Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Audio pop ups and Spam windows popping up randomly [RESOLVED]


  • This topic is locked This topic is locked

#16
jacknsherr

jacknsherr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Momentary lapse of reason.... I am so confused with all the multi-tasking.... :)

Anyway.... here's the OTmoveIT2 file:

Explorer killed successfully
C:\WINDOWS\System32\ba614MPs.exe.a_a moved successfully.
C:\WINDOWS\System32\ba614MPs.exe moved successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e21-b1d5-11dc-831e-000fea36508b} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e21-b1d5-11dc-831e-000fea36508b}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e22-b1d5-11dc-831e-000fea36508b} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e22-b1d5-11dc-831e-000fea36508b}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14bd8f9f-9ab9-11db-82c0-000fea36508b} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14bd8f9f-9ab9-11db-82c0-000fea36508b}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3834b87d-4f08-11dd-8367-000fea36508b} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3834b87d-4f08-11dd-8367-000fea36508b}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{448ad726-65a8-11dd-8371-000fea36508b} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{448ad726-65a8-11dd-8371-000fea36508b}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{779abd93-2efc-11db-8289-000fea36508b} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{779abd93-2efc-11db-8289-000fea36508b}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b46a34a-7513-11da-823b-000fea36508b} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b46a34a-7513-11da-823b-000fea36508b}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d4ac78-6499-11dd-8370-000fea36508b} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d4ac78-6499-11dd-8370-000fea36508b}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc34a5a4-2dde-11dd-8352-000fea36508b} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc34a5a4-2dde-11dd-8352-000fea36508b}\\ deleted successfully.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\Perflib_Perfdata_cf8.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFB6A5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_644.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08262008_134709

Files moved on Reboot...
File C:\DOCUME~1\user\LOCALS~1\Temp\Perflib_Perfdata_cf8.dat not found!
C:\DOCUME~1\user\LOCALS~1\Temp\~DFB6A5.tmp moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_644.dat moved successfully.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!


I will supplement this with re-runs on the viewit files. I seriously can't find the ones that I just ran!!!!!
  • 0

Advertisements


#17
jacknsherr

jacknsherr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here is the latest OTViewit file:

OTViewIt logfile created on: 8/26/2008 2:04:26 PM - Run 4
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\user\Desktop\virus thing
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 173.04 Mb Available Physical Memory | 33.83% Memory free
1.22 Gb Paging File | 0.87 Gb Available in Paging File | 71.74% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 58.39 Gb Free Space | 78.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 136.44 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-88A1E09A42
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[07/19/2008 09:25 AM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[07/19/2008 09:38 AM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
[10/19/2007 02:19 PM | 00,141,848 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
[05/14/2004 02:47 AM | 00,067,072 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\SOUNDMAN.EXE
[07/27/2004 05:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation) - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[10/25/2007 05:33 PM | 00,563,984 | ---- | M] () - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[10/25/2007 05:37 PM | 02,178,832 | ---- | M] () - C:\Program Files\Logitech\QuickCam\Quickcam.exe
[03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[07/19/2008 09:38 AM | 00,078,008 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[12/18/2007 08:47 PM | 08,720,384 | ---- | M] () - C:\Program Files\MySpace\IM\MySpaceIM.exe
[10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[11/11/2004 06:53 PM | 00,016,448 | ---- | M] (ewido networks) - C:\Program Files\ewido\security suite\ewidoctrl.exe
[09/24/2003 10:00 AM | 00,073,728 | ---- | M] (Iomega Corporation) - C:\Program Files\Iomega\System32\AppServices.exe
[11/17/1996 12:00 AM | 00,051,984 | ---- | M] () - C:\Program Files\Microsoft Office\Office\OSA.EXE
[10/19/2007 02:17 PM | 00,186,904 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[09/30/2004 12:35 AM | 00,127,043 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[07/19/2008 09:38 AM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[07/23/2008 09:25 AM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[10/19/2007 02:17 PM | 00,186,904 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[12/18/2007 08:47 PM | 08,720,384 | ---- | M] () - C:\Program Files\MySpace\IM\MySpaceIM.exe
[10/25/2007 05:32 PM | 00,407,824 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
[07/17/2008 01:38 PM | 07,667,312 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
[08/26/2008 09:49 AM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\user\Desktop\virus thing\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(aswUpdSv) avast! iAVS4 Control Service [Auto | Running]
[07/19/2008 09:25 AM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

(avast! Antivirus) avast! Antivirus [Auto | Running]
[07/19/2008 09:38 AM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe

(avast! Mail Scanner) avast! Mail Scanner [On_Demand | Running]
[07/19/2008 09:38 AM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

(avast! Web Scanner) avast! Web Scanner [On_Demand | Running]
[07/23/2008 09:25 AM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 07:00 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(ewido security suite control) ewido security suite control [Auto | Running]
[11/11/2004 06:53 PM | 00,016,448 | ---- | M] (ewido networks) - C:\Program Files\ewido\security suite\ewidoctrl.exe

(ewido security suite guard) ewido security suite guard [Disabled | Stopped]
[09/25/2005 01:55 PM | 00,163,904 | ---- | M] (ewido networks) - C:\Program Files\ewido\security suite\ewidoguard.exe

(gusvc) Google Updater Service [On_Demand | Stopped]
[08/19/2008 03:01 PM | 00,138,168 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(HP Port Resolver) HP Port Resolver [On_Demand | Stopped]
[05/20/2005 11:37 AM | 00,081,920 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

(HP Status Server) HP Status Server [On_Demand | Stopped]
[10/16/2004 06:31 AM | 00,073,728 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[04/04/2005 01:41 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

(Iomega Activity Disk2) Iomega Activity Disk2 [Disabled | Stopped]
[08/26/2008 01:56 PM | ---D | M] - .

(Iomega App Services) Iomega App Services [Auto | Running]
[09/24/2003 10:00 AM | 00,073,728 | ---- | M] (Iomega Corporation) - C:\Program Files\Iomega\System32\AppServices.exe

(iPod Service) iPod Service [On_Demand | Running]
[03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(LVCOMSer) LVCOMSer [Auto | Running]
[10/19/2007 02:17 PM | 00,186,904 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

(LVPrcSrv) Process Monitor [Auto | Running]
[10/19/2007 02:19 PM | 00,141,848 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

(LVSrvLauncher) LVSrvLauncher [Auto | Stopped]
[10/19/2007 02:21 PM | 00,141,848 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[09/30/2004 12:35 AM | 00,127,043 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(PavPrSrv) Panda Process Protection Service [Auto | Stopped]
File not found - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

===== Driver Services - Non-Microsoft Only =====

(Aavmker4) avast! Asynchronous Virus Monitor [System | Running]
[07/19/2008 09:32 AM | 00,026,944 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys

(ALCXSENS) Service for WDM 3D Audio Driver [On_Demand | Running]
[02/23/2004 10:08 PM | 00,400,384 | ---- | M] (Sensaura) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running]
[05/14/2004 10:24 AM | 00,622,172 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS

(ASPI32) ASPI32 [System | Running]
[07/17/2002 08:53 AM | 00,016,877 | ---- | M] (Adaptec) - C:\WINDOWS\System32\drivers\Aspi32.sys

(aswFsBlk) aswFsBlk [Auto | Running]
[07/19/2008 09:37 AM | 00,020,560 | ---- | M] (ALWIL Software) - C:\WINDOWS\system32\drivers\aswFsBlk.sys

(aswMon2) avast! Standard Shield Support [Auto | Running]
[07/19/2008 09:37 AM | 00,094,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys

(aswRdr) aswRdr [On_Demand | Running]
[07/19/2008 09:33 AM | 00,023,152 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys

(aswSP) avast! Self Protection [System | Running]
[07/19/2008 09:35 AM | 00,078,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys

(aswTdi) avast! Network Shield Support [System | Running]
[07/19/2008 09:32 AM | 00,042,912 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys

(dmboot) dmboot [Disabled | Stopped]
[08/04/2004 07:00 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[08/04/2004 07:00 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[08/04/2004 07:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(DumaNT) NVIDIA Stereo Helper Service [System | Running]
[11/18/2002 04:29 PM | 00,399,700 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\dumant.sys

(ewido security suite driver) ewido security suite driver [System | Running]
[11/22/2004 09:15 AM | 00,003,072 | ---- | M] () - C:\Program Files\ewido\security suite\guard.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(GMSIPCI) GMSIPCI [On_Demand | Stopped]
File not found - D:\INSTALL\GMSIPCI.SYS

(IndiAvIn) TDK INDI AV-IN USB Device [On_Demand | Stopped]
[11/16/2002 07:03 PM | 00,086,016 | ---- | M] (Emuzed, Inc.) - C:\WINDOWS\system32\drivers\IndiAvIn.sys

(Intels51) Intel® 536EP V.92 Modem [On_Demand | Running]
[05/10/2002 08:31 AM | 00,633,220 | R--- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\Intels51.sys

(iomdisk) Iomega Devices Disk Filter Services [Boot | Running]
[09/24/2003 10:00 AM | 00,032,658 | ---- | M] (Iomega Corporation) - C:\WINDOWS\system32\drivers\IomDisk.sys

(iteraid) ITERAID_Service_Install [Boot | Running]
[02/25/2004 03:46 AM | 00,024,827 | R--- | M] (Integrated Technology Express, Inc.) - C:\WINDOWS\system32\drivers\iteraid.sys

(LVcKap) Logitech AEC Driver [On_Demand | Running]
[10/19/2007 02:16 PM | 02,109,976 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\Lvckap.sys

(LVMVDrv) Logitech Machine Vision Engine Loader [On_Demand | Stopped]
[10/11/2007 07:59 PM | 02,142,488 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVMVdrv.sys

(LVPr2Mon) Logitech LVPr2Mon Driver [On_Demand | Running]
[10/11/2007 07:59 PM | 00,025,624 | ---- | M] () - C:\WINDOWS\system32\drivers\LVPr2Mon.sys

(LVUSBSta) Logitech USB Monitor Filter [On_Demand | Running]
[10/11/2007 09:00 PM | 00,041,752 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVUSBSta.sys

(motmodem) Motorola USB CDC ACM Driver [On_Demand | Stopped]
[06/18/2007 02:18 PM | 00,023,680 | ---- | M] (Motorola) - C:\WINDOWS\system32\drivers\motmodem.sys

(nv) nv [On_Demand | Running]
[09/30/2004 12:35 AM | 02,743,840 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(nv_agp) NVIDIA nForce AGP Bus Filter [Boot | Running]
[03/19/2003 02:51 AM | 00,018,688 | R--- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv_agp.SYS

(PavProc) Panda Process Protection Driver [Auto | Stopped]
File not found - C:\WINDOWS\system32\DRIVERS\PavProc.sys

(pepifilter) Volume Adapter [On_Demand | Running]
[10/11/2007 08:55 PM | 00,013,848 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lv302af.sys

(PID_PEPI) Logitech QuickCam IM(PID_PEPI) [On_Demand | Running]
[10/11/2007 08:55 PM | 01,279,000 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LV302V32.SYS

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 07:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[11/17/2005 11:19 AM | 00,020,640 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\PxHelp20.sys

(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [On_Demand | Running]
[12/30/2003 10:58 PM | 00,069,504 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtlnic51.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 05:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(ShldDrv) Panda File Shield Driver [System | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys

(SI3112r) Silicon Image SiI 3512 SATARaid Controller [Boot | Running]
[05/30/2003 03:05 AM | 00,089,610 | R--- | M] (Silicon Image, Inc) - C:\WINDOWS\system32\drivers\SI3112r.sys

(SiFilter) SATALink driver accelerator [Boot | Running]
[02/11/2003 11:37 PM | 00,009,600 | R--- | M] (Silicon Image, Inc.) - C:\WINDOWS\system32\drivers\SiWinAcc.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!" = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [07/19/2008 09:38 AM | 00,078,008 | ---- | M] (ALWIL Software)
"Cleanup" = C:\DOCUME~1\user\LOCALS~1\Temp\2008822162431_mcappins.exe /v=3 /cleanup File not found
"ISUSPM Startup" = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [07/27/2004 05:50 PM | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [07/27/2004 05:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.)
"LogitechCommunicationsManager" = "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 05:33 PM | 00,563,984 | ---- | M] ()
"LogitechQuickCamRibbon" = "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide [10/25/2007 05:37 PM | 02,178,832 | ---- | M] ()
"msci" = C:\DOCUME~1\user\LOCALS~1\Temp\2008822162422_mcinfo.exe /insfin File not found
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [09/30/2004 12:35 AM | 04,603,904 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [09/30/2004 12:35 AM | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install [09/30/2004 12:35 AM | 00,921,600 | ---- | M] (NVIDIA Corporation)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [03/28/2008 11:37 PM | 00,413,696 | ---- | M] (Apple Inc.)
"SoundMan" = SOUNDMAN.EXE [05/14/2004 02:47 AM | 00,067,072 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6" = File not found
"MySpaceIM" = C:\Program Files\MySpace\IM\MySpaceIM.exe [12/18/2007 08:47 PM | 08,720,384 | ---- | M] ()
"updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 [03/30/2006 04:45 PM | 00,313,472 | R--- | M] (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[09/23/2005 10:05 PM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[user Startup Folder - C:\Documents and Settings\user\Start Menu\Programs\Startup]
[11/17/1996 12:00 AM | 00,111,376 | ---- | M] () - C:\Documents and Settings\user\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
[11/17/1996 12:00 AM | 00,051,984 | ---- | M] () - C:\Documents and Settings\user\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [12/18/2006 04:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: () - [05/31/2005 01:04 AM | 00,853,672 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
HKLM CLSID: (Google Toolbar Helper) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (&Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 07:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [11/03/2006 02:17 AM | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 03:35 PM | 00,067,112 | ---- | M] (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 07:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 07:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [11/03/2006 02:17 AM | 00,010,800 | ---- | M] (AOL LLC)
"C:\WINDOWS\system32\urprhaaun.exe" = C:\WINDOWS\system32\urprhaaun.exe File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 11:24 AM | 01,694,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe [10/31/2005 10:56 AM | 00,700,416 | ---- | M] (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\iexplore.exe [06/23/2008 04:20 AM | 00,625,664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe [09/29/2006 09:00 PM | 00,043,520 | ---- | M] ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 03:35 PM | 00,067,112 | ---- | M] (America Online, Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 07:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\WinBej2.exe" = C:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\WinBej2.exe [11/18/2004 04:26 PM | 01,566,721 | ---- | M] (PopCap.com)
"C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe [01/03/2008 11:15 AM | 00,050,528 | ---- | M] (AOL LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [03/30/2008 10:36 AM | 20,638,504 | ---- | M] (Apple Inc.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe [12/18/2007 08:47 PM | 08,720,384 | ---- | M] ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe [12/07/2007 04:08 PM | 21,686,568 | R--- | M] (Skype Technologies S.A.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 05:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 07:00 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 07:00 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 07:00 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====
Unable to open key or key not present!


===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{7A4455E7-1E22-4CAB-B4F0-51FF2DCDE3CD}]
Servers: | Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{9B410874-7B7D-40FE-9EA6-F06094BD1DEC}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C4A502C0-106A-4D1B-ACB1-7F86FE35522F}]
Servers: | Description:

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[07/15/2005 04:42 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

===== MountPoints2 =====

===== Hosts File =====

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 30 days]
[08/20/2008 08:39 AM | --SD | C] - C:\Microsoft
[08/26/2008 01:49 PM | 53,639,9872 | -HS- | C] () - C:\hiberfil.sys
[08/26/2008 09:30 AM | ---D | C] - C:\_OTMoveIt
[01/17/2008 11:34 AM | 00,093,264 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon.sys
[07/19/2008 09:32 AM | 00,026,944 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys
[07/19/2008 09:32 AM | 00,042,912 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys
[07/19/2008 09:33 AM | 00,023,152 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys
[07/19/2008 09:35 AM | 00,078,416 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys
[07/19/2008 09:37 AM | 00,020,560 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswFsBlk.sys
[07/19/2008 09:37 AM | 00,094,416 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[01/09/2004 04:13 AM | 00,380,928 | ---- | C] () - C:\WINDOWS\System32\actskin4.ocx
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javacpl.cpl
[06/10/2008 02:32 AM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[07/19/2008 09:30 AM | 00,094,392 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\AvastSS.scr
[07/19/2008 09:43 AM | 01,163,960 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\aswBoot.exe
[08/26/2008 01:03 PM | ---D | C] - C:\WINDOWS\System32\CatRoot_bak
[08/26/2008 01:46 PM | ---D | C] - C:\WINDOWS\ERDNT
[08/19/2008 03:01 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Google
[08/21/2008 06:32 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/19/2008 03:29 PM | ---D | C] - C:\Documents and Settings\user\Application Data\Google
[08/21/2008 06:32 PM | ---D | C] - C:\Documents and Settings\user\Application Data\Malwarebytes
[08/16/2008 02:41 AM | 00,022,016 | ---- | C] () - C:\Documents and Settings\user\My Documents\For an occasion such as this.doc
[08/21/2008 10:12 PM | 00,001,709 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[08/21/2008 06:31 PM | 00,128,368 | ---- | C] (Digital River) - C:\Documents and Settings\user\Desktop\Download_mbam-setup.exe
[08/26/2008 01:56 PM | ---D | C] - C:\Documents and Settings\user\Desktop\virus thing
[08/21/2008 06:20 PM | ---D | C] - C:\Program Files\Common Files\Panda Software
[08/21/2008 06:31 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/21/2008 10:11 PM | ---D | C] - C:\Program Files\Alwil Software
[08/22/2008 04:27 PM | ---D | C] - C:\Program Files\Trend Micro
[08/22/2008 11:36 AM | ---D | C] - C:\Program Files\ERUNT
[08/26/2008 09:26 AM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/26/2008 12:07 PM | ---D | C] - C:\Program Files\Sun

[Files/Folders - Modified Within 30 days]
[08/20/2008 08:39 AM | --SD | M] - C:\Microsoft
[08/22/2008 04:27 PM | R--D | M] - C:\Program Files
[08/26/2008 01:44 PM | -H-D | M] - C:\Config.Msi
[08/26/2008 01:49 PM | 53,639,9872 | -HS- | M] () - C:\hiberfil.sys
[08/26/2008 09:30 AM | ---D | M] - C:\_OTMoveIt
[08/26/2008 11:36 AM | ---D | M] - C:\WINDOWS
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/11/2008 02:39 AM | 00,052,764 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/11/2008 02:39 AM | 00,380,350 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/11/2008 02:39 AM | 00,438,700 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/21/2008 10:12 PM | 00,002,626 | ---- | M] () - C:\WINDOWS\System32\CONFIG.NT
[08/22/2008 04:10 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/22/2008 11:05 AM | ---D | M] - C:\WINDOWS\System32\config
[08/26/2008 01:03 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/26/2008 01:03 PM | ---D | M] - C:\WINDOWS\System32\CatRoot_bak
[08/26/2008 01:47 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/26/2008 01:49 PM | 00,002,422 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/26/2008 01:49 PM | 00,007,883 | ---- | M] () - C:\WINDOWS\System32\nvapps.xml
[08/26/2008 09:26 AM | ---D | M] - C:\WINDOWS\System32\drivers
[08/14/2008 03:03 AM | ---D | M] - C:\WINDOWS\ie7updates
[08/14/2008 03:06 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/15/2008 04:53 PM | 00,000,832 | ---- | M] () - C:\WINDOWS\win.ini
[08/15/2008 04:54 PM | 00,294,912 | ---- | M] () - C:\WINDOWS\outlook.pst
[08/22/2008 11:19 AM | ---D | M] - C:\WINDOWS\Debug
[08/26/2008 01:03 PM | -H-D | M] - C:\WINDOWS\inf
[08/26/2008 01:44 PM | -HSD | M] - C:\WINDOWS\Installer
[08/26/2008 01:45 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/26/2008 01:46 PM | ---D | M] - C:\WINDOWS\ERDNT
[08/26/2008 01:47 PM | ---D | M] - C:\WINDOWS\system32
[08/26/2008 01:49 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/26/2008 01:49 PM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/26/2008 01:50 PM | ---D | M] - C:\WINDOWS\Temp
[08/26/2008 11:36 AM | --SD | M] - C:\WINDOWS\Tasks
[08/20/2008 11:44 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/26/2008 01:49 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/19/2008 03:01 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Google
[08/21/2008 01:08 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/21/2008 06:32 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/22/2008 04:24 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\McAfee.com
[08/26/2008 11:27 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Viewpoint
[08/18/2008 09:18 AM | ---D | M] - C:\Documents and Settings\user\Application Data\BitTorrent
[08/19/2008 03:29 PM | ---D | M] - C:\Documents and Settings\user\Application Data\Google
[08/21/2008 06:32 PM | ---D | M] - C:\Documents and Settings\user\Application Data\Malwarebytes
[08/26/2008 08:00 AM | ---D | M] - C:\Documents and Settings\user\Application Data\skypePM
[08/26/2008 08:59 AM | ---D | M] - C:\Documents and Settings\user\Application Data\Skype
[08/26/2008 11:27 AM | ---D | M] - C:\Documents and Settings\user\Application Data\Viewpoint
[08/19/2008 03:29 PM | ---D | M] - C:\Documents and Settings\user\Local Settings\Application Data\Google
[08/21/2008 01:05 PM | 03,755,134 | -H-- | M] () - C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[08/25/2008 11:39 AM | 00,098,304 | ---- | M] () - C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/08/2008 05:58 PM | R--D | M] - C:\Documents and Settings\All Users\Documents\My Music
[08/16/2008 02:41 AM | 00,022,016 | ---- | M] () - C:\Documents and Settings\user\My Documents\For an occasion such as this.doc
[08/21/2008 10:12 PM | 00,001,709 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[08/26/2008 09:12 AM | 00,002,137 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[08/26/2008 12:59 AM | 00,002,257 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Skype.lnk
[08/21/2008 06:31 PM | 00,128,368 | ---- | M] (Digital River) - C:\Documents and Settings\user\Desktop\Download_mbam-setup.exe
[08/25/2008 01:44 AM | 00,002,445 | ---- | M] () - C:\Documents and Settings\user\Desktop\Logitech QuickCam.lnk
[08/26/2008 01:56 PM | ---D | M] - C:\Documents and Settings\user\Desktop\virus thing
[08/21/2008 06:20 PM | ---D | M] - C:\Program Files\Common Files\Panda Software
[08/21/2008 06:31 PM | ---D | M] - C:\Program Files\Common Files\Download Manager

< End of report >
  • 0

#18
jacknsherr

jacknsherr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
And, finally, the EXTRAS file (verified as the most current!!!!)

OTViewIt Extras logfile created on: 8/26/2008 2:04:26 PM - Run 4
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\user\Desktop\virus thing
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 173.04 Mb Available Physical Memory | 33.83% Memory free
1.22 Gb Paging File | 0.87 Gb Available in Paging File | 71.74% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 58.39 Gb Free Space | 78.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 136.44 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = FirefoxHTML] - [07/17/2008 01:38 PM | 07,667,312 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java™ SE Development Kit 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}" = Adobe Flash Player 9 ActiveX
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F1C5D75-E232-4C2B-A394-E5FB7FBB3D66}" = Sonic Foundry Sound Forge 6.0d
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C53CCE8A-8DEE-4E2C-8A4D-425F0FF70471}" = Iomega DVD Wizard
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB1507A-AAEA-4778-AC4B-DD5EAB1A961E}" = Iomega HotBurn Pro
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AIM_6" = AIM 6
"AoA DVD Ripper_is1" = AoA DVD Ripper
"AoA MP4 Converter_is1" = AoA MP4 Converter
"AOL Instant Messenger" = AOL Instant Messenger
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"BitTorrent" = BitTorrent 4.24.0
"CCleaner" = CCleaner (remove only)
"Cucusoft DVD to iPod + iPod Video Converter Suite_is1" = Cucusoft DVD to iPod + iPod Video Converter Suite 6.1.5.15
"Cucusoft DVD to iPod Converter_is1" = Cucusoft DVD to iPod Converter 6.01
"Cucusoft iPod Video Converter_is1" = Cucusoft iPod Video Converter 3.16
"DVD Audio Extractor_is1" = DVD Audio Extractor 4.1.1
"Enable S3 for USB Device" = Enable S3 for USB Device
"ERUNT_is1" = ERUNT 1.1j
"ewidosecuritysuite" = ewido security suite
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"KB873333" = Windows XP Hotfix - KB873333
"KB873339" = Windows XP Hotfix - KB873339
"KB885250" = Windows XP Hotfix - KB885250
"KB885835" = Windows XP Hotfix - KB885835
"KB885836" = Windows XP Hotfix - KB885836
"KB886185" = Windows XP Hotfix - KB886185
"KB887472" = Windows XP Hotfix - KB887472
"KB887742" = Windows XP Hotfix - KB887742
"KB888113" = Windows XP Hotfix - KB888113
"KB888302" = Windows XP Hotfix - KB888302
"KB890046" = Security Update for Windows XP (KB890046)
"KB890859" = Windows XP Hotfix - KB890859
"KB891781" = Windows XP Hotfix - KB891781
"KB893066" = Security Update for Windows XP (KB893066)
"KB893086" = Windows XP Hotfix - KB893086
"KB893756" = Security Update for Windows XP (KB893756)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB894391" = Update for Windows XP (KB894391)
"KB896358" = Security Update for Windows XP (KB896358)
"KB896422" = Security Update for Windows XP (KB896422)
"KB896423" = Security Update for Windows XP (KB896423)
"KB896424" = Security Update for Windows XP (KB896424)
"KB896428" = Security Update for Windows XP (KB896428)
"KB896688" = Security Update for Windows XP (KB896688)
"KB896727" = Update for Windows XP (KB896727)
"KB898461" = Update for Windows XP (KB898461)
"KB899587" = Security Update for Windows XP (KB899587)
"KB899588" = Security Update for Windows XP (KB899588)
"KB899589" = Security Update for Windows XP (KB899589)
"KB899591" = Security Update for Windows XP (KB899591)
"KB900485" = Update for Windows XP (KB900485)
"KB900725" = Security Update for Windows XP (KB900725)
"KB901017" = Security Update for Windows XP (KB901017)
"KB901214" = Security Update for Windows XP (KB901214)
"KB902400" = Security Update for Windows XP (KB902400)
"KB904706" = Security Update for Windows XP (KB904706)
"KB904942" = Update for Windows XP (KB904942)
"KB905414" = Security Update for Windows XP (KB905414)
"KB905749" = Security Update for Windows XP (KB905749)
"KB905915" = Security Update for Windows XP (KB905915)
"KB908519" = Security Update for Windows XP (KB908519)
"KB908531" = Security Update for Windows XP (KB908531)
"KB910437" = Update for Windows XP (KB910437)
"KB911280" = Security Update for Windows XP (KB911280)
"KB911562" = Security Update for Windows XP (KB911562)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 10 (KB911565)
"KB911567" = Security Update for Windows XP (KB911567)
"KB911927" = Security Update for Windows XP (KB911927)
"KB912812" = Security Update for Windows XP (KB912812)
"KB912919" = Security Update for Windows XP (KB912919)
"KB913446" = Security Update for Windows XP (KB913446)
"KB913580" = Security Update for Windows XP (KB913580)
"KB914388" = Security Update for Windows XP (KB914388)
"KB914389" = Security Update for Windows XP (KB914389)
"KB914440" = Hotfix for Windows XP (KB914440)
"KB915865" = Hotfix for Windows XP (KB915865)
"KB916281" = Security Update for Windows XP (KB916281)
"KB916595" = Update for Windows XP (KB916595)
"KB917159" = Security Update for Windows XP (KB917159)
"KB917344" = Security Update for Windows XP (KB917344)
"KB917422" = Security Update for Windows XP (KB917422)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB917953" = Security Update for Windows XP (KB917953)
"KB918118" = Security Update for Windows XP (KB918118)
"KB918439" = Security Update for Windows XP (KB918439)
"KB918899" = Security Update for Windows XP (KB918899)
"KB919007" = Security Update for Windows XP (KB919007)
"KB920213" = Security Update for Windows XP (KB920213)
"KB920214" = Security Update for Windows XP (KB920214)
"KB920670" = Security Update for Windows XP (KB920670)
"KB920683" = Security Update for Windows XP (KB920683)
"KB920685" = Security Update for Windows XP (KB920685)
"KB920872" = Update for Windows XP (KB920872)
"KB921398" = Security Update for Windows XP (KB921398)
"KB921503" = Security Update for Windows XP (KB921503)
"KB921883" = Security Update for Windows XP (KB921883)
"KB922582" = Update for Windows XP (KB922582)
"KB922616" = Security Update for Windows XP (KB922616)
"KB922760" = Security Update for Windows XP (KB922760)
"KB922819" = Security Update for Windows XP (KB922819)
"KB923191" = Security Update for Windows XP (KB923191)
"KB923414" = Security Update for Windows XP (KB923414)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923694" = Security Update for Windows XP (KB923694)
"KB923980" = Security Update for Windows XP (KB923980)
"KB924191" = Security Update for Windows XP (KB924191)
"KB924270" = Security Update for Windows XP (KB924270)
"KB924496" = Security Update for Windows XP (KB924496)
"KB924667" = Security Update for Windows XP (KB924667)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925454" = Security Update for Windows XP (KB925454)
"KB925486" = Security Update for Windows XP (KB925486)
"KB925902" = Security Update for Windows XP (KB925902)
"KB926255" = Security Update for Windows XP (KB926255)
"KB926436" = Security Update for Windows XP (KB926436)
"KB927779" = Security Update for Windows XP (KB927779)
"KB927802" = Security Update for Windows XP (KB927802)
"KB927891" = Update for Windows XP (KB927891)
"KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090)
"KB928255" = Security Update for Windows XP (KB928255)
"KB928843" = Security Update for Windows XP (KB928843)
"KB929123" = Security Update for Windows XP (KB929123)
"KB929338" = Update for Windows XP (KB929338)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB930178" = Security Update for Windows XP (KB930178)
"KB930916" = Update for Windows XP (KB930916)
"KB931261" = Security Update for Windows XP (KB931261)
"KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768)
"KB931784" = Security Update for Windows XP (KB931784)
"KB931836" = Update for Windows XP (KB931836)
"KB932168" = Security Update for Windows XP (KB932168)
"KB932823-v3" = Update for Windows XP (KB932823-v3)
"KB933360" = Update for Windows XP (KB933360)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB933729" = Security Update for Windows XP (KB933729)
"KB935839" = Security Update for Windows XP (KB935839)
"KB935840" = Security Update for Windows XP (KB935840)
"KB936021" = Security Update for Windows XP (KB936021)
"KB936782_WMP10" = Security Update for Windows Media Player 10 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB937894" = Security Update for Windows XP (KB937894)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB938828" = Update for Windows XP (KB938828)
"KB938829" = Security Update for Windows XP (KB938829)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB941202" = Security Update for Windows XP (KB941202)
"KB941568" = Security Update for Windows XP (KB941568)
"KB941569" = Security Update for Windows XP (KB941569)
"KB941644" = Security Update for Windows XP (KB941644)
"KB941693" = Security Update for Windows XP (KB941693)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB942763" = Update for Windows XP (KB942763)
"KB943055" = Security Update for Windows XP (KB943055)
"KB943460" = Security Update for Windows XP (KB943460)
"KB943485" = Security Update for Windows XP (KB943485)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB944653" = Security Update for Windows XP (KB944653)
"KB945553" = Security Update for Windows XP (KB945553)
"KB946026" = Security Update for Windows XP (KB946026)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB948590" = Security Update for Windows XP (KB948590)
"KB948881" = Security Update for Windows XP (KB948881)
"KB950749" = Security Update for Windows XP (KB950749)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (2.0.0.16)" = Mozilla Firefox (2.0.0.16)
"MPEG Video Wizard DVD" = MPEG Video Wizard DVD
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"Snood_is1" = Snood for Windows version 3.52-W
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"TrojanHunter_is1" = TrojanHunter 4.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver

===== Uninstall List =====


===== Winsock2 Catalogs =====

===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Handlers =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM - IEProtocolHandler Class]
[12/07/2007 04:08 PM | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll

===== Protocol Filters =====

< End of report >


I think the computer is running okay. As I said before, the speed is acceptable. I haven't seen any more pop ups. I'm going to reboot after sending this to verify everything is ok.

What's your opinion?

Thanks!

Jack
  • 0

#19
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey,

Your logs looks good, but we need to check with an online scan if all is ok :)

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

:)
  • 0

#20
jacknsherr

jacknsherr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Okay -- unless I misinterpreted something that you said, the On Line Scan fniished running, and there was no report to even save. The user experience on the Kapersky site was different than you described, so I'm somewhat concerned, but a scan DID run, and no viruses were apparently detected.

Thank you so much for your help!

Jack

Edited by jacknsherr, 26 August 2008 - 04:10 PM.

  • 0

#21
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey jacknsherr,

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html

***

Congralutations, your log looks clean :)

STEP 1

Please Download OTcleanIT (OldTimer) : http://download.blee...r/OTCleanIt.exe

Open it and double-click on the "CleanUp" boutton.

Then Please re-enable your real-time protections.

STEP 2

Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.

* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* Check Turn off System Restore.
* Click Apply, and then click OK.


Restart your computer.

Turn ON System Restore.

* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* UN-Check Turn off System Restore.
* Click Apply, and then click OK.

System Restore will now be active again.

STEP 3

Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows

* Click Start.
* Select Settings and then Control Panel.
* Select Automatic Updates.
* Click Automatic (recommended)
* Choose a day and a time when you know the computer will be on and connected to the internet.
* Click Apply then OK.

STEP 4

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Beside, i noticed that you haven't an firewall on your computer. I advice you to install one of the following : Kerio / Commodo / ZoneAlarme.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Regards,
Egwene.
  • 0

#22
jacknsherr

jacknsherr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thanks, Egwene... Your help has been invaluable. I started to act on your suggestions, but I see that it's going to take some time to get everything in place. I wanted to get back to you before too long to thank you for your help in getting this done so quickly (once you got to my original request, that is....) :) :) :) ;) java script:add_smilie(":)","smid_10")

Anyway, I hope you don't mind if I pose one or two more questions:

1. The ATF Cleaner seems to work ok, but I was wondering about CCLeaner. Is that not recommended anymore?

2. About 4 weeks ago, I had a virus on my main computer that prevented me from even signing on to geekstogo.com. The one and only program that I could find that kept infecting my system was buritos.exe. Every trace to geekstogo.com was eradicated from my system -- I have links to geekstogo on a couple of my websites, and these were replaced with banners for fonts and ringtones. If I googled any kind of downloads for virus protection, my computer would freeze until I closed the browser window. I ended up taking my computer to the store where I got it, and they worked on it for 2 days before deciding that they had to back up my data files and reformat my hard drive in order to get rid of the virus. Finally, here's my questions on that fiasco: what do you recommend if I ever encounter that again (God forbid!)? There are conditions on my computer that I still can't resolve with all the new patches and things that they installed with the reinstallation of the OS...
http://www.geekstogo...fault/angry.gif

Anyway.... thanks again for all your help! It's truly, truly appreciated.

Jack
  • 0

#23
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey jacknsherr,

Glad we could help, you're welcome :)

1. The ATF Cleaner seems to work ok, but I was wondering about CCLeaner. Is that not recommended anymore?


Both are good, it's your choice to use one or the other. And there are some others cleanup tools... :)

2. About 4 weeks ago, I had a virus on my main computer that prevented me from even signing on to geekstogo.com. The one and only program that I could find that kept infecting my system was buritos.exe. Every trace to geekstogo.com was eradicated from my system -- I have links to geekstogo on a couple of my websites, and these were replaced with banners for fonts and ringtones. If I googled any kind of downloads for virus protection, my computer would freeze until I closed the browser window. I ended up taking my computer to the store where I got it, and they worked on it for 2 days before deciding that they had to back up my data files and reformat my hard drive in order to get rid of the virus. Finally, here's my questions on that fiasco: what do you recommend if I ever encounter that again (God forbid!)? There are conditions on my computer that I still can't resolve with all the new patches and things that they installed with the reinstallation of the OS...
http://www.geekstogo...fault/angry.gif


Buritos.exe >> What a nasty infection indeed. If you have some trouble again with some malwares, feel free to come back on Geeks to go forums and you will receive a very good help.

But, please notice that : The best shield on the net is your behaviour, so be carefull of what you do on internet.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here


Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

Have fun :)

Regards,
Egwene.
  • 0

#24
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP