Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't find MWS to delete - system SLOW with Firefox [Solved]

Started by GoDoAndB , Dec 30 2008 12:13 PM

  • This topic is locked This topic is locked

#1
GoDoAndB
Posted 30 December 2008 - 12:13 PM

GoDoAndB

    Member

  • Member
  • PipPip
  • 39 posts
When I DL Firefox (upgrading from old Mozilla, which I loved), a couple months ago, my system seemed to slow - the web definitely did, and freezes a lot more. This I tolerated, thinking one day I would actually figure out the font troubles with my new Vista machine and move on - not relishing that idea, so when the RUNDLL Progra~/MyWebSearch....errors (2) began popping up every time I rebooted, I began trying to manually clean out this system. I have run ATF, RegCure free version, and I use AVAST and Lavasoft Adaware. No difference after either of these scans. How much work am I looking at here - should I get the sledge hammer? Thanks for your help.

Attached Files


  • 0

Advertisements

#2
handhfan
Posted 30 December 2008 - 04:39 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Hello, GoDoAndB, and welcome to GeeksToGo! :)

Please give me some time to come up with a fix for you. Also, for the future, please do not post your logs as attachments unless specifically asked. It can make it harder to analyze.
  • 0

#3
handhfan
Posted 30 December 2008 - 04:50 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Please go to Start and click on Control Panel. In the Control Panel, select Add/Remove Programs. A list of programs will pop up. If there is any entry that looks like MyWebSearch, please uninstall it.

Please download Malwarebytes' Anti-Malware from Here or Here if you haven't already.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a new HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#4
GoDoAndB
Posted 30 December 2008 - 05:24 PM

GoDoAndB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Thank you. I could not find the program or any known components in my Add/Remove programs, or even Regedit. THe Malwarebytes shows it deleted My Web Search, but it still shows on the HJT log. Glad your here :-)

Malwarebytes' Anti-Malware 1.31
Database version: 1579
Windows 5.0.2195 Service Pack 4

12/30/2008 6:06:45 PM
mbam-log-2008-12-30 (18-06-45).txt

Scan type: Quick Scan
Objects scanned: 47601
Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 30
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINNT\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:11 PM, on 12/30/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\lxcycoms.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Software Pursuits\SPIAgentService\SPIAgentService.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Kodak Z740\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\MySoftware\Newsflsh.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\HijackThis.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.democrata...s.dll/frontpage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT file cleaner\AUTOBACK.EXE
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak Z740\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\Newsflsh.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: lxcy_device - - C:\WINNT\system32\lxcycoms.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: SPIAgent 5 (SPIAgent5) - Software Pursuits, Inc. - C:\Program Files\Software Pursuits\SPIAgentService\SPIAgentService.exe

--
End of file - 7904 bytes
  • 0

#5
handhfan
Posted 30 December 2008 - 06:14 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Services
MyWebSearchService

:Files
C:\Program Files\MyWebSearch
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please do an online scan with Kaspersky WebScanner

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Please post the OTMoveIt3 log, the Kaspersky scan log, and a new HijackThis log in your next reply.
  • 0

#6
GoDoAndB
Posted 30 December 2008 - 10:27 PM

GoDoAndB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Was entirely uncertain as to which JRE to DL - I guessed. The list of removed files was extensive.

========== SERVICES/DRIVERS ==========
Service MyWebSearchService stopped successfully.
Service MyWebSearchService deleted successfully.
========== FILES ==========
File/Folder C:\Program Files\MyWebSearch not found.
File/Folder [emptytemp] not found.
File/Folder [start explorer] not found.
File/Folder [Reboot] not found.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12302008_202644

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 30, 2008
Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 30, 2008 21:27:31
Records in database: 1533806
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\

Scan statistics:
Files scanned: 69498
Threat name: 4
Infected objects: 3
Suspicious objects: 1
Duration of the scan: 02:23:18


File name / Threat name / Threats count
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-4ae014c4 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Administrator\My Documents\Music\90s alternative\Bonnie Raitt - poppa come quick.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Administrator\My Documents\Online Orders\EBay\Foodsaver1085\Message from eBay Member Regarding Item #4432129210.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Program Files\Internet Explorer\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cv 1

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:07 PM, on 12/30/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\lxcycoms.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Software Pursuits\SPIAgentService\SPIAgentService.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Kodak Z740\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\MySoftware\Newsflsh.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Firefox\firefox.exe
C:\WINNT\System32\svchost.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\ScanningProcess.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\HijackThis.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.democrata...s.dll/frontpage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT file cleaner\AUTOBACK.EXE
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak Z740\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\Newsflsh.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: lxcy_device - - C:\WINNT\system32\lxcycoms.exe
O23 - Service: SPIAgent 5 (SPIAgent5) - Software Pursuits, Inc. - C:\Program Files\Software Pursuits\SPIAgentService\SPIAgentService.exe

--
End of file - 7735 bytes

Thanks.
  • 0

#7
handhfan
Posted 31 December 2008 - 07:53 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
It should be JRE 6 Update 11. The link would be here. Please download and install this one.

  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Files
C:\Documents and Settings\Administrator\My Documents\Music\90s alternative\Bonnie Raitt - poppa come quick.mp3
C:\Program Files\Internet Explorer\msimg32.dll

[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#8
GoDoAndB
Posted 31 December 2008 - 09:13 AM

GoDoAndB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Thank you. That is the JRE I installed, I just added the optional jre-6u11-windows-i586-p-iftw.exe Additionally, JAVA offered an update this morning, and I allowed that. I restarted before running the scans below; One MWS RUNDLL warning still pops up upon start.

========== FILES ==========
File/Folder C:\Documents and Settings\Administrator\My Documents\Music\90s alternative\Bonnie Raitt - poppa come quick.mp3 not found.
File/Folder C:\Program Files\Internet Explorer\msimg32.dll not found.
File/Folder [emptytemp] not found.
File/Folder [start explorer] not found.
File/Folder [Reboot] not found.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12312008_101220

OTListIt logfile created on: 12/31/2008 10:16:30 AM - Run
OTListIt2 by OldTimer - Version 1.0.1.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 5.00.3700.1000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 159.07 Mb Available Physical Memory | 31.10% Memory free
1.22 Gb Paging File | 0.75 Gb Available in Paging File | 61.93% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 104.16 Gb Free Space | 81.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TERESA
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
C:\Program Files\Avast\aswUpdSv.exe (ALWIL Software)
C:\Program Files\Avast\ashServ.exe (ALWIL Software)
C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
C:\WINNT\system32\lxcycoms.exe ( )
C:\WINNT\system32\regsvc.exe (Microsoft Corporation)
C:\WINNT\system32\mstask.exe (Microsoft Corporation)
C:\Program Files\Software Pursuits\SPIAgentService\SPIAgentService.exe (Software Pursuits, Inc.)
C:\WINNT\system32\stisvc.exe (Microsoft Corporation)
C:\WINNT\system32\wbem\WinMgmt.exe (Microsoft Corporation)
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb11.exe (HP)
C:\Program Files\Avast\ashDisp.exe (ALWIL Software)
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\Labtec\Desktop\V5.1\MOffice.exe ()
C:\Program Files\Labtec\Desktop\V5.1\KBDAP32A.EXE ()
C:\Program Files\Lexmark 3400 Series\lxcymon.exe ()
C:\Program Files\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.)
C:\Program Files\Labtec\Desktop\V5.1\mouse32a.exe ()
C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
C:\Program Files\Kodak Z740\Kodak EasyShare software\bin\EasyShare.exe ()
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
C:\Program Files\Common Files\MySoftware\Newsflsh.exe (MySoftware, Inc.)
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe (Ulead Systems, Inc.)
C:\Program Files\Greetings Workshop\GWREMIND.EXE (Microsoft Corporation)
C:\WINNT\system32\wuauclt.exe (Microsoft Corporation)
C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)
C:\Program Files\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
C:\Program Files\Microsoft Office\Office\WINWORD.EXE (Microsoft Corporation)
C:\Documents and Settings\Administrator\Desktop\OTMoveIt3.exe (OldTimer Tools)
C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\ScanningProcess.exe (Kaspersky Lab.)
C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe (OldTimer Tools)

========== (O23) Win32 Services (SafeList) ==========

(aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
(Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe ()
(aswUpdSv [Auto | Running]) -- C:\Program Files\Avast\aswUpdSv.exe (ALWIL Software)
(avast! Antivirus [Auto | Running]) -- C:\Program Files\Avast\ashServ.exe (ALWIL Software)
(avast! Mail Scanner [On_Demand | Stopped]) -- C:\Program Files\Avast\ashMaiSv.exe (ALWIL Software)
(avast! Web Scanner [On_Demand | Stopped]) -- C:\Program Files\Avast\ashWebSv.exe (ALWIL Software)
(Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
(clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
(dmadmin [On_Demand | Stopped]) -- C:\WINNT\system32\dmadmin.exe (VERITAS Software Corp.)
(Fax [On_Demand | Stopped]) -- C:\WINNT\system32\FAXSVC.EXE (Microsoft Corporation)
(IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
(iPodService [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
(JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
(KodakCCS [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
(lxcy_device [Auto | Running]) -- C:\WINNT\system32\lxcycoms.exe ( )
(RemoteRegistry [Auto | Running]) -- C:\WINNT\system32\regsvc.exe (Microsoft Corporation)
(Schedule [Auto | Running]) -- C:\WINNT\system32\mstask.exe (Microsoft Corporation)
(SPIAgent5 [Auto | Running]) -- C:\Program Files\Software Pursuits\SPIAgentService\SPIAgentService.exe (Software Pursuits, Inc.)
(StiSvc [Auto | Running]) -- C:\WINNT\system32\stisvc.exe (Microsoft Corporation)
(UtilMan [On_Demand | Stopped]) -- C:\WINNT\system32\utilman.exe (Microsoft Corporation)
(WinMgmt [Auto | Running]) -- C:\WINNT\system32\wbem\WinMgmt.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

(Aavmker4 [System | Running]) -- C:\WINNT\System32\drivers\aavmker4.sys (ALWIL Software)
(aswMon [Auto | Running]) -- C:\WINNT\System32\drivers\aswmon.sys (ALWIL Software)
(aswRdr [On_Demand | Running]) -- C:\WINNT\System32\drivers\aswRdr.sys (ALWIL Software)
(aswSP [System | Running]) -- C:\WINNT\System32\drivers\aswSP.sys (ALWIL Software)
(aswTdi [System | Running]) -- C:\WINNT\System32\drivers\aswTdi.sys (ALWIL Software)
(AWINDIS5 [On_Demand | Stopped]) -- C:\WINNT\system32\AWINDIS5.SYS (AMBIT Microsystems Corporation.)
(BrScnUsb [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
(BrSerIf [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\BrSerIf.sys (Brother Industries Ltd.)
(BrUsbSer [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
(BsUDF [Auto | Running]) -- C:\WINNT\System32\drivers\bsudf.sys (ahead software)
(Cdr4_2K [System | Running]) -- C:\WINNT\System32\drivers\cdr4_2k.sys (Sonic Solutions)
(Cdralw2k [System | Running]) -- C:\WINNT\System32\drivers\cdralw2k.sys (Sonic Solutions)
(DcCam [System | Running]) -- C:\WINNT\system32\drivers\DcCam.sys (Eastman Kodak Company)
(DcFpoint [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\DcFpoint.sys (Eastman Kodak Company)
(DCFS2K [Auto | Running]) -- C:\WINNT\system32\drivers\DCFS2k.sys (Eastman Kodak Company)
(DcLps [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\DcLps.sys (Eastman Kodak Company)
(DcPTP [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\DcPtp.sys (Eastman Kodak Company)
(Diskperf [Boot | Running]) -- C:\WINNT\System32\drivers\diskperf.sys (Microsoft Corporation)
(dmboot [Disabled | Stopped]) -- C:\WINNT\system32\drivers\dmboot.sys (VERITAS Software Corp.)
(dmio [Boot | Running]) -- C:\WINNT\system32\drivers\dmio.sys (VERITAS Software Corp.)
(dmload [Boot | Running]) -- C:\WINNT\system32\drivers\dmload.sys (VERITAS Software Corp.)
(EFS [Disabled | Running]) -- C:\WINNT\System32\drivers\efs.sys (Microsoft Corporation)
(Exportit [System | Stopped]) -- C:\WINNT\system32\drivers\ExportIt.sys (Eastman Kodak Company)
(gameenum [On_Demand | Running]) -- C:\WINNT\system32\drivers\gameenum.sys (Microsoft Corporation)
(GEARAspiWDM [On_Demand | Running]) -- C:\WINNT\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
(HPZid412 [On_Demand | Running]) -- C:\WINNT\system32\drivers\HPZid412.sys (HP)
(HPZipr12 [On_Demand | Running]) -- C:\WINNT\system32\drivers\HPZipr12.sys (HP)
(HPZius12 [On_Demand | Running]) -- C:\WINNT\system32\drivers\HPZius12.sys (HP)
(ISD200 [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\ISD200.SYS (In-System Design, Inc.)
(MA8032C [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\MA8032C.sys (Mobile Action Technology Inc.)
(MA8032M [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\MA8032M.sys (Mobile Action Technology Inc.)
(MA8032U [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\MA8032U.sys (Mobile Action Technology Inc.)
(mam4410c [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\mam4410c.sys (Mobile Action Technology Inc.)
(mam4410m [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\mam4410m.sys (Mobile Action Technology Inc.)
(mam4410u [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\mam4410u.sys (Mobile Action Technology Inc.)
(MaRdPnp [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\mardp2k.sys (Mobile Action Technology Inc.)
(MaVctrl [Auto | Running]) -- C:\WINNT\system32\drivers\MaVc2K.sys (Mobile Action Technology Inc.)
(MPE [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\mpe.sys (Microsoft Corporation)
(ms_mpu401 [On_Demand | Running]) -- C:\WINNT\system32\drivers\msmpu401.sys (Microsoft Corporation)
(NetDetect [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\netdtect.sys (Microsoft Corporation)
(nv4 [On_Demand | Running]) -- C:\WINNT\system32\drivers\nv4.sys (NVIDIA Corporation)
(openhci [On_Demand | Running]) -- C:\WINNT\system32\drivers\openhci.sys (Microsoft Corporation)
(Parallel [On_Demand | Running]) -- C:\WINNT\system32\drivers\parallel.sys (Microsoft Corporation)
(Ptilink [On_Demand | Running]) -- C:\WINNT\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
(PxHelp20 [Boot | Running]) -- C:\WINNT\system32\drivers\pxhelp20.sys (Sonic Solutions)
(RCA [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\rca.sys (Microsoft Corporation)
(ROOTMODEM [On_Demand | Running]) -- C:\WINNT\system32\drivers\rootmdm.sys (Microsoft Corporation)
(SiS7012 [On_Demand | Running]) -- C:\WINNT\system32\drivers\sis7012.sys (Silicon Integrated Systems Corporation)
(SISAGP [Boot | Running]) -- C:\WINNT\system32\drivers\SISAGP.SYS (Silicon Integrated Systems Corporation)
(SISNIC [On_Demand | Running]) -- C:\WINNT\system32\drivers\sisnic.sys (SiS Corporation)
(Sus2pl [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\sus2pl.sys (Susteen)
(usb_rndisy [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\usb8023y.sys (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.democrata...s.dll/frontpage
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (734 bytes) - C:\WINNT\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O3 - HKCU\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe" (Lexmark International Inc.)
O4 - HKLM..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s ()
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe (HP)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc.)
O4 - HKLM..\Run: [LXCYCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" ()
O4 - HKLM..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Synchronization Manager] mobsync.exe /logon (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT file cleaner\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak Z740\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\Newsflsh.exe (MySoftware, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe (Ulead Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O8 - Extra context menu item: &Search - Reg Error: Value does not exist or could not be read.
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key does not exist or could not be opened.)
O18 - Protocol\Handler: - about - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - cdl - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - file - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ftp - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - gopher - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - http\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - https\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - its - C:\WINNT\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - javascript - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - local - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mailto - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mhtml - C:\WINNT\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mk - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-its - C:\WINNT\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - res - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - sysimage - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - vbscript - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - vnd.ms.radio - C:\WINNT\system32\msdxm.ocx ()
O18 - Protocol\Filter: - application/octet-stream - C:\WINNT\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINNT\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINNT\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINNT\system32\SHELL32.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings
O21 - SSODL: Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E}C:\WINNT\system32\netshell.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153}C:\WINNT\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}C:\WINNT\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Browseui preloader) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Component Categories cache daemon) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = Explorer.exe
>C:\WINNT\explorer.exe (Microsoft Corporation)

"UserInit" = C:\WINNT\system32\userinit.exe,
>C:\WINNT\system32\USERINIT.EXE (Microsoft Corporation)

"VMApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl"
>C:\WINNT\system32\SHELL32.DLL (Microsoft Corporation)
>C:\WINNT\system32\SYSDM.CPL (Microsoft Corporation)


========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
ActiveSync: "DllName" = WcesWlgn.dll -- C:\WINNT\system32\WcesWlgn.dll (Microsoft Corporation)
crypt32chain: "DllName" = crypt32.dll -- C:\WINNT\system32\CRYPT32.DLL (Microsoft Corporation)
cryptnet: "DllName" = cryptnet.dll -- C:\WINNT\system32\CRYPTNET.DLL (Microsoft Corporation)
cscdll: "DllName" = cscdll.dll -- C:\WINNT\system32\cscdll.dll (Microsoft Corporation)
sclgntfy: "DllName" = sclgntfy.dll -- C:\WINNT\system32\sclgntfy.dll (Microsoft Corporation)
SensLogn: "DllName" = WlNotify.dll -- C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
wzcnotif: "DllName" = wzcdlg.dll -- C:\WINNT\system32\wzcdlg.dll (Microsoft Corporation)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = C:\WINNT\system32\ntsd.exe (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" (HKLM) -- C:\WINNT\system32\SHELL32.DLL (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders" = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>C:\WINNT\system32\msapsspc.dll (Microsoft Corporation)
>C:\WINNT\system32\SCHANNEL.DLL (Microsoft Corporation)
>C:\WINNT\system32\digest.dll (Microsoft Corporation)
>C:\WINNT\system32\msnsspc.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,
>C:\WINNT\system32\MSV1_0.DLL (Microsoft Corporation)

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages" = kerberos,msv1_0,schannel,
>C:\WINNT\system32\kerberos.dll (Microsoft Corporation)
>C:\WINNT\system32\MSV1_0.DLL (Microsoft Corporation)
>C:\WINNT\system32\SCHANNEL.DLL (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
C:\AUTOEXEC.BAT () -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINNT\*.tmp files]
[2150/06/21 13:09:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/12/31 10:15:06 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2008/12/31 10:10:33 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$2008.doc
[2008/12/31 10:01:56 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2c4.dat
[2008/12/31 10:00:07 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\2008.doc
[2008/12/30 20:26:44 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/12/30 20:23:07 | 01,033,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTMoveIt3.exe
[2008/12/30 18:28:05 | 00,001,471 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2008/12/30 18:28:04 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2008/12/30 18:27:42 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe
[2008/12/30 18:17:33 | 00,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2008/12/30 18:09:39 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_260.dat
[2008/12/30 18:07:23 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Malwarebytes.doc
[2008/12/30 17:59:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2008/12/30 17:59:38 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2008/12/30 17:59:35 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2008/12/30 17:59:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/30 17:59:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/30 17:57:16 | 02,539,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2008/12/30 13:03:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ERUNT files
[2008/12/30 13:02:31 | 00,000,709 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/12/30 13:02:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT file cleaner
[2008/12/30 13:00:55 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Program Files\erunt_setup.exe
[2008/12/30 12:51:47 | 00,000,454 | ---- | C] () -- C:\WINNT\tasks\RegCure Program Check.job
[2008/12/30 12:51:45 | 00,000,388 | ---- | C] () -- C:\WINNT\tasks\RegCure.job
[2008/12/30 12:51:36 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2008/12/30 12:18:51 | 01,371,632 | ---- | C] (ParetoLogic Inc.) -- C:\Program Files\RegCureSetup_RW.exe
[2008/12/30 12:08:55 | 00,000,000 | ---D | C] -- C:\Program Files\backups
[2008/12/30 12:08:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Hijack This files
[2008/12/30 11:04:39 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2008/12/30 09:53:20 | 00,000,000 | ---D | C] -- C:\Program Files\Software Pursuits
[2008/12/29 14:41:00 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\migraine help.doc
[2008/12/24 18:44:36 | 00,601,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Homemade Baileys.doc
[2008/12/23 08:55:01 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_27c.dat
[2008/12/22 20:37:51 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\st attempt romance novel Spontaneous Combustion.doc
[2008/12/22 14:52:37 | 00,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Program Files\HijackThis.exe
[2008/12/22 12:40:40 | 19,153,264 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\aaw2008.exe
[2008/12/21 10:36:08 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_274.dat
[2008/12/17 09:17:01 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_268.dat
[2008/12/17 08:31:36 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_280.dat
[2008/12/16 22:18:08 | 00,000,882 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Shortcut (2) to Five Things You May Not Have Known About Me.lnk
[2008/12/16 22:17:54 | 00,000,882 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Shortcut to Five Things You May Not Have Known About Me.lnk
[2008/12/14 19:58:32 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sell camera.doc
[2008/12/10 09:55:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RR Webpage
[2008/12/10 08:56:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Office Help
[2008/12/06 08:59:30 | 00,000,628 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/06 07:52:28 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_278.dat

========== Files - Modified Within 30 Days ==========

[1 C:\WINNT\System32\*.tmp files]
[1 C:\WINNT\*.tmp files]
[2008/12/31 10:15:32 | 00,002,616 | ---- | M] () -- C:\WINNT\System32\CONFIG.NT
[2008/12/31 10:14:59 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2008/12/31 10:10:33 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$2008.doc
[2008/12/31 10:04:25 | 14,528,512 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2008/12/31 10:04:23 | 08,266,752 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2008/12/31 10:02:54 | 00,000,454 | ---- | M] () -- C:\WINNT\tasks\RegCure Program Check.job
[2008/12/31 10:01:56 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2c4.dat
[2008/12/31 10:01:56 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2008/12/31 10:00:13 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\migraine help.doc
[2008/12/31 10:00:07 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2008.doc
[2008/12/30 20:22:58 | 01,033,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTMoveIt3.exe
[2008/12/30 18:28:05 | 00,001,471 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2008/12/30 18:09:39 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_260.dat
[2008/12/30 18:07:23 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Malwarebytes.doc
[2008/12/30 13:02:31 | 00,000,709 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/12/30 12:53:50 | 00,000,882 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Shortcut to Five Things You May Not Have Known About Me.lnk
[2008/12/30 12:53:50 | 00,000,882 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Shortcut (2) to Five Things You May Not Have Known About Me.lnk
[2008/12/30 12:51:47 | 00,000,388 | ---- | M] () -- C:\WINNT\tasks\RegCure.job
[2008/12/28 19:34:04 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\st attempt romance novel Spontaneous Combustion.doc
[2008/12/28 19:00:10 | 00,000,664 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2008/12/28 18:46:18 | 00,054,156 | -H-- | M] () -- C:\WINNT\QTFont.qfn
[2008/12/24 18:44:37 | 00,601,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Homemade Baileys.doc
[2008/12/23 08:55:01 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_27c.dat
[2008/12/21 10:36:08 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_274.dat
[2008/12/19 19:52:55 | 00,102,400 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Teigan Anecdotes.doc
[2008/12/19 16:18:49 | 00,000,628 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/17 09:17:01 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_268.dat
[2008/12/17 08:31:36 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_280.dat
[2008/12/16 22:36:28 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sell camera.doc
[2008/12/06 07:52:28 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_278.dat
[2008/12/03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2008/12/01 18:45:01 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Fuzzy Friends are Forever Friends.doc

========== LOP Check ==========

[2008/12/30 17:59:40 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2008/08/31 18:58:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2008/11/03 10:02:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AdobeUM
[2006/06/28 22:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2006/05/04 14:11:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Brother
[2008/05/10 07:10:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FaxCtr
[2008/09/01 09:16:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Flickr
[2006/03/22 15:44:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Help
[2006/03/21 06:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2008/11/28 17:57:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2006/07/15 13:59:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Itsth
[2008/03/26 19:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Laplink
[2008/11/04 08:54:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lavasoft
[2006/04/30 19:02:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2006/03/21 23:06:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2008/12/30 17:59:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2008/06/10 17:48:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2006/03/27 13:25:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft Web Folders
[2007/07/18 19:34:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MobileAction
[2008/10/16 08:30:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2007/07/13 11:28:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft
[2008/12/30 09:49:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SmartDraw
[2006/06/23 20:02:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Softplicity
[2006/12/30 19:06:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2006/03/21 22:35:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Talkback
[2006/03/21 22:39:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2008/09/12 09:20:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\U3
[2006/03/22 20:36:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2006/07/03 20:23:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2008/12/30 17:59:32 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/08/31 18:58:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/06/28 21:58:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2006/03/22 15:27:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother
[2008/05/09 12:07:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FaxCtr
[2006/11/23 09:57:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2008/11/04 08:55:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2006/03/30 08:53:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2008/12/30 17:59:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/04 08:54:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2006/03/27 13:34:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2006/03/22 15:28:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/12/30 10:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/03/26 20:53:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/03/22 20:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/07/04 14:21:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ViceVersa PRO 2
[2007/01/04 17:50:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007/09/23 07:02:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[1999/12/07 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\desktop.ini
[2008/12/31 10:02:54 | 00,000,454 | ---- | M] () -- C:\WINNT\Tasks\RegCure Program Check.job
[2008/12/30 12:51:47 | 00,000,388 | ---- | M] () -- C:\WINNT\Tasks\RegCure.job
[2008/12/31 10:01:56 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> %AllUsersProfile%\Application Data\TEMP:40F038C5
< End of report >
  • 0

#9
handhfan
Posted 31 December 2008 - 09:47 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Files:
C:\Documents and Settings\All Users\Application Data\SecTaskMan
C:\Program Files\Security Task Manager

[emptytemp]
[start explorer]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Open OTListIt2.exe
  • Click the None button at the top
  • Under the Custom Scan box at the bottom left paste the following in

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
    %systemroot%\Prefetch\*.* /s
    %systemroot%\system32\drivers\*.dat
    %systemroot%\Temp\bca4e2da.$$$
    %systemroot%\Temp\ed47fa.$
    %systemroot%\Temp\fa56d7ec.$$$
    %systemroot%\Temp\*.$$$
    %systemroot%\System32\antiwpa.dll
    %SYSTEMDRIVE%\*.epk
    %systemroot%\*.epk
    %systemroot%\system32\*.epk
    %systemroot%\system32\bb*.dat
    %systemroot%\system32\cookie*.dat
    %systemroot%\system32\kaxs.dat
    %systemroot%\system32\ps*.dat
    %systemroot%\system32\*32.sys
    %systemroot%\*.dr
    %SYSTEMDRIVE%\*.dr
    %systemroot%\system32\*.dr
    %systemroot%\system32\nods32.dll
    %systemroot%\*.res
    %SYSTEMDRIVE%\*.res
    %systemroot%\system32\*.res
    %systemroot%\system32\sockins32.dll
    %systemroot%\system32\Spool\*.*
    %systemroot%\system32\Spool\*.exe
    %systemroot%\system32\Spool\*.rar /s
    %systemroot%\system32\Spool\*.zip /s
    %systemroot%\system32\Spool\*.dat /s
    %ProgramFiles%\MSN Messenger\*.zip
    %ProgramFiles%\MSN Messenger\*.exe
    %ProgramFiles%\MSN Messenger\*.rar
    %PROGRAMFILES%\*crack*.
    %PROGRAMFILES%\*keygen*.
    %SYSTEMDRIVE%\*crack*.
    %SYSTEMDRIVE%\*keygen*.
    %SYSTEMDRIVE%\*.zip
    %SYSTEMDRIVE%\*.rar
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\*.dll
    %systemroot%\*.zip
    %systemroot%\*.rar
    %systemroot%\system32\*.zip
    %systemroot%\system32\*.rar
    %PROGRAMFILES%\*.zip
    %PROGRAMFILES%\*.rar
    %PROGRAMFILES%\*.exe
    %PROGRAMFILES%\*.dll
    %DESKTOP%\*.zip
    %DESKTOP%\*.rar
    %DESKTOP%\*.exe
    %DESKTOP%\*crack*.
    %DESKTOP%\*keygen*.
    %PROGRAMFILES%\Common Files\*.*
    %PROGRAMFILES%\Common Files\*bak*.
    %systemroot%\SYSTEM32\*bak*.
    %PROGRAMFILES%\*bak*.
    %systemroot%\ime\imjp8_1\*bak*.
    %PROGRAMFILES%\QuickTime\*bak*.
    %PROGRAMFILES%\Viewpoint\Viewpoint Manager\*bak*.
    %PROGRAMFILES%\Analog Devices\Core\*bak*.
    %SYSTEMDRIVE%\hp\KBD\*bak*.
    %PROGRAMFILES%\Adobe\Photoshop Album Starter Edition\3.2\Apps\*bak*.
    %PROGRAMFILES%\BillP Studios\WinPatrol\*bak*.
    %PROGRAMFILES%\BroadJump\Client Foundation\*bak*.
    %PROGRAMFILES%\Common Files\Real\Update_OB\*bak*.
    %PROGRAMFILES%\Common Files\Sonic\Update Manager\*bak*.
    %PROGRAMFILES%\\Google\GoogleToolbarNotifier\*bak*.
    %PROGRAMFILES%\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\*bak*.
    %PROGRAMFILES%\Yahoo!\Messenger\*bak*.
    %USERNAME%\*.zip
    %USERNAME%\*.rar
    %USERNAME%\*.exe
    %USERPROFILE%\*.zip
    %USERPROFILE%\*.rar
    %USERPROFILE%\*.exe
    %ALLUSERSPROFILE%\*.zip
    %ALLUSERSPROFILE%\*.rar
    %ALLUSERSPROFILE%\*.exe
    %APPDATA%\*.zip
    %APPDATA%\*.rar
    %APPDATA%\*.exe
    %ALLUSERSSTARTMENU%\*.zip
    %ALLUSERSSTARTMENU%\*.rar
    %ALLUSERSSTARTMENU%\*.exe
    %ALLUSERSSTARTUP%\*.zip
    %ALLUSERSSTARTUP%\*.rar
    %ALLUSERSSTARTUP%\*.exe
    %ALLUSERSPROGRAMS%\*.zip
    %ALLUSERSPROGRAMS%\*.rar
    %ALLUSERSPROGRAMS%\*.exe
    %ALLUSERSAPPDATA%\*.zip
    %ALLUSERSAPPDATA%\*.rar
    %ALLUSERSAPPDATA%\*.exe
    %APPDATA%\*.zip
    %APPDATA%\*.rar
    %APPDATA%\*.exe
    %APPDATA%\*.dat
    %APPDATA%\*.dll
    %QUICKLAUNCH%\*.zip
    %QUICKLAUNCH%\*.rar
    %QUICKLAUNCH%\*.exe
    %STARTUP%\*.zip
    %STARTUP%\*.rar
    %STARTUP%\*.exe
    %STARTMENU%\*.zip
    %STARTMENU%\*.rar
    %STARTMENU%\*.exe
    %MYDOCUMENTS%\*.zip
    %MYDOCUMENTS%\*.rar
    %MYDOCUMENTS%\*.exe
    %MYDOCUMENTS%\*crack*.
    %MYDOCUMENTS%\*keygen*.
    %PROGRAMFILES%\Mozilla Firefox\plugins\*.*
    %PROGRAMFILES%\Internet Explorer\*.*
    %PROGRAMFILES%\Internet Explorer\PLUGINS\*.*
    %PROGRAMFILES%\Mozilla Firefox\*.zip /s
    %PROGRAMFILES%\Mozilla Firefox\*.rar /s
    %PROGRAMFILES%\Mozilla Firefox\*.exe /s
    %PROGRAMFILES%\Internet Explorer\*.zip /s
    %PROGRAMFILES%\Internet Explorer\*.rar /s
    %PROGRAMFILES%\Internet Explorer\*.exe /s
    %SYSTEMDRIVE%\*.dat
    %SYSTEMDRIVE%\*.sys
    %SYSTEMROOT%\*.dat
    %SYSTEMROOT%\*.sys
    %systemroot%\system32\drivers\*.exe /s
    %systemroot%\system32\drivers\*.zip /s
    %systemroot%\system32\drivers\*.rar /s
    %systemroot%\system\*.exe /s
    %systemroot%\system\*.zip /s
    %systemroot%\system\*.rar /s
    %systemroot%\AppPatch\*.exe /s
    %systemroot%\AppPatch\*.zip /s
    %systemroot%\AppPatch\*.rar /s
    %systemroot%\Cache\*.*
    %systemroot%\Downloaded Program Files\*.*
    %systemroot%\Fonts\*.exe /s
    %systemroot%\Fonts\*.zip /s
    %systemroot%\Fonts\*.rar /s
    %systemroot%\Fonts\*.dll /s
    %systemroot%\Help\*.exe /s
    %systemroot%\Help\*.zip /s
    %systemroot%\Help\*.rar /s
    %systemroot%\Tasks\*.*
    %APPDATA%\*.sys
    %APPDATA%\Google\*.*
    %systemroot%\system32\serauth1.dll
    %systemroot%\system32\serauth2.dll
    %systemroot%\system32\sysaudio.sys
    %PROGRAMFILES%\*TinyProxy*.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla|extensions /rs
    %systemroot%\system32\inf\*.exe /s
    %systemroot%\system32\inf\*.zip /s
    %systemroot%\system32\inf\*.rar /s
    %systemroot%\system32\inf\*.dll /s
    %PROGRAMFILES%\Bitlord\Downloads\*.zip /s
    %PROGRAMFILES%\Bitlord\Downloads\*.rar /s
    %PROGRAMFILES%\Bitlord\Downloads\*.exe /s
    %PROGRAMFILES%\Bitlord\Downloads\*crack*.
    %PROGRAMFILES%\Bitlord\Downloads\*keygen*.
    %PROGRAMFILES%\eMule\Incoming\*.zip /s
    %PROGRAMFILES%\eMule\Incoming\*.rar /s
    %PROGRAMFILES%\eMule\Incoming\*.exe /s
    %PROGRAMFILES%\eMule\Incoming\*crack*.
    %PROGRAMFILES%\eMule\Incoming\*keygen*.
    %ProgramFiles%\Bittorent\downloads\*.zip /s
    %ProgramFiles%\Bittorent\downloads\*.exe /s
    %ProgramFiles%\Bittorent\downloads\*.rar /s
    %PROGRAMFILES%\Bittorent\Downloads\*crack*.
    %PROGRAMFILES%\Bittorent\Downloads\*keygen*.
    %ProgramFiles%\Bearshare\Shared\*.zip /s
    %ProgramFiles%\Bearshare\Shared\*.exe /s
    %ProgramFiles%\Bearshare\Shared\*.rar /s
    %ProgramFiles%\Bearshare\Shared\*crack*.
    %ProgramFiles%\Bearshare\Shared\*keygen*.
    %ProgramFiles%\Morpheus\My Shared Folder\*.zip /s
    %ProgramFiles%\Morpheus\My Shared Folder\*.exe /s
    %ProgramFiles%\Morpheus\My Shared Folder\*.rar /s
    %ProgramFiles%\Morpheus\My Shared Folder\*crack*.
    %ProgramFiles%\Morpheus\My Shared Folder\*keygen*.
    %ProgramFiles%\uTorrent\Downloads\*.zip /s
    %ProgramFiles%\uTorrent\Downloads\*.exe /s
    %ProgramFiles%\uTorrent\Downloads\*.rar /s
    %ProgramFiles%\uTorrent\Downloads\*crack*.
    %ProgramFiles%\uTorrent\Downloads\*keygen*.
    %ProgramFiles%\Kazaa Lite\My Shared Folder\*.zip /s
    %ProgramFiles%\Kazaa Lite\My Shared Folder\*.exe /s
    %ProgramFiles%\Kazaa Lite\My Shared Folder\*.rar /s
    %ProgramFiles%\Kazaa Lite\My Shared Folder\*crack*.
    %ProgramFiles%\Kazaa Lite\My Shared Folder\*keygen*.
    %ProgramFiles%\Kazaa\My Shared Folder\*.zip /s
    %ProgramFiles%\Kazaa\My Shared Folder\*.exe /s
    %ProgramFiles%\Kazaa\My Shared Folder\*.rar /s
    %ProgramFiles%\Kazaa\My Shared Folder\*crack*.
    %ProgramFiles%\Kazaa\My Shared Folder\*keygen*.
    %ProgramFiles%\Icq\Shared Files\*.zip /s
    %ProgramFiles%\Icq\Shared Files\*.exe /s
    %ProgramFiles%\Icq\Shared Files\*.rar /s
    %ProgramFiles%\Icq\Shared Files\*crack*.
    %ProgramFiles%\Icq\Shared Files\*keygen*.
    %ProgramFiles%\Direct Connect\Received Files\*.zip /s
    %ProgramFiles%\Direct Connect\Received Files\*.exe /s
    %ProgramFiles%\Direct Connect\Received Files\*.rar /s
    %ProgramFiles%\Direct Connect\Received Files\*crack*.
    %ProgramFiles%\Direct Connect\Received Files\*keygen*.
    %ALLUSERSPROFILE%\Application Data\AOL Downloads\*.zip
    %ALLUSERSPROFILE%\Application Data\AOL Downloads\*.rar
    %ALLUSERSPROFILE%\Application Data\AOL Downloads\*.exe
    %ALLUSERSPROFILE%\Application Data\AOL Downloads\*crack*.
    %ALLUSERSPROFILE%\Application Data\AOL Downloads\*keygen*.
    %APPDATA%\Opera\Opera\profile\widgets\*.*
    %PROGRAMFILES%\Opera\program\plugins\*.* /s
    %APPDATA%\Opera\Opera\profile\toolbar\*.* /s

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window called OTListIt.Txt. This saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file, and post it with your next reply along with the Uninstall list, OTMoveIt log, and a new HijackThis log.

  • 0

#10
GoDoAndB
Posted 31 December 2008 - 12:56 PM

GoDoAndB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
1st Photo Studio Standard
Ad-Aware
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Illustrator 9.0 Tryout
Adobe Photoshop CS
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe SVG Viewer
Adobe® Photoshop® Album Starter Edition 3.0
avast! Antivirus
BadCopy Pro
Bonjour
CardRd81
CCScore
DV 4500
Easy2Sync for Files
ERUNT 1.1j
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
FaxRedist
Flickr Uploadr 3.0.5
Frazzled v1.01
FreeZip
Greeting Cards
Greetings Workshop
HijackThis 2.0.2
HLPPDOCK
InCD (Ahead Software)
iTunes
Java™ 6 Update 11
Java™ 6 Update 7
JumpStart Advanced School Time
JumpStart Kindergarten 98 v2.1
kgcbase
Kodak EasyShare software
KSU
Label Maker
Labtec Desktop V5.1
Lexmark 3400 Series
Lexmark Fax Solutions
LG VX8100 USB - Handset Manager V9.2
LimeWire 4.18.8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.5)
Mozilla Thunderbird (1.5.0.5)
Multimedia Samples
Nero - Burning Rom
NeroMediaPlayer
Notifier
OfotoXMI
OTtBP
OTtBPSDK
PaperPort
PCsync
Personal Legal Forms
QuickTime
RegCure 1.5.1.3
Security Update for Windows Media Player (KB911564)
SFR
SHASTA
Sierra Print Artist 6.0
SiS 900 PCI Fast Ethernet Adapter Driver
SiS Audio Driver
SKIN0001
SKINXSDK
staticcr
Stationery
SureSync 5
Ulead Photo Express 4.0 SE
USB Storage Adapter V2
USB Universal Driver
VideoLAN VLC media player 0.8.5
VPRINTOL
Windows 2000 Hotfix - KB829558
Windows Installer 3.1 (KB893803)
Windows Media Player system update (9 Series)
WinRAR archiver
WIRELESS

Error: Unable to interpret <Files:> in the current context!
Error: Unable to interpret <C:\Documents and Settings\All Users\Application Data\SecTaskMan> in the current context!
Error: Unable to interpret <C:\Program Files\Security Task Manager> in the current context!
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[start explorer]> in the current context!

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12312008_135606


OTListIt logfile created on: 12/31/2008 1:53:38 PM - Run 4
OTListIt2 by OldTimer - Version 1.0.1.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 5.00.3700.1000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 213.34 Mb Available Physical Memory | 41.71% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.86% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 104.19 Gb Free Space | 81.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TERESA
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Custom Scans ==========


< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services >

< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg >

< %systemroot%\Prefetch\*.* /s >

< %systemroot%\system32\drivers\*.dat >

< %systemroot%\Temp\bca4e2da.$$$ >

< %systemroot%\Temp\ed47fa.$ >

< %systemroot%\Temp\fa56d7ec.$$$ >

< %systemroot%\Temp\*.$$$ >

< %systemroot%\System32\antiwpa.dll >

< %SYSTEMDRIVE%\*.epk >

< %systemroot%\*.epk >

< %systemroot%\system32\*.epk >

< %systemroot%\system32\bb*.dat >

< %systemroot%\system32\cookie*.dat >

< %systemroot%\system32\kaxs.dat >

< %systemroot%\system32\ps*.dat >

< %systemroot%\system32\*32.sys >

< %systemroot%\*.dr >

< %SYSTEMDRIVE%\*.dr >

< %systemroot%\system32\*.dr >

< %systemroot%\system32\nods32.dll >

< %systemroot%\*.res >

< %SYSTEMDRIVE%\*.res >

< %systemroot%\system32\*.res >

< %systemroot%\system32\sockins32.dll >

< %systemroot%\system32\Spool\*.* >

< %systemroot%\system32\Spool\*.exe >

< %systemroot%\system32\Spool\*.rar /s >

< %systemroot%\system32\Spool\*.zip /s >

< %systemroot%\system32\Spool\*.dat /s >
[2004/05/03 09:18:28 | 00,189,112 | ---- | M] () -- C:\WINNT\system32\Spool\drivers\w32x86\3\hph8100.dat

< %ProgramFiles%\MSN Messenger\*.zip >

< %ProgramFiles%\MSN Messenger\*.exe >

< %ProgramFiles%\MSN Messenger\*.rar >

< %PROGRAMFILES%\*crack*. >
[2008/12/30 23:29:29 | 00,000,000 | R--D | M] -- C:\Program Files

< %PROGRAMFILES%\*keygen*. >
[2008/12/30 23:29:29 | 00,000,000 | R--D | M] -- C:\Program Files

< %SYSTEMDRIVE%\*crack*. >
[2008/12/31 13:16:26 | 00,000,000 | ---D | M] -- C:

< %SYSTEMDRIVE%\*keygen*. >
[2008/12/31 13:16:26 | 00,000,000 | ---D | M] -- C:

< %SYSTEMDRIVE%\*.zip >

< %SYSTEMDRIVE%\*.rar >

< %SYSTEMDRIVE%\*.exe >
[2003/06/19 14:05:04 | 00,150,528 | RHS- | M] () -- C:\arcldr.exe
[2003/06/19 14:05:04 | 00,163,840 | RHS- | M] () -- C:\arcsetup.exe
[2005/10/31 10:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< %SYSTEMDRIVE%\*.dll >

< %systemroot%\*.zip >

< %systemroot%\*.rar >

< %systemroot%\system32\*.zip >

< %systemroot%\system32\*.rar >

< %PROGRAMFILES%\*.zip >

< %PROGRAMFILES%\*.rar >

< %PROGRAMFILES%\*.exe >
[2008/12/30 13:00:51 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Program Files\erunt_setup.exe
[2008/09/01 09:14:50 | 12,926,700 | ---- | M] (Flickr) -- C:\Program Files\FlickrUploadr-3.0.5-en.exe
[2008/12/22 12:46:41 | 00,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Program Files\HijackThis.exe
[2008/12/30 18:27:26 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe
[2008/12/30 17:57:13 | 02,539,168 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2008/03/26 18:25:07 | 13,023,496 | ---- | M] (Laplink Software, Inc. ) -- C:\Program Files\pcsync_en.exe
[2008/12/30 12:19:09 | 01,371,632 | ---- | M] (ParetoLogic Inc.) -- C:\Program Files\RegCureSetup_RW.exe
[2008/09/29 16:25:22 | 00,142,784 | ---- | M] (Macrovision Corp.) -- C:\Program Files\TocaRacer3Setup-dm.exe

< %PROGRAMFILES%\*.dll >

Invalid Environment Variable: DESKTOP

Invalid Environment Variable: DESKTOP

Invalid Environment Variable: DESKTOP

Invalid Environment Variable: DESKTOP

Invalid Environment Variable: DESKTOP

< %PROGRAMFILES%\Common Files\*.* >

< %PROGRAMFILES%\Common Files\*bak*. >
[2008/11/28 17:58:05 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files

< %systemroot%\SYSTEM32\*bak*. >
[2008/12/31 13:50:37 | 00,000,000 | ---D | M] -- C:\WINNT\SYSTEM32

< %PROGRAMFILES%\*bak*. >
[2008/12/30 23:29:29 | 00,000,000 | R--D | M] -- C:\Program Files

< %systemroot%\ime\imjp8_1\*bak*. >

< %PROGRAMFILES%\QuickTime\*bak*. >
[2006/07/12 21:12:57 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime

< %PROGRAMFILES%\Viewpoint\Viewpoint Manager\*bak*. >

< %PROGRAMFILES%\Analog Devices\Core\*bak*. >

< %SYSTEMDRIVE%\hp\KBD\*bak*. >

< %PROGRAMFILES%\Adobe\Photoshop Album Starter Edition\3.2\Apps\*bak*. >

< %PROGRAMFILES%\BillP Studios\WinPatrol\*bak*. >

< %PROGRAMFILES%\BroadJump\Client Foundation\*bak*. >

< %PROGRAMFILES%\Common Files\Real\Update_OB\*bak*. >

< %PROGRAMFILES%\Common Files\Sonic\Update Manager\*bak*. >

< %PROGRAMFILES%\\Google\GoogleToolbarNotifier\*bak*. >

< %PROGRAMFILES%\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\*bak*. >

< %PROGRAMFILES%\Yahoo!\Messenger\*bak*. >
[2007/09/29 07:04:12 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo!\Messenger

< %USERNAME%\*.zip >

< %USERNAME%\*.rar >

< %USERNAME%\*.exe >

< %USERPROFILE%\*.zip >

< %USERPROFILE%\*.rar >

< %USERPROFILE%\*.exe >

< %ALLUSERSPROFILE%\*.zip >

< %ALLUSERSPROFILE%\*.rar >

< %ALLUSERSPROFILE%\*.exe >

< %APPDATA%\*.zip >

< %APPDATA%\*.rar >

< %APPDATA%\*.exe >

Invalid Environment Variable: ALLUSERSSTARTMENU

Invalid Environment Variable: ALLUSERSSTARTMENU

Invalid Environment Variable: ALLUSERSSTARTMENU

Invalid Environment Variable: ALLUSERSSTARTUP

Invalid Environment Variable: ALLUSERSSTARTUP

Invalid Environment Variable: ALLUSERSSTARTUP

Invalid Environment Variable: ALLUSERSPROGRAMS

Invalid Environment Variable: ALLUSERSPROGRAMS

Invalid Environment Variable: ALLUSERSPROGRAMS

Invalid Environment Variable: ALLUSERSAPPDATA

Invalid Environment Variable: ALLUSERSAPPDATA

Invalid Environment Variable: ALLUSERSAPPDATA

< %APPDATA%\*.zip >

< %APPDATA%\*.rar >

< %APPDATA%\*.exe >

< %APPDATA%\*.dat >

< %APPDATA%\*.dll >

Invalid Environment Variable: QUICKLAUNCH

Invalid Environment Variable: QUICKLAUNCH

Invalid Environment Variable: QUICKLAUNCH

Invalid Environment Variable: STARTUP

Invalid Environment Variable: STARTUP

Invalid Environment Variable: STARTUP

Invalid Environment Variable: STARTMENU

Invalid Environment Variable: STARTMENU

Invalid Environment Variable: STARTMENU

Invalid Environment Variable: MYDOCUMENTS

Invalid Environment Variable: MYDOCUMENTS

Invalid Environment Variable: MYDOCUMENTS

Invalid Environment Variable: MYDOCUMENTS

Invalid Environment Variable: MYDOCUMENTS

< %PROGRAMFILES%\Mozilla Firefox\plugins\*.* >

< %PROGRAMFILES%\Internet Explorer\*.* >
[1999/12/07 07:00:00 | 00,014,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\HMMAPI.DLL
[1999/12/07 07:00:00 | 00,060,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE

< %PROGRAMFILES%\Internet Explorer\PLUGINS\*.* >
[2006/07/14 16:30:39 | 00,004,208 | ---- | M] () -- C:\Program Files\Internet Explorer\PLUGINS\QuickTimePlugin.class

< %PROGRAMFILES%\Mozilla Firefox\*.zip /s >

< %PROGRAMFILES%\Mozilla Firefox\*.rar /s >

< %PROGRAMFILES%\Mozilla Firefox\*.exe /s >

< %PROGRAMFILES%\Internet Explorer\*.zip /s >

< %PROGRAMFILES%\Internet Explorer\*.rar /s >

< %PROGRAMFILES%\Internet Explorer\*.exe /s >
[1999/12/07 07:00:00 | 00,060,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
[2003/06/19 14:05:04 | 00,186,640 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
[1999/12/07 07:00:00 | 00,061,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe
[1999/12/07 07:00:00 | 00,015,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe
[1999/12/07 07:00:00 | 00,059,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe
[1999/12/07 07:00:00 | 00,012,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe
[1999/12/07 07:00:00 | 00,006,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe

< %SYSTEMDRIVE%\*.dat >

< %SYSTEMDRIVE%\*.sys >
[2006/03/21 06:35:21 | 00,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2006/03/21 06:35:21 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/03/21 06:35:21 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/31 13:49:55 | 80,530,6368 | -HS- | M] () -- C:\pagefile.sys

< %SYSTEMROOT%\*.dat >
[2006/03/21 20:59:57 | 00,093,893 | ---- | M] () -- C:\WINNT\HPHins03.dat
[2004/06/06 23:41:42 | 00,002,655 | ---- | M] () -- C:\WINNT\hphmdl03.dat
[2007/08/25 19:56:15 | 00,010,355 | ---- | M] () -- C:\WINNT\mozver.dat
[2006/03/21 22:35:31 | 00,000,335 | ---- | M] () -- C:\WINNT\nsreg.dat
[2006/05/25 11:35:41 | 00,000,088 | ---- | M] () -- C:\WINNT\Winsus0.dat
[1 C:\WINNT\*.tmp files]

< %SYSTEMROOT%\*.sys >

< %systemroot%\system32\drivers\*.exe /s >
[2005/03/30 16:46:56 | 00,411,920 | ---- | M] (Eastman Kodak Company) -- C:\WINNT\system32\drivers\KodakCCS.exe

< %systemroot%\system32\drivers\*.zip /s >

< %systemroot%\system32\drivers\*.rar /s >

< %systemroot%\system\*.exe /s >

< %systemroot%\system\*.zip /s >

< %systemroot%\system\*.rar /s >

< %systemroot%\AppPatch\*.exe /s >

< %systemroot%\AppPatch\*.zip /s >

< %systemroot%\AppPatch\*.rar /s >

< %systemroot%\Cache\*.* >

< %systemroot%\Downloaded Program Files\*.* >
[2006/03/21 06:34:44 | 00,000,065 | -H-- | M] () -- C:\WINNT\Downloaded Program Files\desktop.ini
[1997/10/14 18:52:54 | 00,000,697 | ---- | M] () -- C:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd
[2002/07/25 17:13:16 | 00,024,576 | ---- | M] () -- C:\WINNT\Downloaded Program Files\dwusplay.dll
[2002/07/25 17:13:10 | 00,196,608 | ---- | M] () -- C:\WINNT\Downloaded Program Files\dwusplay.exe
[2003/09/19 14:22:12 | 00,299,008 | ---- | M] () -- C:\WINNT\Downloaded Program Files\isusweb.dll
[1998/11/05 16:11:16 | 00,001,162 | ---- | M] () -- C:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd

< %systemroot%\Fonts\*.exe /s >

< %systemroot%\Fonts\*.zip /s >

< %systemroot%\Fonts\*.rar /s >

< %systemroot%\Fonts\*.dll /s >

< %systemroot%\Help\*.exe /s >

< %systemroot%\Help\*.zip /s >

< %systemroot%\Help\*.rar /s >

< %systemroot%\Tasks\*.* >
[1999/12/07 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\desktop.ini
[2008/12/31 13:50:45 | 00,000,454 | ---- | M] () -- C:\WINNT\Tasks\RegCure Program Check.job
[2008/12/30 12:51:47 | 00,000,388 | ---- | M] () -- C:\WINNT\Tasks\RegCure.job
[2008/12/31 13:50:22 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT

< %APPDATA%\*.sys >

< %APPDATA%\Google\*.* >

< %systemroot%\system32\serauth1.dll >

< %systemroot%\system32\serauth2.dll >

< %systemroot%\system32\sysaudio.sys >

< %PROGRAMFILES%\*TinyProxy*. >
[2008/12/30 23:29:29 | 00,000,000 | R--D | M] -- C:\Program Files

< HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla|extensions /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\\[email protected] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ff [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/12/31 08:55:25 00,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions\\Components -> %ProgramFiles%\Firefox\components [C:\PROGRAM FILES\FIREFOX\COMPONENTS] -> [2008/12/17 21:53:36 00,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins -> %ProgramFiles%\Firefox\plugins [C:\PROGRAM FILES\FIREFOX\PLUGINS] -> [2008/12/31 08:56:05 00,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird 1.5.0.5\Extensions\\Components -> %ProgramFiles%\Thunderbird\components [C:\PROGRA~1\THUNDE~1\COMPONENTS\] -> [2008/01/26 06:54:32 00,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird 1.5.0.5\Extensions\\Plugins -> %ProgramFiles%\Thunderbird\plugins [C:\PROGRA~1\THUNDE~1\PLUGINS\] -> [2008/01/26 06:54:32 00,000,000 | ---D | M]

< %systemroot%\system32\inf\*.exe /s >

< %systemroot%\system32\inf\*.zip /s >

< %systemroot%\system32\inf\*.rar /s >

< %systemroot%\system32\inf\*.dll /s >

< %PROGRAMFILES%\Bitlord\Downloads\*.zip /s >

< %PROGRAMFILES%\Bitlord\Downloads\*.rar /s >

< %PROGRAMFILES%\Bitlord\Downloads\*.exe /s >

< %PROGRAMFILES%\Bitlord\Downloads\*crack*. >

< %PROGRAMFILES%\Bitlord\Downloads\*keygen*. >

< %PROGRAMFILES%\eMule\Incoming\*.zip /s >

< %PROGRAMFILES%\eMule\Incoming\*.rar /s >

< %PROGRAMFILES%\eMule\Incoming\*.exe /s >

< %PROGRAMFILES%\eMule\Incoming\*crack*. >

< %PROGRAMFILES%\eMule\Incoming\*keygen*. >

< %ProgramFiles%\Bittorent\downloads\*.zip /s >

< %ProgramFiles%\Bittorent\downloads\*.exe /s >

< %ProgramFiles%\Bittorent\downloads\*.rar /s >

< %PROGRAMFILES%\Bittorent\Downloads\*crack*. >

< %PROGRAMFILES%\Bittorent\Downloads\*keygen*. >

< %ProgramFiles%\Bearshare\Shared\*.zip /s >

< %ProgramFiles%\Bearshare\Shared\*.exe /s >

< %ProgramFiles%\Bearshare\Shared\*.rar /s >

< %ProgramFiles%\Bearshare\Shared\*crack*. >

< %ProgramFiles%\Bearshare\Shared\*keygen*. >

< %ProgramFiles%\Morpheus\My Shared Folder\*.zip /s >

< %ProgramFiles%\Morpheus\My Shared Folder\*.exe /s >

< %ProgramFiles%\Morpheus\My Shared Folder\*.rar /s >

< %ProgramFiles%\Morpheus\My Shared Folder\*crack*. >

< %ProgramFiles%\Morpheus\My Shared Folder\*keygen*. >

< %ProgramFiles%\uTorrent\Downloads\*.zip /s >

< %ProgramFiles%\uTorrent\Downloads\*.exe /s >

< %ProgramFiles%\uTorrent\Downloads\*.rar /s >

< %ProgramFiles%\uTorrent\Downloads\*crack*. >

< %ProgramFiles%\uTorrent\Downloads\*keygen*. >

< %ProgramFiles%\Kazaa Lite\My Shared Folder\*.zip /s >

< %ProgramFiles%\Kazaa Lite\My Shared Folder\*.exe /s >

< %ProgramFiles%\Kazaa Lite\My Shared Folder\*.rar /s >

< %ProgramFiles%\Kazaa Lite\My Shared Folder\*crack*. >

< %ProgramFiles%\Kazaa Lite\My Shared Folder\*keygen*. >

< %ProgramFiles%\Kazaa\My Shared Folder\*.zip /s >

< %ProgramFiles%\Kazaa\My Shared Folder\*.exe /s >

< %ProgramFiles%\Kazaa\My Shared Folder\*.rar /s >

< %ProgramFiles%\Kazaa\My Shared Folder\*crack*. >

< %ProgramFiles%\Kazaa\My Shared Folder\*keygen*. >

< %ProgramFiles%\Icq\Shared Files\*.zip /s >

< %ProgramFiles%\Icq\Shared Files\*.exe /s >

< %ProgramFiles%\Icq\Shared Files\*.rar /s >

< %ProgramFiles%\Icq\Shared Files\*crack*. >

< %ProgramFiles%\Icq\Shared Files\*keygen*. >

< %ProgramFiles%\Direct Connect\Received Files\*.zip /s >

< %ProgramFiles%\Direct Connect\Received Files\*.exe /s >

< %ProgramFiles%\Direct Connect\Received Files\*.rar /s >

< %ProgramFiles%\Direct Connect\Received Files\*crack*. >

< %ProgramFiles%\Direct Connect\Received Files\*keygen*. >

< %ALLUSERSPROFILE%\Application Data\AOL Downloads\*.zip >

< %ALLUSERSPROFILE%\Application Data\AOL Downloads\*.rar >

< %ALLUSERSPROFILE%\Application Data\AOL Downloads\*.exe >

< %ALLUSERSPROFILE%\Application Data\AOL Downloads\*crack*. >

< %ALLUSERSPROFILE%\Application Data\AOL Downloads\*keygen*. >

< %APPDATA%\Opera\Opera\profile\widgets\*.* >

< %PROGRAMFILES%\Opera\program\plugins\*.* /s >

< %APPDATA%\Opera\Opera\profile\toolbar\*.* /s >
< End of report >

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:04 PM, on 12/31/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\lxcycoms.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Software Pursuits\SPIAgentService\SPIAgentService.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Kodak Z740\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\MySoftware\Newsflsh.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Firefox\firefox.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avast\ashWebSv.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.democrata...s.dll/frontpage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT file cleaner\AUTOBACK.EXE
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak Z740\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\Newsflsh.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: lxcy_device - - C:\WINNT\system32\lxcycoms.exe
O23 - Service: SPIAgent 5 (SPIAgent5) - Software Pursuits, Inc. - C:\Program Files\Software Pursuits\SPIAgentService\SPIAgentService.exe

--
End of file - 7821 bytes

Are we getting anywhere? I am not pc savvy enough to know, except that I still see the MWS file inthe HJT report. I am in awe how you know what all these lines mean!
  • 0

Advertisements

#11
handhfan
Posted 01 January 2009 - 09:02 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Yep, we are doing last minute cleanup here. The files for MWS are gone, just a stray entry left to delete. As well, you will see a similar move with OTMoveIt3.exe. I goofed on the last one, this one should work correctly. :)

  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Files
C:\Documents and Settings\All Users\Application Data\SecTaskMan
C:\Program Files\Security Task Manager

[emptytemp]
[start explorer]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Java™ 6 Update 7

Please note any other programs that you dont recognize in that list in your next response

After that, Reboot.

Please post a new HijackThis log in your next reply.

Is your computer running better? Do you have any other problems with your computer?
  • 0

#12
GoDoAndB
Posted 01 January 2009 - 11:43 AM

GoDoAndB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I am still getting the MWS RUNDLL pop up on start up, and my web searches with Firefox are still slow: the curser moves sporadically when I try to do more than one search (in multiple tabs), and even one search seems to hold things up for 30-60 seconds. I was unable to delete the Java 6 update 7 in safe mode : "Windows intsaller service could not be accessed. I have never had this issue in regular mode. What next? BTW - Happy new year!

========== FILES ==========
C:\Documents and Settings\All Users\Application Data\SecTaskMan moved successfully.
C:\Program Files\Security Task Manager moved successfully.
File/Folder [emptytemp] not found.
File/Folder [start explorer] not found.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01012009_110937

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:41 AM, on 1/1/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\lxcycoms.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Software Pursuits\SPIAgentService\SPIAgentService.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Avast\ashWebSv.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Kodak Z740\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\MySoftware\Newsflsh.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.democrata...s.dll/frontpage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT file cleaner\AUTOBACK.EXE
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak Z740\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\Newsflsh.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: lxcy_device - - C:\WINNT\system32\lxcycoms.exe
O23 - Service: SPIAgent 5 (SPIAgent5) - Software Pursuits, Inc. - C:\Program Files\Software Pursuits\SPIAgentService\SPIAgentService.exe

--
End of file - 7928 bytes
  • 0

#13
handhfan
Posted 01 January 2009 - 01:39 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
For your searches in Firefox, I think that may be something to bring up with the people in the Browsers section of the site when we finish here (if it's still an issue).

For now, try uninstalling Java 6 Update 7 in Normal Mode.

As well, I'm not sure why that MyWebSearch entry didn't delete, hopefully this will get rid of it, and you shouldn't get the RUNDLL message every time you start your computer.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"My Web Search Bar"=-

[emptytemp]
[start explorer]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post along with a new HijackThis log.
  • 0

#14
GoDoAndB
Posted 02 January 2009 - 07:46 AM

GoDoAndB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Good morn,

I rebooted after deleting the Java 6 rev 7, and then ran these. I did not get the RUNDLL pop-up this morn - yeah!! The browser is still sticky. T

========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar not found.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 010220

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:50 AM, on 1/2/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\lxcycoms.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Software Pursuits\SPIAgentService\SPIAgentService.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Avast\ashWebSv.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak Z740\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Common Files\MySoftware\Newsflsh.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\OTMoveIt3.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.democrata...s.dll/frontpage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT file cleaner\AUTOBACK.EXE
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak Z740\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\Newsflsh.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: lxcy_device - - C:\WINNT\system32\lxcycoms.exe
O23 - Service: SPIAgent 5 (SPIAgent5) - Software Pursuits, Inc. - C:\Program Files\Software Pursuits\SPIAgentService\SPIAgentService.exe

--
End of file - 8184 bytes
  • 0

#15
handhfan
Posted 02 January 2009 - 08:22 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set. Also, for your Browser problem, remember to post in the Browsers forum, they would be best to help you out with this problem. :)

  • Make sure you have an Internet Connection.
  • Download OTCleanIt to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please update Adobe Reader, by downloading and installing Adobe Reader 9.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard gives you realtime protection from spyware.
  • Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed.
  • Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP