04/13/2008 05:11 PM | 00,011,359 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv02nt5.dll
[04/13/2008 05:11 PM | 00,014,143 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv06nt5.dll
[04/13/2008 05:11 PM | 00,015,423 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[04/13/2008 05:11 PM | 00,017,279 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv10nt5.dll
[04/13/2008 05:11 PM | 00,021,183 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv01nt5.dll
[04/13/2008 05:11 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv04nt5.dll
[04/13/2008 05:12 PM | 00,003,901 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\siint5.dll
[04/13/2008 05:12 PM | 00,011,325 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\vchnt5.dll
[04/13/2008 11:36 AM | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) - C:\WINDOWS\System32\drivers\sisagp.sys
[04/13/2008 11:36 AM | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) - C:\WINDOWS\System32\drivers\amdagp.sys
[07/17/2004 10:55 PM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[07/17/2004 11:35 AM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[07/17/2004 11:36 AM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod
[08/03/2004 10:29 PM | 00,011,295 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv08nt.sys
[08/03/2004 10:29 PM | 00,011,615 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1mdxx.sys
[08/03/2004 10:29 PM | 00,011,807 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv07nt.sys
[08/03/2004 10:29 PM | 00,011,871 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv09nt.sys
[08/03/2004 10:29 PM | 00,011,935 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv11nt.sys
[08/03/2004 10:29 PM | 00,012,047 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1pdxx.sys
[08/03/2004 10:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinmdxx.sys
[08/03/2004 10:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinttxx.sys
[08/03/2004 10:29 PM | 00,014,336 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinpdxx.sys
[08/03/2004 10:29 PM | 00,021,343 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1ttxx.sys
[08/03/2004 10:29 PM | 00,022,271 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv06nt.sys
[08/03/2004 10:29 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv10nt.sys
[08/03/2004 10:29 PM | 00,026,367 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1snxx.sys
[08/03/2004 10:29 PM | 00,028,672 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinsnxx.sys
[08/03/2004 10:29 PM | 00,029,455 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xbxx.sys
[08/03/2004 10:29 PM | 00,030,671 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1raxx.sys
[08/03/2004 10:29 PM | 00,031,744 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxbxx.sys
[08/03/2004 10:29 PM | 00,034,735 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xsxx.sys
[08/03/2004 10:29 PM | 00,036,463 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1tuxx.sys
[08/03/2004 10:29 PM | 00,052,224 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinraxx.sys
[08/03/2004 10:29 PM | 00,056,623 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1btxx.sys
[08/03/2004 10:29 PM | 00,057,856 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinbtxx.sys
[08/03/2004 10:29 PM | 00,063,488 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxsxx.sys
[08/03/2004 10:29 PM | 00,063,663 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1rvxx.sys
[08/03/2004 10:29 PM | 00,073,216 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atintuxx.sys
[08/03/2004 10:29 PM | 00,104,960 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinrvxx.sys
[08/03/2004 10:29 PM | 00,166,912 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\drivers\s3gnbm.sys
[08/03/2004 10:29 PM | 00,327,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtaa.sys
[08/03/2004 10:29 PM | 00,452,736 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\drivers\mtxparhm.sys
[08/03/2004 10:29 PM | 01,897,408 | ---- | C] (NVIDIA Corporation) - C:\WINDOWS\System32\drivers\nv4_mini.sys
[08/03/2004 10:41 PM | 00,011,868 | ---- | C] (Conexant) - C:\WINDOWS\System32\drivers\mdmxsdk.sys
[08/03/2004 10:41 PM | 00,013,240 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slwdmsup.sys
[08/03/2004 10:41 PM | 00,013,776 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\recagent.sys
[08/03/2004 10:41 PM | 00,095,424 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\

[Godjira]

(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [On_Demand | Stopped]
[08/03/2004 07:31 AM | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) - C:\WINDOWS\system32\drivers\RTL8139.sys

Well, that doesn't seem right. Shouldn't it be running?

[BHowett]

Hi Godjira,

That’s an old driver from 2004 if you look at the on right above it in the log you will see

(RTL8023xp) Realtek 10/100/1000 PCI NIC Family NDIS XP Driver [On_Demand | Running]
[02/25/2008 12:54 PM | 00,105,088 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtnicxp.sys

Witch is still Realtek and it appears to be more recent. It is in fact running so its fine

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  
  • C:\STORY_OF_RICKY_SCN.ISO
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

[Godjira]

Hi Godjira,

That’s an old driver from 2004 if you look at the on right above it in the log you will see

(RTL8023xp) Realtek 10/100/1000 PCI NIC Family NDIS XP Driver [On_Demand | Running]
[02/25/2008 12:54 PM | 00,105,088 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtnicxp.sys

Witch is still Realtek and it appears to be more recent. It is in fact running so its fine

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  
  • C:\STORY_OF_RICKY_SCN.ISO
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Oh, I know what that is. It's a file left over from me copying a movie called The Story of Ricky. It's not a virus I can assure you.

So is that the only thing that comes up as suspicious?

[BHowett]

Hi Godjira,

Oh, I know what that is. It's a file left over from me copying a movie called The Story of Ricky. It's not a virus I can assure you.

So is that the only thing that comes up as suspicious?

Just to make sure lets tidy up a bit, and run an online scan….

Upgrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u7-windows-i586-p.exe and select "Run as an Administrator.")

============================================================

Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

============================================================


Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

[Godjira]

One thing I noticed while scanning, my internet connection went down twice yet, my connection to the website was still active. Also, when I download something before the connection is lost, the download stays uninterrupted. It seems I do have a connection to the internet trickling out somehow.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, August 27, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, August 27, 2008 23:40:20
Records in database: 1152478
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 155076
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 06:10:24


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\137A4299.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jf 1

The selected area was scanned.

[BHowett]

Hi Godjira,

Well your system looks clean, the only thing KASPERSKY found is in your Norton AntiVirus Quarantine, so it’s no problem you can clean out you quarantine if you would like.

Since your system is clean of malware I believe your connection problem has to do with something else. Since it worked before you reset your router I think it has something to do with this.

The only thing I can think of is that I had to reset my router and set up my network from scratch. After that, my connection hasn't been the same.

Please post back in your other topic HERE and let them know you were cleared on the malware forum, but still having the problem. The Tech Staff should be able to point you in the right direction

===============================================

Now lets clean up a little,

Please close all windows and double click OTViewIt to open it.
Next click on the Clean Up button, this will remove some of the
tools we have used in the cleaning process.

===============================================

Reset your restore points

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

===============================================

This is my standard post for when you are clear - which you now are - or seem to be. Please advise me of any problems you still have. . I know you already have some of these items like antivirus or firewall, but I like to include them anyway incase you ever need them or want to change them.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

1.) Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read This Article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.

2.) Go to Intenet Explorer > Tools > Windows Update > Product Updates, and install ALL High-Priority Security Updates listed. If you're running Windows XP, that of course includes the Service Pack 2! If you suspect your computer is infected with Malware of any type, we advise you to not install SP2 if you don't already have it. You can post a HijackThis log on our Forums to get free Expert help cleaning your machine. Once you are sure you have a clean system, it is highly recommended to install SP2 to help prevent against future infections.

It's important to always keep current with the latest security fixes from Microsoft.
Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

3.) Open Intenet Explorer and go to Internet Options > Security > Internet, then press "Default Level", then OK. Now press "Custom Level." In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".

Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.

So why is ActiveX so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?

4.) Install Javacool's SpywareBlaster

It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.

Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer) Press "Enable All Protection", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so.

5.) Let's also not forget that Spybot Search & Destroy has the Immunize feature which works roughly the same way. Another feature within Spybot is the TeaTimer option. This option immediately detects known malicious processes wanting to start and terminates them. TeaTimer also detects when something wants to change some critical registry keys and gives you an option to allow them or not.

6.) Microsoft now offers their own free malicious software blocking tool. Windows Defender improves Internet browsing safety by guarding over fifty (50) ways spyware can enter your PC.

7.) Another excellent program by Javacool we recommend is SpywareGuard.
It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

8.) IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Another good hosts program is mvpshosts. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial.

*It is important to note that all of the above programs/files can be run simultaneously on your system. They will work together in layers, so to speak, to help protect your computer. However, the following suggestions are designed to only run one of each. It is not a good idea to run more than one firewall, and one anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other.*

9.) It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Three good ones that are freeware to boot are ZoneAlarm, Kerio and Sygate

10.) An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free A/V programs are AVG, Avast, and AntiVir. It's a good idea to set these to receive automatic updates so you are always as fully protected as possible from the newest virus threats.

NOTE: DO NOT install more than one anti-virus program. They will conflict, and provide less protection, not more.


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Thanks for letting us help you!

[BHowett]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.