Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Daughter laptop infected

Started by smwifey , Jan 04 2009 05:25 PM

  • Please log in to reply

#1
smwifey
Posted 04 January 2009 - 05:25 PM

smwifey

    Member

  • Member
  • PipPip
  • 85 posts
After working with essexboy earlier to successfully correct my problem on my laptop I thought I would bite the bullet and attempt to get some help with my daughter's laptop. First off this thing is old so I'm sure there isn't a whole lot we can do and I know she uses Limewire which is a great cause of infection but try telling a teenager that they should use it. It's like pulling teeth. I ran the AntiMalware and it came back with no infections but Avira Antivirus is regularly finding 6 that are not ever fixed. Here is the hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:12 PM, on 1/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5292 bytes


Any help is greatly appreciated.
Susan
  • 0

Advertisements

#2
Gravity Gripp
Posted 05 January 2009 - 11:55 AM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
smwifey, Welcome to Geeks-To-Go. My name is GravityGripp and I'll be assisting you with your
issues.

First, when you post logs here, post them directly into the reply. Do not attach them, unless told to do so. Also, do not alter the font, color, or size of these logs. This will help me, help you.

Also, if I have not responded to you in a time period longer than 4 days, please feel free to PM me.

Thanks and I look forward to working with you. :)

STEP ONE

  • First, download OTListIt2 to your desktop.
  • Once it has finished downloading, please double click on the icon.
  • When the window appears, please make the following changes:
    • Click Output: Minimal Ouput
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may close these windows when you have posted the contents of the files.

  • 0

#3
smwifey
Posted 05 January 2009 - 12:15 PM

smwifey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Thanks for your help with this. I do appreciate it.
Here are the logs you requested.

OTListIt logfile created on: 1/5/2009 1:06:53 PM - Run
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Susan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.37 Mb Total Physical Memory | 80.83 Mb Available Physical Memory | 31.65% Memory free
618.16 Mb Paging File | 325.93 Mb Available in Paging File | 52.73% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 22.94 Gb Free Space | 61.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUSAN-LAPTOP
Current User Name: Susan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Company)
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe (Sun Microsystems, Inc.)
C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
C:\Documents and Settings\Susan\Desktop\OTListIt2.exe (OldTimer Tools)

========== (O23) Win32 Services (SafeList) ==========

(aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
(AntiVirScheduler [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
(AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
(Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
(aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
(Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
(iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
(Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
(Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

(ac97intc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
(ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
(avgio [System | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
(avgntflt [On_Demand | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
(avipbb [System | Running]) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
(EL90XBC [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)
(GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
(HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\hpzid412.sys (HP)
(HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
(HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
(MDC8021X [Auto | Running]) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
(Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
(Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(ssmdrv [System | Running]) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
(USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
(wlanCIG [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\wlanCIG.sys ( )

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Virtools WebPlayer Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key does not exist or could not be opened.)
O18 - Protocol\Handler: - cetihpz - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
C:\AUTOEXEC.BAT () -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/01/05 13:05:48 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTListIt2.exe
[2009/01/05 10:40:19 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/01/05 10:39:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/01/05 10:16:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2009/01/05 10:06:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/01/05 10:06:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/01/05 10:06:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/01/05 10:06:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/01/05 10:06:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/01/05 09:58:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/01/04 16:15:53 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\HijackThis.lnk
[2009/01/04 16:15:52 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/04 15:05:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Application Data\Malwarebytes
[2009/01/04 15:05:49 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/04 15:05:48 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/04 15:05:45 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 15:05:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/04 15:05:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/04 13:10:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/01/04 13:10:23 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/01/04 13:10:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Application Data\SUPERAntiSpyware.com
[2008/12/26 17:13:57 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Spybot - Search & Destroy.lnk
[2008/12/26 17:13:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/12/26 17:13:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/12/26 16:48:14 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/12/26 16:48:08 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/12/26 16:48:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/12/26 16:47:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/12/26 14:54:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008/12/26 14:02:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2008/12/26 10:46:42 | 00,001,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2008/12/26 10:45:39 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2008/12/26 10:45:38 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2008/12/26 10:45:38 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2008/12/26 10:45:36 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008/12/26 10:44:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/12/26 10:44:55 | 00,000,000 | ---D | C] -- C:\Program Files\Avira

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/01/05 13:05:42 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTListIt2.exe
[2009/01/05 10:42:53 | 00,383,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/05 10:42:53 | 00,054,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/05 10:42:49 | 00,443,556 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/05 10:41:28 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/01/05 10:40:53 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Susan\My Documents\desktop.ini
[2009/01/05 10:39:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/05 10:39:05 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/05 10:38:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/05 10:38:07 | 00,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/05 10:38:06 | 26,784,5632 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/05 09:57:35 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/01/04 18:12:53 | 00,068,296 | ---- | M] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/04 16:15:54 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\HijackThis.lnk
[2009/01/04 15:05:49 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/29 00:14:26 | 05,553,448 | -H-- | M] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\IconCache.db
[2008/12/28 16:18:22 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/27 20:12:51 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/12/26 17:13:57 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\Spybot - Search & Destroy.lnk
[2008/12/26 16:48:14 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/12/26 15:01:16 | 00,000,506 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/26 15:01:16 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/26 15:01:16 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/12/26 10:46:43 | 00,001,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2008/12/25 22:21:40 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/14 19:48:44 | 00,000,899 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\My Sharing Folders.lnk
[2008/12/12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/09 15:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >


OTListIt Extras logfile created on: 1/5/2009 1:06:53 PM - Run
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Susan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.37 Mb Total Physical Memory | 80.83 Mb Available Physical Memory | 31.65% Memory free
618.16 Mb Paging File | 325.93 Mb Available in Paging File | 52.73% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 22.94 Gb Free Space | 61.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUSAN-LAPTOP
Current User Name: Susan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger File not found
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM File not found
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger File not found
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) File not found
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour
"{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help
"3DGroove" = 3D Groove Playback Engine
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"HijackThis" = HijackThis 2.0.2
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtools3DLifePlayer" = Virtools 3D Life Player
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/14/2008 4:38:15 PM | Computer Name = SUSAN-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application MySpaceIM.exe, version 1.0.754.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/16/2008 4:31:44 PM | Computer Name = SUSAN-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application MySpaceIM.exe, version 1.0.754.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/16/2008 6:56:48 PM | Computer Name = SUSAN-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/20/2008 10:07:52 PM | Computer Name = SUSAN-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application LimeWire.exe, version 1.0.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/23/2008 7:04:41 PM | Computer Name = SUSAN-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application LimeWire.exe, version 1.0.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/25/2008 10:37:36 PM | Computer Name = SUSAN-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/26/2008 2:48:50 PM | Computer Name = SUSAN-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/28/2008 7:02:13 PM | Computer Name = SUSAN-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/28/2008 8:07:53 PM | Computer Name = SUSAN-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application gimp-2.4.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/1/2008 10:44:00 PM | Computer Name = SUSAN-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application LimeWire.exe, version 1.0.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/4/2009 1:10:16 PM | Computer Name = SUSAN-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:10:16 PM | Computer Name = SUSAN-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:10:16 PM | Computer Name = SUSAN-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:10:16 PM | Computer Name = SUSAN-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 5:12:57 PM | Computer Name = SUSAN-LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service
to connect.

Error - 1/4/2009 5:12:57 PM | Computer Name = SUSAN-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%1053

Error - 1/5/2009 10:26:02 AM | Computer Name = SUSAN-LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service
to connect.

Error - 1/5/2009 10:26:02 AM | Computer Name = SUSAN-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%1053

Error - 1/5/2009 11:39:47 AM | Computer Name = SUSAN-LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service
to connect.

Error - 1/5/2009 11:39:47 AM | Computer Name = SUSAN-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%1053


< End of report >
  • 0

#4
Gravity Gripp
Posted 05 January 2009 - 12:19 PM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
I'm not seeing anything that would indicate an infection, but I'd like to go ahead and get a couple of more scans before we say it's clean.

STEP ONE
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

STEP TWO
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

STEP THREE
Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

  • 0

#5
smwifey
Posted 05 January 2009 - 03:54 PM

smwifey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Sorry but that scan took forever to finish.
Here is the Malware log:

Malwarebytes' Anti-Malware 1.32
Database version: 1618
Windows 5.1.2600 Service Pack 3

1/5/2009 2:00:31 PM
mbam-log-2009-01-05 (14-00-31).txt

Scan type: Quick Scan
Objects scanned: 50363
Time elapsed: 8 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And here is the log from the Kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, January 5, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, January 05, 2009 18:22:02
Records in database: 1565157
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 40617
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:50:41


File name / Threat name / Threats count
C:\Documents and Settings\Guest\Local Settings\Application Data\Mozilla\Firefox\Profiles\avsoomew.default\Cache\855F7F21d01 Infected: Trojan-Downloader.JS.Psyme.alw 1
C:\Documents and Settings\Susan\My Documents\LimeWire\Incomplete\T-3515162-counting bodies like sheep - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1

The selected area was scanned.


Thanks again for your help.

Susan
  • 0

#6
Gravity Gripp
Posted 05 January 2009 - 07:38 PM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
STEP ONE
Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

STEP TWO
Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
C:\Documents and Settings\Susan\My Documents\LimeWire\Incomplete\T-3515162-counting bodies like sheep - greatest hits.wma

:commands
[purity]
[emptytemp]
[start explorer]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Edited by Gravity Gripp, 05 January 2009 - 07:39 PM.

  • 0

#7
smwifey
Posted 05 January 2009 - 08:33 PM

smwifey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
========== FILES ==========
C:\Documents and Settings\Susan\My Documents\LimeWire\Incomplete\T-3515162-counting bodies like sheep - greatest hits.wma moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\Arj.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\avlib.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\Avp1.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\AvpMgr.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\btimages.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\CAB.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\dmap.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\dtreg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\FsDrvPlg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\FSSync.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\HashCont.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\HashMD5.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\HCCMP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\ichk2.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\iChkSA.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\Inflate.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\IWGen.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\kave.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\kosglue-7.0.25.0.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\lha.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\L_llio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\mdb.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\MDMAP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\MemModSc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\MemScan.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\minizip.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\MKavIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\msoe.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\nfio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\NTFSstrm.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\prKernel.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\prLoader.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\prseqio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\PrUtil.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\rar.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\ScanningProcess.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\sfdb.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\TempFile.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\thpimpl.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\UniArc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\UnLZX.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\UnStored.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\WDiskIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Susan\LOCALS~1\Temp\hsperfdata_Susan\2824 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_26c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Susan\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-2c072744 scheduled to be deleted on reboot.
Java cache emptied.
File delete failed. C:\Documents and Settings\Susan\Local Settings\Application Data\Mozilla\Firefox\Profiles\du0t3m3u.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Susan\Local Settings\Application Data\Mozilla\Firefox\Profiles\du0t3m3u.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Susan\Local Settings\Application Data\Mozilla\Firefox\Profiles\du0t3m3u.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Susan\Local Settings\Application Data\Mozilla\Firefox\Profiles\du0t3m3u.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01052009_212500

Files moved on Reboot...
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\Arj.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\avlib.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\Avp1.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\AvpMgr.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\btimages.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\CAB.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\dmap.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\dtreg.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\FsDrvPlg.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\FSSync.dll
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\FSSync.dll NOT unregistered.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\FSSync.dll moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\HashCont.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\HashMD5.PPL moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\HCCMP.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\ichk2.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\iChkSA.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\Inflate.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\IWGen.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\kave.dll
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\kave.dll NOT unregistered.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\kave.dll moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\kosglue-7.0.25.0.dll
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\kosglue-7.0.25.0.dll NOT unregistered.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\kosglue-7.0.25.0.dll moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\lha.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\L_llio.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\mdb.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\MDMAP.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\MemModSc.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\MemScan.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\minizip.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\MKavIO.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\msoe.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\nfio.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\NTFSstrm.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\prKernel.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\prLoader.dll
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\prLoader.dll NOT unregistered.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\prLoader.dll moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\prseqio.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\PrUtil.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\rar.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\ScanningProcess.exe moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\sfdb.PPL moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\TempFile.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\thpimpl.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\UniArc.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\UnLZX.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\UnStored.ppl moved successfully.
C:\DOCUME~1\Susan\LOCALS~1\Temp\jkos-Susan\binaries\WDiskIO.ppl moved successfully.
File C:\DOCUME~1\Susan\LOCALS~1\Temp\hsperfdata_Susan\2824 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_26c.dat not found!
C:\Documents and Settings\Susan\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-2c072744 moved successfully.
C:\Documents and Settings\Susan\Local Settings\Application Data\Mozilla\Firefox\Profiles\du0t3m3u.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Susan\Local Settings\Application Data\Mozilla\Firefox\Profiles\du0t3m3u.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Susan\Local Settings\Application Data\Mozilla\Firefox\Profiles\du0t3m3u.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Susan\Local Settings\Application Data\Mozilla\Firefox\Profiles\du0t3m3u.default\Cache\_CACHE_MAP_ moved successfully.
  • 0

#8
Gravity Gripp
Posted 05 January 2009 - 09:01 PM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
STEP ONE
  • Go ahead and run OTList2 again by double clicking on the OTListIt2 icon.
  • When the window appears, please make the following changes:
    • Click Output: Minimal Ouput
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may close these windows when you have posted the contents of the files.

Edited by Gravity Gripp, 05 January 2009 - 09:02 PM.

  • 0

#9
smwifey
Posted 06 January 2009 - 09:59 AM

smwifey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
I did the scan but it only popped up 1 log at the end instead of 2. I am posting that log below

OTListIt logfile created on: 1/6/2009 10:49:25 AM - Run 2
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Susan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.37 Mb Total Physical Memory | 62.57 Mb Available Physical Memory | 24.50% Memory free
620.17 Mb Paging File | 317.37 Mb Available in Paging File | 51.17% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 22.90 Gb Free Space | 61.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUSAN-LAPTOP
Current User Name: Susan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Company)
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation)
C:\Documents and Settings\Susan\Desktop\OTListIt2.exe (OldTimer Tools)

========== (O23) Win32 Services (SafeList) ==========

(aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
(AntiVirScheduler [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
(AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
(Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
(aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
(Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
(iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
(JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
(Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
(Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

(ac97intc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
(ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
(avgio [System | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
(avgntflt [On_Demand | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
(avipbb [System | Running]) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
(EL90XBC [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)
(GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
(HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\hpzid412.sys (HP)
(HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
(HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
(MDC8021X [Auto | Running]) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
(Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
(Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(ssmdrv [System | Running]) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
(USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
(wlanCIG [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\wlanCIG.sys ( )

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Virtools WebPlayer Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key does not exist or could not be opened.)
O18 - Protocol\Handler: - cetihpz - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
C:\AUTOEXEC.BAT () -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/06 10:37:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/01/05 21:25:00 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/01/05 21:23:43 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTMoveIt3.exe
[2009/01/05 13:05:48 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTListIt2.exe
[2009/01/05 10:40:19 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/01/05 10:39:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/01/05 10:06:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/01/05 10:06:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/01/05 10:06:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/01/05 10:06:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/01/05 10:06:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/01/05 09:58:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/01/04 16:15:53 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\HijackThis.lnk
[2009/01/04 16:15:52 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/04 15:05:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Application Data\Malwarebytes
[2009/01/04 15:05:49 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/04 15:05:48 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/04 15:05:45 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 15:05:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/04 15:05:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/04 13:10:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/01/04 13:10:23 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/01/04 13:10:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Application Data\SUPERAntiSpyware.com
[2008/12/26 17:13:57 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Spybot - Search & Destroy.lnk
[2008/12/26 17:13:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/12/26 17:13:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/12/26 16:48:14 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/12/26 16:48:08 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/12/26 16:48:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/12/26 16:47:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/12/26 14:54:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008/12/26 14:02:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2008/12/26 10:46:42 | 00,001,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2008/12/26 10:45:39 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2008/12/26 10:45:38 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2008/12/26 10:45:38 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2008/12/26 10:45:36 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008/12/26 10:44:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/12/26 10:44:55 | 00,000,000 | ---D | C] -- C:\Program Files\Avira

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/06 10:31:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/06 10:31:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/06 10:31:09 | 26,784,5632 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/06 10:31:09 | 00,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/05 21:20:13 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTMoveIt3.exe
[2009/01/05 13:05:42 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTListIt2.exe
[2009/01/05 10:42:53 | 00,383,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/05 10:42:53 | 00,054,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/05 10:42:49 | 00,443,556 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/05 10:41:28 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/01/05 10:40:53 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Susan\My Documents\desktop.ini
[2009/01/05 10:39:05 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/05 09:57:35 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/04 18:12:53 | 00,068,296 | ---- | M] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/04 16:15:54 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\HijackThis.lnk
[2009/01/04 15:05:49 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/29 00:14:26 | 05,553,448 | -H-- | M] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\IconCache.db
[2008/12/28 16:18:22 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/27 20:12:51 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/12/26 17:13:57 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\Spybot - Search & Destroy.lnk
[2008/12/26 16:48:14 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/12/26 15:01:16 | 00,000,506 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/26 15:01:16 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/26 15:01:16 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/12/26 10:46:43 | 00,001,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2008/12/25 22:21:40 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/14 19:48:44 | 00,000,899 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\My Sharing Folders.lnk
[2008/12/12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/09 15:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >
  • 0

#10
Gravity Gripp
Posted 06 January 2009 - 10:06 AM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
Your computer is clean, let's clean up and you're done here :)

STEP ONE - Cleanup
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


STEP TWO - Reset Restore Points
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.


And lastly, just some information for you. The following is a list of articles and tools that I like to recommend to people before they head out.
First, and most importantly is to keep your PC up-to-date with the latest patches from Microsoft. Make sure that you have auto updates turned on also. You will be informed if it is turned on or off when you visit the website below.
Next, I'd like to discuss malware prevention with you. As I said, the first step is to keep Windows up-to-date, but that isn't always enough. You also have to be aware of the sites you visit. Questionable and illegal sites almost always try to infect your machine. Even if you have anti-virus and a firewall, you can still get infected from these sites. It's best to just avoid them all together.

Also, when surfing the web, be careful of popups and do NOT click on a popup. If you get a popup for anti-virus or anti-spyware software, NEVER download it and NEVER buy it, it is nothing more than just more spyware. Also, these are a couple of great programs to help prevent malware infections. Instead of being reactive they are proactive.
While discussing browsing habits, I like to recommend to everyone to use an alternate web browser called Mozilla Firefox. My personal feeling is that Internet Explorer just doesn't fit the bill when coming to security. I have been using Firefox for several years now and have never had issues with it.
Another avenue for malware in recent years has been Peer-To-Peer (P2P) applications, programs like Kazaa, Limewire, and even BitTorrent programs can spread malware. You have to be very weary of what you download from these applications as a lot of time they are infected also. Here is a very good article from Microsoft about the dangers of P2P.
Now, every now and again the Windows operating systems just gets slow and needs to be cleaned up. The follow is an article by Miekiemoes that gives very good information on how to speed up your PC when it's not malware related.
Also, I would just like to thank you for coming by Geeks-To-Go and I'm glad we could lend you a hand. :)
  • 0

#11
smwifey
Posted 06 January 2009 - 12:53 PM

smwifey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
All done. Thanks so much for all of your help.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP