Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help Im infected! [RESOLVED]

Started by hattrick1 , Aug 21 2008 12:37 PM

  • This topic is locked This topic is locked

#1
hattrick1
Posted 21 August 2008 - 12:37 PM

hattrick1

    Member

  • Member
  • PipPip
  • 45 posts
Here is my log.

Thanks!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:30 PM, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\RunOnce: [DefaultP17MIDI] MidiDef.Exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DefaultP17] P17Def.Exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DefaultP17MIDI] MidiDef.Exe (User 'Default user')
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

--
End of file - 3026 bytes
  • 0

Advertisements

#2
Egwene
Posted 26 August 2008 - 01:31 PM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello hattrick1 !

Welcome to the site! :) My name's Egwene and I'll be helping clean up your computer. :) I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format | Uncheck Word Wrap)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
  • 0

#3
hattrick1
Posted 26 August 2008 - 01:51 PM

hattrick1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi Egwene,

Thanks for the help!!!

Here is a new log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:15 PM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\RunOnce: [DefaultP17MIDI] MidiDef.Exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DefaultP17] P17Def.Exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DefaultP17MIDI] MidiDef.Exe (User 'Default user')
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

--
End of file - 3289 bytes
  • 0

#4
Egwene
Posted 26 August 2008 - 03:51 PM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey hattrick1,

We will do a deeper scan. And please answer to the following question : why did you post an HijackThis log in the malwares removal forum ? Do you have some problems with your computer which make you thought it caused by malware ?

Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum

Regards,
Egwene.
  • 0

#5
hattrick1
Posted 26 August 2008 - 04:20 PM

hattrick1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi Egwene,

I believe it to be spyware or malware because, I was playing a movie and it didnt have sound so I figured I needed another codec, well I googled codecs and went to the first sight and downloaded a couple of the latest ones.

Ever since I did that my pc has been acting sluggish and then I noticed I had a alert from my spyware telling me that something was trying to download onto my pc, and it mentioned a codec in the description.

At the time I didnt really put two and two to gether otherwise I would've read it more carefully.

The bootup time has been allot longer than usual also so that is why I suspect it....

Here are the logs;
OTViewIt logfile created on: 8/26/2008 4:56:43 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 64.19% Memory free
2.36 Gb Paging File | 2.10 Gb Available in Paging File | 88.99% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 4.39 Gb Free Space | 7.49% Space Free | Partition Type: NTFS
Drive D: | 12.11 Gb Total Space | 0.13 Gb Free Space | 1.05% Space Free | Partition Type: FAT32
Drive E: | 55.89 Gb Total Space | 51.86 Gb Free Space | 92.78% Space Free | Partition Type: NTFS
Drive F: | 489.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HT-P4
Current User Name: Jeff
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[10/29/2007 02:27 PM | 00,587,096 | ---- | M] (Lavasoft AB) - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[06/29/2007 12:38 AM | 00,312,880 | ---- | M] (GRISOFT s.r.o.) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
[06/10/2006 11:10 PM | 00,259,184 | ---- | M] (Computer Associates International, Inc.) - C:\Program Files\Yahoo!\Antivirus\iSafe.exe
[02/21/2006 04:38 PM | 00,002,560 | ---- | M] () - C:\WINDOWS\Runservice.exe
[05/16/2008 02:01 PM | 00,159,812 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[09/06/2007 04:24 PM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe
[06/10/2006 11:10 PM | 00,230,512 | ---- | M] (Computer Associates International, Inc.) - C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
[06/10/2006 11:10 PM | 00,185,456 | ---- | M] (Computer Associates International, Inc.) - C:\Program Files\Yahoo!\Antivirus\CAVRid.exe
[03/03/2006 03:18 PM | 00,200,704 | ---- | M] (Yahoo!, Inc.) - C:\Program Files\Yahoo!\browser\ycommon.exe
[07/21/2006 05:19 PM | 00,129,536 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\browser\ybrwicon.exe
[07/21/2006 11:43 AM | 00,407,032 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\YOP\yop.exe
[06/10/2006 11:10 PM | 00,201,840 | ---- | M] (Computer Associates International, Inc.) - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
[08/26/2008 04:55 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Jeff\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(aawservice) Ad-Aware 2007 Service [Auto | Running]
[10/29/2007 02:27 PM | 00,587,096 | ---- | M] (Lavasoft AB) - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Auto | Running]
[06/29/2007 12:38 AM | 00,312,880 | ---- | M] (GRISOFT s.r.o.) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

(CAISafe) CAISafe [Auto | Running]
[06/10/2006 11:10 PM | 00,259,184 | ---- | M] (Computer Associates International, Inc.) - C:\Program Files\Yahoo!\Antivirus\iSafe.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 02:56 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[04/04/2005 12:41 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

(LicCtrlService) LicCtrl Service [Auto | Running]
[02/21/2006 04:38 PM | 00,002,560 | ---- | M] () - C:\WINDOWS\Runservice.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[05/16/2008 02:01 PM | 00,159,812 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(PnkBstrA) PnkBstrA [Auto | Running]
[09/06/2007 04:24 PM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe

(VETMSGNT) VET Message Service [Auto | Running]
[06/10/2006 11:10 PM | 00,201,840 | ---- | M] (Computer Associates International, Inc.) - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

===== Driver Services - Non-Microsoft Only =====

(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [System | Running]
[06/29/2007 12:38 AM | 00,011,000 | ---- | M] () - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

(AvgAsCln) AVG Anti-Spyware Clean Driver [System | Running]
[09/05/2006 11:03 AM | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) - C:\WINDOWS\system32\drivers\AvgAsCln.sys

(catchme) catchme [On_Demand | Running]
File not found - C:\DOCUME~1\Jeff\LOCALS~1\Temp\catchme.sys

(ctljystk) Creative SBLive! Gameport [On_Demand | Stopped]
[08/17/2001 12:19 PM | 00,003,712 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctljystk.sys

(ctsfm2k) Creative SoundFont Management Device Driver [On_Demand | Running]
[01/10/2005 06:15 PM | 00,138,752 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctsfm2k.sys

(dmboot) dmboot [Disabled | Stopped]
[08/04/2004 01:07 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) dmio [Disabled | Stopped]
[08/04/2004 01:07 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Disabled | Stopped]
[03/31/2003 07:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(emu10k) Creative SB Live! (WDM) [On_Demand | Stopped]
[08/17/2001 07:19 AM | 00,283,904 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\emu10k1m.sys

(emu10k1) Creative Interface Manager Driver (WDM) [On_Demand | Stopped]
[08/17/2001 07:19 AM | 00,006,912 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctlfacem.sys

(FA312) NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver [On_Demand | Stopped]
[08/17/2001 07:12 AM | 00,016,074 | ---- | M] (NETGEAR Corp.) - C:\WINDOWS\system32\drivers\FA312nd5.sys

(HWiNFO32) HWiNFO32 Kernel Driver [Auto | Running]
[03/05/2007 07:14 PM | 00,008,064 | ---- | M] (REALiX™) - C:\Program Files\HWiNFO32\HWiNFO32.SYS

(nv) nv [On_Demand | Running]
[05/16/2008 02:01 PM | 06,557,408 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(ossrv) Creative OS Services Driver [On_Demand | Running]
[01/10/2005 06:15 PM | 00,106,496 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctoss2k.sys

(P17) SB Live! 24-bit [On_Demand | Running]
[06/15/2007 10:47 AM | 01,127,936 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\P17.sys

(papycpu2) papycpu2 [System | Running]
[01/17/2003 04:59 AM | 00,001,984 | ---- | M] () - C:\WINDOWS\system32\drivers\papycpu2.sys

(papyjoy) papyjoy [System | Running]
[01/17/2003 04:59 AM | 00,001,856 | ---- | M] () - C:\WINDOWS\system32\drivers\papyjoy.sys

(pavboot) pavboot [Boot | Running]
[06/19/2008 05:24 PM | 00,028,544 | ---- | M] (Panda Security, S.L.) - C:\WINDOWS\system32\drivers\pavboot.sys

(pfc) Padus ASPI Shell [On_Demand | Running]
[03/29/2006 09:49 AM | 00,009,856 | ---- | M] (Padus, Inc.) - C:\WINDOWS\system32\drivers\pfc.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[03/31/2003 07:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[07/23/2008 11:50 AM | 00,043,528 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\PxHelp20.sys

(SASDIFSV) SASDIFSV [System | Running]
[10/10/2006 12:53 PM | 00,005,632 | ---- | M] () - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys

(SASENUM) SASENUM [On_Demand | Stopped]
[02/16/2006 04:51 PM | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

(SASKUTIL) SASKUTIL [System | Running]
[02/27/2007 11:39 AM | 00,032,256 | ---- | M] () - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

(SDTHOOK) SDTHOOK [On_Demand | Stopped]
[06/05/2007 11:56 AM | 00,044,928 | ---- | M] (Panda Software) - C:\WINDOWS\system32\drivers\SDTHOOK.SYS

(Secdrv) Secdrv [Auto | Running]
[11/13/2007 05:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(sfman) Creative SoundFont Manager Driver (WDM) [On_Demand | Stopped]
[08/17/2001 07:19 AM | 00,036,480 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\sfmanm.sys

(TVICHW32) TVICHW32 [On_Demand | Stopped]
[08/22/2008 10:06 PM | 00,023,600 | ---- | M] (EnTech Taiwan) - C:\WINDOWS\system32\drivers\TVICHW32.SYS

(USB200M) Linksys USB 2.0 Network Adapter ver.2 [On_Demand | Running]
[04/21/2005 01:30 AM | 00,018,048 | R--- | M] (Linksys) - C:\WINDOWS\system32\drivers\USB200M2.sys

(VET-FILT) VET File System Filter [System | Running]
[06/10/2006 11:10 PM | 00,021,031 | ---- | M] (Computer Associates International, Inc.) - C:\WINDOWS\System32\drivers\Vet-Filt.sys

(VET-REC) VET File System Recognizer [System | Running]
[06/10/2006 11:10 PM | 00,015,478 | ---- | M] (Computer Associates International, Inc.) - C:\WINDOWS\System32\drivers\Vet-Rec.sys

(VETEBOOT) VET Boot Scan Engine [On_Demand | Running]
[07/23/2007 08:19 AM | 00,108,360 | ---- | M] (Computer Associates International, Inc.) - C:\WINDOWS\System32\drivers\VetEBoot.sys

(VETEFILE) VET File Scan Engine [System | Running]
[07/23/2007 08:19 AM | 00,879,832 | ---- | M] (Computer Associates International, Inc.) - C:\WINDOWS\System32\drivers\VetEFile.sys

(VETFDDNT) VET Floppy Boot Sector Monitor [System | Running]
[06/10/2006 11:10 PM | 00,015,735 | ---- | M] (Computer Associates International, Inc.) - C:\WINDOWS\System32\drivers\VetFDDNT.sys

(VETMONNT) VET File Monitor [System | Running]
[07/31/2006 08:26 AM | 00,026,787 | ---- | M] (Computer Associates International, Inc.) - C:\WINDOWS\System32\drivers\vetmonnt.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CaAvTray" = "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [06/10/2006 11:10 PM | 00,230,512 | ---- | M] (Computer Associates International, Inc.)
"CAVRID" = "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [06/10/2006 11:10 PM | 00,185,456 | ---- | M] (Computer Associates International, Inc.)
"CTSysVol" = C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r [09/17/2003 10:43 AM | 00,057,344 | ---- | M] (Creative Technology Ltd)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [05/16/2008 02:01 PM | 13,529,088 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [05/16/2008 02:01 PM | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install [05/16/2008 02:01 PM | 01,630,208 | ---- | M] ()
"P17Helper" = Rundll32 P17.dll,P17Helper [05/03/2005 07:38 PM | 00,064,512 | ---- | M] ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [02/06/2008 06:37 PM | 21,898,024 | R--- | M] (Skype Technologies S.A.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

[Jeff Startup Folder - C:\Documents and Settings\Jeff\Start Menu\Programs\Startup]

===== BHO's =====

===== Toolbars =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [09/29/2006 01:53 PM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoDrives" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

===== Desktop Components =====

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 02:56 AM | 00,140,800 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 02:56 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"c:\Program Files\Yahoo!\Messenger\YPager.exe" = c:\Program Files\Yahoo!\Messenger\YPager.exe File not found
"c:\Program Files\Yahoo!\Messenger\yserver.exe" = c:\Program Files\Yahoo!\Messenger\yserver.exe File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 11:24 AM | 01,694,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe [08/04/2004 02:56 AM | 01,032,192 | ---- | M] (Microsoft Corporation)
"C:\Program Files\EA SPORTS\Madden NFL 2005\updater.exe" = C:\Program Files\EA SPORTS\Madden NFL 2005\updater.exe File not found
"C:\Program Files\CMBB\Barbarossa to Berlin.exe" = C:\Program Files\CMBB\Barbarossa to Berlin.exe [05/01/2003 01:31 AM | 07,918,592 | ---- | M] ()
"C:\Program Files\SSI\Fighting Steel\FightingSteel.exe" = C:\Program Files\SSI\Fighting Steel\FightingSteel.exe File not found
"C:\Program Files\SSI\Silent Hunter II\Shell\SH2.exe" = C:\Program Files\SSI\Silent Hunter II\Shell\SH2.exe File not found
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe [08/04/2004 02:56 AM | 00,018,432 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\browser\ybrowser.exe" = C:\Program Files\Yahoo!\browser\ybrowser.exe [08/11/2006 08:53 PM | 00,668,184 | ---- | M] (Yahoo!, Inc.)
"C:\Program Files\Railroad Tycoon 3\RT3.exe" = C:\Program Files\Railroad Tycoon 3\RT3.exe File not found
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe [08/04/2004 02:56 AM | 00,030,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Paradox Interactive\Doomsday\HoI2.exe" = C:\Program Files\Paradox Interactive\Doomsday\HoI2.exe [03/28/2007 05:14 PM | 03,825,724 | ---- | M] (Paradox Interactive)
"C:\Matrix Games\Highway to the Reich\HTTR.exe" = C:\Matrix Games\Highway to the Reich\HTTR.exe File not found
"C:\Program Files\HPS Simulations\Campaign Waterloo\cpw.exe" = C:\Program Files\HPS Simulations\Campaign Waterloo\cpw.exe [03/07/2007 11:05 AM | 00,774,144 | ---- | M] ()
"C:\Program Files\JowooD\Panzer Elite Action - Dunes of War Mulitplayer Demo\pea.exe" = C:\Program Files\JowooD\Panzer Elite Action - Dunes of War Mulitplayer Demo\pea.exe File not found
"C:\Program Files\Battlefront\Combat Mission Afrika Korps\CM Afrika Korps.exe" = C:\Program Files\Battlefront\Combat Mission Afrika Korps\CM Afrika Korps.exe [11/20/2004 09:32 AM | 09,717,860 | ---- | M] ()
"C:\Program Files\Muzzy Lane Software\Making_History_2_0\bin\makehist.exe" = C:\Program Files\Muzzy Lane Software\Making_History_2_0\bin\makehist.exe File not found
"C:\Program Files\HPS Simulations\Market-Garden '44\MarketGarden44.exe" = C:\Program Files\HPS Simulations\Market-Garden '44\MarketGarden44.exe [05/07/2007 09:42 AM | 00,983,040 | ---- | M] ()
"C:\Program Files\Global Star\Age of Sail II\privateer.exe" = C:\Program Files\Global Star\Age of Sail II\privateer.exe File not found
"C:\Program Files\2K Games\Links 2003\LinksMMIII.exe" = C:\Program Files\2K Games\Links 2003\LinksMMIII.exe [02/07/2005 06:10 PM | 05,197,824 | ---- | M] (Microsoft Corporation)
"C:\Program Files\HPS Simulations\Campaign Gettysburg\cpg.exe" = C:\Program Files\HPS Simulations\Campaign Gettysburg\cpg.exe [08/01/2007 04:52 PM | 00,733,184 | ---- | M] ()
"C:\Program Files\EA Games\Command and Conquer Generals\patchget.dat" = C:\Program Files\EA Games\Command and Conquer Generals\patchget.dat File not found
"C:\Program Files\Atari-Infogrames\Dead Man's Hand\System\DMH.exe" = C:\Program Files\Atari-Infogrames\Dead Man's Hand\System\DMH.exe File not found
"C:\Matrix Games\John Tiller's Campaign Series\JTCSUpdate.exe" = C:\Matrix Games\John Tiller's Campaign Series\JTCSUpdate.exe [11/20/2006 02:58 PM | 00,456,192 | ---- | M] ()
"C:\Program Files\Pando Networks\Pando\pando.exe" = C:\Program Files\Pando Networks\Pando\pando.exe File not found
"C:\Matrix Games\John Tiller's Campaign Series\East Front\ef.exe" = C:\Matrix Games\John Tiller's Campaign Series\East Front\ef.exe [08/01/2008 10:45 AM | 01,085,440 | ---- | M] ()
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\steam.exe [03/28/2008 04:10 PM | 01,271,032 | ---- | M] (Valve Corporation)
"C:\Program Files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe" = C:\Program Files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe [03/20/2008 03:35 PM | 00,217,088 | ---- | M] ()
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe [09/06/2007 04:24 PM | 00,066,872 | ---- | M] ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe [04/25/2008 09:39 PM | 00,107,832 | ---- | M] ()
"C:\WINDOWS\system32\svchost.exe" = C:\WINDOWS\system32\svchost.exe [12/24/2007 12:31 AM | 00,014,336 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\npm.exe" = C:\WINDOWS\system32\npm.exe File not found
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe" = C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe [08/04/2004 02:56 AM | 00,768,512 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe [02/06/2008 06:37 PM | 21,898,024 | R--- | M] (Skype Technologies S.A.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 05:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\SYSTEM32\Userinit.exe" - [08/04/2004 02:56 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 02:56 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/25/2007 10:36 PM | 08,454,656 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 02:56 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DllName" = File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"DllName" = File not found

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====
Unable to open key or key not present!


===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{173982C5-9546-4B60-962E-BFFDA5456B33}]
Servers: | Description: Motorola SURFboard SB5120 USB Cable Modem

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{3A27479A-13AF-42DC-83E9-5D87C577281B}]
Servers: | Description: Motorola SURFboard SB5120 USB Cable Modem

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{900A091C-1CB4-4FA6-8047-A24BBB116496}]
Servers: | Description: NETGEAR FA311 Fast Ethernet Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{AAB1C135-F780-4095-9C2E-3538232D8D87}]
Servers: | Description: Linksys USB 2.0 Network Adapter ver.2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{BE84AEE3-7BE0-427C-978B-9415BF3383E2}]
Servers: | Description: NETGEAR FA311 Fast Ethernet Adapter

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[11/21/2005 09:17 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

autorun.inf [[autorun] | OPEN=install.exe Campaign Waterloo | ICON=npb.ico | ]
[04/30/2000 06:06 PM | 00,000,061 | R--- | M] () F:\autorun.inf [ CDFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab183891-5ac6-11da-8dfb-806d6172696f}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab183891-5ac6-11da-8dfb-806d6172696f}\Shell\AutoRun]
"" = Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun]
"" = Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
"" = F:\install.exe [03/07/1999 03:09 PM | 00,121,344 | R--- | M] ()

===== Hosts File =====

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 30 days]
[06/19/2008 05:24 PM | 00,028,544 | ---- | C] (Panda Security, S.L.) - C:\WINDOWS\System32\drivers\pavboot.sys
[07/23/2008 11:50 AM | 00,009,336 | ---- | C] (Sonic Solutions) - C:\WINDOWS\System32\drivers\cdr4_xp.sys
[07/23/2008 11:50 AM | 00,009,464 | ---- | C] (Sonic Solutions) - C:\WINDOWS\System32\drivers\cdralw2k.sys
[07/23/2008 11:50 AM | 00,043,528 | ---- | C] (Sonic Solutions) - C:\WINDOWS\System32\drivers\PxHelp20.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/22/2008 10:06 PM | 00,023,600 | ---- | C] (EnTech Taiwan) - C:\WINDOWS\System32\drivers\TVICHW32.SYS
[04/01/2003 07:38 PM | 00,000,692 | ---- | C] () - C:\WINDOWS\System32\USBAudio.cpl.manifest
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[07/23/2008 11:50 AM | 00,064,760 | ---- | C] (Sonic Solutions) - C:\WINDOWS\System32\pxinsa64.exe
[07/23/2008 11:50 AM | 00,066,296 | ---- | C] (Sonic Solutions) - C:\WINDOWS\System32\pxcpya64.exe
[07/23/2008 11:50 AM | 00,072,440 | ---- | C] (Sonic Solutions) - C:\WINDOWS\System32\pxhpinst.exe
[07/23/2008 11:50 AM | 00,088,824 | ---- | C] (Sonic Solutions) - C:\WINDOWS\System32\vxblock.dll
[07/23/2008 11:50 AM | 00,118,520 | ---- | C] (Sonic Solutions) - C:\WINDOWS\System32\pxinsi64.exe
[07/23/2008 11:50 AM | 00,120,056 | ---- | C] (Sonic Solutions) - C:\WINDOWS\System32\pxcpyi64.exe
[07/23/2008 11:50 AM | 00,129,784 | ---- | C] (Sonic Solutions) - C:\WINDOWS\System32\pxafs.dll
[07/23/2008 11:50 AM | 00,187,128 | ---- | C] (Sonic Solutions) - C:\WINDOWS\System32\pxmas.dll
[07/23/2008 11:50 AM | 00,379,640 | ---- | C] (Sonic Solutions) - C:\WINDOWS\System32\pxwave.dll
[07/23/2008 11:50 AM | 00,518,904 | ---- | C] (Sonic Solutions) - C:\WINDOWS\System32\pxdrv.dll
[07/23/2008 11:50 AM | 00,551,672 | ---- | C] (Sonic Solutions) - C:\WINDOWS\System32\px.dll
[07/23/2008 11:50 AM | 01,628,920 | ---- | C] (Sonic Solutions) - C:\WINDOWS\System32\pxsfs.dll
[07/26/2005 05:46 PM | 00,192,512 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\USBAudio.cpl
[07/27/2004 10:27 AM | 00,143,360 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\USBAudio.crl
[07/28/2008 06:40 AM | 01,003,520 | ---- | C] (Gabest) - C:\WINDOWS\System32\VSFilter.dll
[08/22/2008 09:48 PM | ---D | C] - C:\WINDOWS\System32\Data
[08/22/2008 09:49 PM | 00,409,600 | ---- | C] (Creative Labs) - C:\WINDOWS\System32\wrap_oal.dll
[08/22/2008 09:50 PM | 00,001,381 | ---- | C] () - C:\WINDOWS\System32\Device Control.lnk
[08/23/2005 12:46 PM | 00,045,636 | ---- | C] () - C:\WINDOWS\System32\usbaudio.chm
[08/08/2008 02:38 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/08/2008 02:38 PM | ---D | C] - C:\Documents and Settings\Jeff\Application Data\Malwarebytes
[08/14/2008 02:23 AM | ---D | C] - C:\Documents and Settings\Jeff\Application Data\vlc
[08/06/2008 05:07 PM | ---D | C] - C:\Documents and Settings\Jeff\Local Settings\Application Data\Apple
[08/22/2008 10:06 PM | ---D | C] - C:\Documents and Settings\Jeff\Local Settings\Application Data\TouchStoneSoftware
[08/08/2008 02:38 PM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/14/2008 02:16 AM | 00,000,719 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[08/15/2008 09:39 PM | 00,000,634 | ---- | C] () - C:\Documents and Settings\Jeff\Desktop\Wars in America.lnk
[08/20/2008 10:53 PM | 01,486,224 | ---- | C] () - C:\Documents and Settings\Jeff\Desktop\SmitfraudFix.exe
[08/21/2008 01:32 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\Jeff\Desktop\HijackThis.lnk
[08/21/2008 12:06 AM | ---D | C] - C:\Documents and Settings\Jeff\Desktop\SmitfraudFix
[08/24/2008 09:59 PM | 34,560,582 | ---- | C] () - C:\Documents and Settings\Jeff\Desktop\Basic_Mission.avi
[08/26/2008 04:41 PM | 00,102,152 | ---- | C] () - C:\Documents and Settings\Jeff\Desktop\!JeffvsAl LIGNY.ZIP
[08/26/2008 04:55 PM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\Jeff\Desktop\OTViewIt.exe
[08/08/2008 02:38 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/08/2008 11:50 AM | ---D | C] - C:\Program Files\Panda Security
[08/14/2008 02:16 AM | ---D | C] - C:\Program Files\VideoLAN
[08/17/2008 06:30 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/20/2008 09:39 PM | ---D | C] - C:\Program Files\XP Codec Pack
[08/21/2008 01:32 PM | ---D | C] - C:\Program Files\Trend Micro
[08/23/2008 11:59 PM | ---D | C] - C:\Program Files\Wars in America

[Files/Folders - Modified Within 30 days]
[08/15/2008 10:39 AM | -HSD | M] - C:\System Volume Information
[08/21/2008 01:32 PM | ---D | M] - C:\Program Files
[08/24/2008 11:28 AM | 01,417,602 | ---- | M] () - C:\SDFix.exe
[08/25/2008 07:20 PM | ---D | M] - C:\WINDOWS
[08/25/2008 09:40 PM | ---D | M] - C:\SDFix
[08/07/2008 05:59 PM | 00,000,686 | ---- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080807-183140.backup
[08/25/2008 09:03 PM | 00,000,686 | ---- | M] () - C:\WINDOWS\System32\drivers\etc\HOSTS
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/22/2008 10:06 PM | 00,023,600 | ---- | M] (EnTech Taiwan) - C:\WINDOWS\System32\drivers\TVICHW32.SYS
[08/25/2008 09:03 PM | ---D | M] - C:\WINDOWS\System32\drivers\etc
[07/28/2008 06:40 AM | 01,003,520 | ---- | M] (Gabest) - C:\WINDOWS\System32\VSFilter.dll
[08/06/2008 05:26 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/06/2008 10:23 PM | ---D | M] - C:\WINDOWS\System32\DRVSTORE
[08/15/2008 10:39 AM | ---D | M] - C:\WINDOWS\System32\Restore
[08/20/2008 11:49 PM | 00,001,908 | ---- | M] () - C:\WINDOWS\System32\tmp.reg
[08/22/2008 09:48 PM | ---D | M] - C:\WINDOWS\System32\Data
[08/22/2008 09:49 PM | 00,114,688 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) - C:\WINDOWS\System32\OpenAL32.dll
[08/22/2008 09:49 PM | 00,409,600 | ---- | M] (Creative Labs) - C:\WINDOWS\System32\wrap_oal.dll
[08/22/2008 09:50 PM | 00,001,381 | ---- | M] () - C:\WINDOWS\System32\Device Control.lnk
[08/22/2008 09:57 PM | 00,002,552 | ---- | M] () - C:\WINDOWS\System32\settings.sfm
[08/22/2008 09:57 PM | 00,002,552 | ---- | M] () - C:\WINDOWS\System32\settingsbkup.sfm
[08/22/2008 10:18 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/22/2008 10:18 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/23/2008 11:57 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/25/2008 09:30 PM | 00,012,598 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/25/2008 10:09 PM | 00,180,652 | ---- | M] () - C:\WINDOWS\System32\nvapps.xml
[08/26/2008 02:54 AM | 00,005,017 | -HS- | M] () - C:\WINDOWS\System32\mmf.sys
[08/06/2008 10:24 PM | --SD | M] - C:\WINDOWS\Tasks
[08/06/2008 12:30 PM | ---D | M] - C:\WINDOWS\Registration
[08/09/2008 12:41 PM | -HSD | M] - C:\WINDOWS\Installer
[08/15/2008 03:05 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/17/2008 11:33 AM | ---D | M] - C:\WINDOWS\Debug
[08/18/2008 12:56 PM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[08/22/2008 10:06 PM | -H-D | M] - C:\WINDOWS\inf
[08/22/2008 10:18 PM | ---D | M] - C:\WINDOWS\Help
[08/22/2008 10:21 PM | ---D | M] - C:\WINDOWS\nview
[08/22/2008 10:21 PM | ---D | M] - C:\WINDOWS\system32
[08/25/2008 07:13 PM | ---D | M] - C:\WINDOWS\CAVTemp
[08/25/2008 09:19 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/25/2008 10:10 PM | ---D | M] - C:\WINDOWS\temp
[08/26/2008 04:56 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/25/2008 09:20 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/06/2008 10:30 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Apple Computer
[08/08/2008 02:38 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/25/2008 07:16 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/06/2008 03:24 PM | ---D | M] - C:\Documents and Settings\Jeff\Application Data\DivX
[08/08/2008 02:38 PM | ---D | M] - C:\Documents and Settings\Jeff\Application Data\Malwarebytes
[08/14/2008 02:23 AM | ---D | M] - C:\Documents and Settings\Jeff\Application Data\vlc
[08/17/2008 09:01 PM | ---D | M] - C:\Documents and Settings\Jeff\Application Data\OpenOffice.org2
[08/25/2008 10:09 PM | ---D | M] - C:\Documents and Settings\Jeff\Application Data\skypePM
[08/25/2008 10:10 PM | ---D | M] - C:\Documents and Settings\Jeff\Application Data\Skype
[08/06/2008 05:07 PM | ---D | M] - C:\Documents and Settings\Jeff\Local Settings\Application Data\Apple
[08/22/2008 10:06 PM | ---D | M] - C:\Documents and Settings\Jeff\Local Settings\Application Data\TouchStoneSoftware
[08/23/2008 07:19 PM | 00,221,184 | ---- | M] () - C:\Documents and Settings\Jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/08/2008 02:38 PM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/14/2008 02:16 AM | 00,000,719 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[08/16/2008 08:11 PM | 00,002,257 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Skype.lnk
[08/15/2008 09:39 PM | 00,000,634 | ---- | M] () - C:\Documents and Settings\Jeff\Desktop\Wars in America.lnk
[08/20/2008 10:53 PM | 01,486,224 | ---- | M] () - C:\Documents and Settings\Jeff\Desktop\SmitfraudFix.exe
[08/21/2008 01:32 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\Jeff\Desktop\HijackThis.lnk
[08/21/2008 12:06 AM | ---D | M] - C:\Documents and Settings\Jeff\Desktop\SmitfraudFix
[08/24/2008 09:59 PM | 34,560,582 | ---- | M] () - C:\Documents and Settings\Jeff\Desktop\Basic_Mission.avi
[08/26/2008 04:41 PM | 00,102,152 | ---- | M] () - C:\Documents and Settings\Jeff\Desktop\!JeffvsAl LIGNY.ZIP
[08/26/2008 04:55 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Jeff\Desktop\OTViewIt.exe
[08/08/2008 02:38 PM | ---D | M] - C:\Program Files\Common Files\Download Manager

< End of report >
  • 0

#6
hattrick1
Posted 26 August 2008 - 04:23 PM

hattrick1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
OTViewIt Extras logfile created on: 8/26/2008 4:56:43 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 64.19% Memory free
2.36 Gb Paging File | 2.10 Gb Available in Paging File | 88.99% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 4.39 Gb Free Space | 7.49% Space Free | Partition Type: NTFS
Drive D: | 12.11 Gb Total Space | 0.13 Gb Free Space | 1.05% Space Free | Partition Type: FAT32
Drive E: | 55.89 Gb Total Space | 51.86 Gb Free Space | 92.78% Space Free | Partition Type: NTFS
Drive F: | 489.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = YBrowser.HTML] - [08/11/2006 08:53 PM | 00,668,184 | ---- | M] (Yahoo!, Inc.) - C:\Program Files\Yahoo!\browser\ybrowser.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00D15456-F679-4AD4-8BD2-56450D4C3F72}" = WarRock
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36A16C77-45DD-42B5-BC28-5CA7379FC803}" = HPS Campaign Waterloo
"{554309DC-45CF-4133-A209-FDEDEE06F274}" = HPS Market-Garden '44
"{5A040A21-FA9D-11D3-B345-0050DAD5EC65}" = HPS Campaign Gettysburg
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{69464949-AD9C-4C98-933F-C32FFC86F3C8}" = Doomsday
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{734BB64A-5A3D-4624-867D-6358B7068496}" = Sound Blaster Live! 24-bit
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86E24A00-A59A-11D3-B344-00500417F684}" = HPS Kharkov '42
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{ACC2E059-40E9-4464-B18D-C9BDD9A02CED}" = NASCAR® Racing 2003 Season
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C88CF0-B617-4658-8F84-C4E847FBC9F7}" = Microsoft Managed DirectX (1126)
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C3A51900-EF77-11D3-8163-00A0D21B1713}" = Battle Of Britain
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"AGEod's American Civil War_is1" = AACW patch 1.10c
"Anglo-German War 39-45 ver1.2" = Anglo-German War 39-45 ver1.2
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"Batch Thumbs_is1" = Batch Thumbs V1.4
"Boilsoft Video Splitter_is1" = Boilsoft Video Splitter 5.01
"CCleaner" = CCleaner (remove only)
"Combat Mission Afrika Korps v1.0_is1" = Combat Mission Afrika Korps
"Combat Mission Shock Force_is1" = Combat Mission Shock Force
"Device Control" = Device Control
"Download Manager" = Download Manager 2.3.6
"DriverAgent.exe" = DriverAgent by TouchStone Software
"EAXSet" = Creative EAX Settings
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Guns of August1.00" = Guns of August
"Hearts of Iron 2 Doomsday_is1" = Hearts of Iron 2 Doomsday Armageddon Patch 1.0a
"HijackThis" = HijackThis 2.0.2
"HWiNFO32_is1" = HWiNFO32 Version 1.73
"IL-2 Sturmovik" = IL-2 Sturmovik
"IrfanView" = IrfanView (remove only)
"John Tiller's Campaign Series1.00" = John Tiller's Campaign Series
"KB873339" = Windows XP Hotfix - KB873339
"KB885250" = Windows XP Hotfix - KB885250
"KB885835" = Windows XP Hotfix - KB885835
"KB885836" = Windows XP Hotfix - KB885836
"KB886185" = Windows XP Hotfix - KB886185
"KB887472" = Windows XP Hotfix - KB887472
"KB887742" = Windows XP Hotfix - KB887742
"KB888113" = Windows XP Hotfix - KB888113
"KB888302" = Windows XP Hotfix - KB888302
"KB890046" = Security Update for Windows XP (KB890046)
"KB890859" = Windows XP Hotfix - KB890859
"KB891781" = Windows XP Hotfix - KB891781
"KB893066" = Security Update for Windows XP (KB893066)
"KB893756" = Security Update for Windows XP (KB893756)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB896358" = Security Update for Windows XP (KB896358)
"KB896422" = Security Update for Windows XP (KB896422)
"KB896423" = Security Update for Windows XP (KB896423)
"KB896424" = Security Update for Windows XP (KB896424)
"KB896428" = Security Update for Windows XP (KB896428)
"KB896688" = Security Update for Windows XP (KB896688)
"KB898461" = Update for Windows XP (KB898461)
"KB899587" = Security Update for Windows XP (KB899587)
"KB899591" = Security Update for Windows XP (KB899591)
"KB900485" = Update for Windows XP (KB900485)
"KB900725" = Security Update for Windows XP (KB900725)
"KB901017" = Security Update for Windows XP (KB901017)
"KB901214" = Security Update for Windows XP (KB901214)
"KB902400" = Security Update for Windows XP (KB902400)
"KB904706" = Security Update for Windows XP (KB904706)
"KB905414" = Security Update for Windows XP (KB905414)
"KB905749" = Security Update for Windows XP (KB905749)
"KB905915" = Security Update for Windows XP (KB905915)
"KB908519" = Security Update for Windows XP (KB908519)
"KB908531" = Security Update for Windows XP (KB908531)
"KB910437" = Update for Windows XP (KB910437)
"KB911280" = Security Update for Windows XP (KB911280)
"KB911562" = Security Update for Windows XP (KB911562)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 10 (KB911565)
"KB911567" = Security Update for Windows XP (KB911567)
"KB911927" = Security Update for Windows XP (KB911927)
"KB912812" = Security Update for Windows XP (KB912812)
"KB912919" = Security Update for Windows XP (KB912919)
"KB913446" = Security Update for Windows XP (KB913446)
"KB913580" = Security Update for Windows XP (KB913580)
"KB914388" = Security Update for Windows XP (KB914388)
"KB914389" = Security Update for Windows XP (KB914389)
"KB916281" = Security Update for Windows XP (KB916281)
"KB916595" = Update for Windows XP (KB916595)
"KB917159" = Security Update for Windows XP (KB917159)
"KB917344" = Security Update for Windows XP (KB917344)
"KB917422" = Security Update for Windows XP (KB917422)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB917953" = Security Update for Windows XP (KB917953)
"KB918118" = Security Update for Windows XP (KB918118)
"KB918439" = Security Update for Windows XP (KB918439)
"KB918899" = Security Update for Windows XP (KB918899)
"KB919007" = Security Update for Windows XP (KB919007)
"KB920213" = Security Update for Windows XP (KB920213)
"KB920214" = Security Update for Windows XP (KB920214)
"KB920670" = Security Update for Windows XP (KB920670)
"KB920683" = Security Update for Windows XP (KB920683)
"KB920685" = Security Update for Windows XP (KB920685)
"KB920872" = Update for Windows XP (KB920872)
"KB921398" = Security Update for Windows XP (KB921398)
"KB921503" = Security Update for Windows XP (KB921503)
"KB921883" = Security Update for Windows XP (KB921883)
"KB922582" = Update for Windows XP (KB922582)
"KB922616" = Security Update for Windows XP (KB922616)
"KB922760" = Security Update for Windows XP (KB922760)
"KB922819" = Security Update for Windows XP (KB922819)
"KB923191" = Security Update for Windows XP (KB923191)
"KB923414" = Security Update for Windows XP (KB923414)
"KB923694" = Security Update for Windows XP (KB923694)
"KB923980" = Security Update for Windows XP (KB923980)
"KB924191" = Security Update for Windows XP (KB924191)
"KB924270" = Security Update for Windows XP (KB924270)
"KB924496" = Security Update for Windows XP (KB924496)
"KB924667" = Security Update for Windows XP (KB924667)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925454" = Security Update for Windows XP (KB925454)
"KB925486" = Security Update for Windows XP (KB925486)
"KB925902" = Security Update for Windows XP (KB925902)
"KB926239" = Hotfix for Windows XP (KB926239)
"KB926255" = Security Update for Windows XP (KB926255)
"KB926436" = Security Update for Windows XP (KB926436)
"KB927779" = Security Update for Windows XP (KB927779)
"KB927802" = Security Update for Windows XP (KB927802)
"KB927891" = Update for Windows XP (KB927891)
"KB928090" = Security Update for Windows XP (KB928090)
"KB928255" = Security Update for Windows XP (KB928255)
"KB928843" = Security Update for Windows XP (KB928843)
"KB929123" = Security Update for Windows XP (KB929123)
"KB929338" = Update for Windows XP (KB929338)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB929969" = Security Update for Windows XP (KB929969)
"KB930178" = Security Update for Windows XP (KB930178)
"KB930916" = Update for Windows XP (KB930916)
"KB931261" = Security Update for Windows XP (KB931261)
"KB931768" = Security Update for Windows XP (KB931768)
"KB931784" = Security Update for Windows XP (KB931784)
"KB931836" = Update for Windows XP (KB931836)
"KB932168" = Security Update for Windows XP (KB932168)
"KB933360" = Update for Windows XP (KB933360)
"KB933566" = Security Update for Windows XP (KB933566)
"KB933729" = Security Update for Windows XP (KB933729)
"KB935839" = Security Update for Windows XP (KB935839)
"KB935840" = Security Update for Windows XP (KB935840)
"KB936021" = Security Update for Windows XP (KB936021)
"KB936357" = Update for Windows XP (KB936357)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB937143" = Security Update for Windows XP (KB937143)
"KB938127" = Security Update for Windows XP (KB938127)
"KB938828" = Update for Windows XP (KB938828)
"KB938829" = Security Update for Windows XP (KB938829)
"KB939653" = Security Update for Windows XP (KB939653)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941202" = Security Update for Windows XP (KB941202)
"KB941568" = Security Update for Windows XP (KB941568)
"KB941569" = Security Update for Windows XP (KB941569)
"KB941644" = Security Update for Windows XP (KB941644)
"KB941693" = Security Update for Windows XP (KB941693)
"KB942615" = Security Update for Windows XP (KB942615)
"KB942763" = Update for Windows XP (KB942763)
"KB942840" = Update for Windows XP (KB942840)
"KB943055" = Security Update for Windows XP (KB943055)
"KB943460" = Security Update for Windows XP (KB943460)
"KB943485" = Security Update for Windows XP (KB943485)
"KB944338" = Security Update for Windows XP (KB944338)
"KB944533" = Security Update for Windows XP (KB944533)
"KB944653" = Security Update for Windows XP (KB944653)
"KB945553" = Security Update for Windows XP (KB945553)
"KB946026" = Security Update for Windows XP (KB946026)
"KB946627" = Update for Windows XP (KB946627)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864" = Security Update for Windows XP (KB947864)
"KB948590" = Security Update for Windows XP (KB948590)
"KB948881" = Security Update for Windows XP (KB948881)
"KB950749" = Security Update for Windows XP (KB950749)
"KB950759" = Security Update for Windows XP (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838" = Security Update for Windows XP (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"Links 2003 v1.05 (Downloadable Version)" = Links 2003 v1.05 (Downloadable Version) (remove only)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MPEG Splitter_is1" = MPEG Splitter version 2.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Napoleon's Campaigns_is1" = NCP patch 1.04b
"NVIDIA Drivers" = NVIDIA Drivers
"On To Rome for Battles for Italy" = On To Rome for Battles for Italy
"Out of the Park Baseball 6" = Out of the Park Baseball 6
"Out of the Park Baseball 6.51a" = Out of the Park Baseball 6.51a
"Panda ActiveScan" = Panda ActiveScan
"PlayGATE Setup" = PlayGATE Setup
"PocketMixer" = PocketMixer
"Power Sound Editor Free_is1" = Power Sound Editor Free v5.9.6
"PunkBusterSvc" = PunkBuster Services
"Railroad Tycoon II" = Railroad Tycoon II
"Railroad Tycoon II - The Second Century" = Railroad Tycoon II - The Second Century
"Registry First Aid_is1" = Registry First Aid
"SBC.MCCInstall" = AT&T Self Support Tool
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SPEAKER" = Creative Speaker Settings
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Steam App 1200" = Red Orchestra
"SysInfo" = Creative System Information
"TalonSoft's West Front" = TalonSoft's West Front
"TalonSoft's West Front Battle Pack 1" = TalonSoft's West Front Battle Pack 1
"The Operational Art of War III3.0.0.12" = The Operational Art of War III
"Thunder at Sea V1.00" = Thunder at Sea V1.00
"VLC media player" = VideoLAN VLC media player 0.8.6i
"War in Europe for Italy" = War in Europe for Italy
"WarInThePacificv100" = War in the Pacific v1.00
"Wars in America_is1" = Wars in America 1.01d
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinGimp-2.0_is1" = The GIMP 2.2.11
"WinGTK-2_is1" = GTK+ 2.8.18-1 runtime environment
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"x264 Revision 532 x264.nl" = x264 Revision 532 x264.nl (remove only)
"XP Codec Pack" = XP Codec Pack
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Toolbar" = Yahoo! Toolbar

===== Uninstall List =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"a038fb24d62a375d" = Paradox Interactive Launcher
"Steam App 1200" = Red Orchestra

===== Winsock2 Catalogs =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
Protocol_Catalog9\Catalog_Entries\000000000001 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000002 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000003 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000004 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000005 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000006 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000007 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000008 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000009 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000010 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000011 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000012 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000013 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000014 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000015 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000016 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000017 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000018 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000019 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000020 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000021 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000022 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll
Protocol_Catalog9\Catalog_Entries\000000000023 - [06/10/2006 11:10 PM | 00,074,864 | ---- | M] (Computer Associates International, Inc.) C:\WINDOWS\system32\VetRedir.dll

===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Handlers =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM - IEProtocolHandler Class]
[02/06/2008 06:37 PM | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll

===== Protocol Filters =====

< End of report >

THanks!!!
  • 0

#7
Egwene
Posted 27 August 2008 - 06:59 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey hattrick1,

Nothing bad in your logs, so we will run an online scan with Kaspersky :)

1) Uninstall one program :

Please go Start > Control Panel > Add/Remove Programs and remove the following (if present):

* Java™ 6 Update 4

2) Run Kaspersky Online :

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Regards,
Egwene.
  • 0

#8
hattrick1
Posted 27 August 2008 - 11:08 AM

hattrick1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi Egwene,

The kaspersky web scanner is coming back telling me I dont have Java verions 1.5, but I go to the jave sight and it tells me I have the latests verson.


Sorry right now I am unable to do the scan, what do you suggest?

Yes I deleted the java 6 update 4.

If the Kaspersky lab comes up with nothing also, is it possible for you to PLEASE tell me the best way to remove all my codecs from my pc making sure there is no evidence left over in the registry?

THanks again Egwene!
  • 0

#9
Egwene
Posted 27 August 2008 - 01:29 PM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey hattrick1,

Try this :)

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Regards,
Egwene.
  • 0

#10
hattrick1
Posted 27 August 2008 - 06:51 PM

hattrick1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi Egwene, :)

Here is the log...


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3393 (20080827)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=0c457ec8ffcc1d4091d01d0f5d017a89
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-08-27 11:22:35
# local_time=2008-08-27 06:22:35 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=727122
# found=1
# scan_time=12106
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GX2VS12J\findo2[1].exe a variant of Win32/Agent.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000
  • 0

#11
Egwene
Posted 28 August 2008 - 05:51 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey hattrick1,

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html

***

Congralutations, your log looks clean :)

STEP 1

Please Download OTcleanIT (OldTimer) : http://download.blee...r/OTCleanIt.exe

Open it and double-click on the "CleanUp" boutton.

STEP 2

Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.

* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* Check Turn off System Restore.
* Click Apply, and then click OK.


Restart your computer.

Turn ON System Restore.

* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* UN-Check Turn off System Restore.
* Click Apply, and then click OK.

System Restore will now be active again.

STEP 3

Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows

* Click Start.
* Select Settings and then Control Panel.
* Select Automatic Updates.
* Click Automatic (recommended)
* Choose a day and a time when you know the computer will be on and connected to the internet.
* Click Apply then OK.

STEP 4

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Regards,
Egwene.
  • 0

#12
hattrick1
Posted 28 August 2008 - 01:40 PM

hattrick1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi Egwene,


Ok I did everything you suggested, after the first bootup I noticed a difference and tested it out, it seemed better but not normal, also ever since I have been having this problem I see on bootup two blue squares one on the lower left corner where my start button is and one in the lower right hand corner where my clock is. They appears for like three seconds and then it gives me my clock and the start button.


Now bootup time was still long but there was no blue squares, I thought it was gone, but then after awhile my hardrive was acting up, I got worried and rebooted and sure enough the blue squares our back and I am sure I am back to the original problem.


What else can I do, this is affecting the performance of my pc. :)

I dont want to take up any more of youre time but would like to know what you suggest, I believe there is still something on here, why its not showing malware I dont know, but it is there.

It was like it was almost completely gone but there was still parts left over....

WHat else can I do to search find and kill it, I believe it was almost dead when the blue squares were gone.

Thanks for youre help!! :)
  • 0

#13
Egwene
Posted 28 August 2008 - 02:54 PM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey hattrick1,

Your PC is clean, no malwares on its and there is nothing else we can do :)

Regards,
Egwene.

Edited by Egwene, 28 August 2008 - 02:54 PM.

  • 0

#14
Rorschach112
Posted 28 August 2008 - 05:23 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP