not sure where i stand... [Solved] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

not sure where i stand... [Solved]

#1 murrayki

  • Group: Member
  • Posts: 10
  • Joined: 12-January 09

Posted 12 January 2009 - 02:33 PM

thanks in advance for your help!!!!!

had a few trojan horses that were repeatedly picked up by AVG antivirus but it would "clean" them and then they'd still be there....

so i followed all of the pre post instructions including the following scans... malwarebytes, superantispyware, avast (after deleting AVG) and then restarted before running hijack this

here is my log, not sure if i am totally clean or not... never really had any noticeable effects from the malware i did have (or maybe still do)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:22:51 PM, on 1/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:87
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.direcwaysupport.com;192.168.0.*;127.0.0.1;<local>;*.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: YPOPs.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Full Java Client 3.1.0.235N - http://205.177.13.50...a/cfsn31235.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4C57C98A-E582-46E4-8FD8-5EBDC94CEA39} - http://www.mindjet.c.../MjMmViewer.cab
O16 - DPF: {8613571C-30D2-4BD4-9710-3DFDBADE8190} (AMI Pictorial Control CWeb 2.1 SPa05) - https://umdpacs.umdn...l/amiviewer.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://umdpacs.umdn...tall/msxml4.cab
O16 - DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} (AMI Pictorial Control CWeb 2.1 SPa06) - https://umdpacs.umdn...l/amiviewer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/Ch...VideoContol.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Filter hijack: text/html - {9158e567-0b85-489f-9ad5-c1c4a1aec2d6} - C:\WINDOWS\system32\mst122.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 10263 bytes

#2 handhfan

  • Group: Malware Removal
  • Posts: 13,659
  • Joined: 15-June 06

Posted 15 January 2009 - 05:16 PM

Hello, murrayki, and welcome to GeeksToGo! :) Sorry for the delay in reply, the forums have been busy.

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


Please note that these logs may be very long, and might get cut off at the end, as there is a character limit on this forum. If the logs get cut off, feel free to post another separate reply with the rest. :)

#3 murrayki

  • Group: Member
  • Posts: 10
  • Joined: 12-January 09

Posted 16 January 2009 - 06:07 PM

OTListIt logfile created on: 1/16/2009 6:59:00 PM - Run
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Kim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 63.84% Memory free
2.11 Gb Paging File | 1.65 Gb Available in Paging File | 78.53% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 8.15 Gb Free Space | 14.58% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 5.61 Gb Free Space | 11.49% Space Free | Partition Type: NTFS
Drive E: | 97.65 Gb Total Space | 26.17 Gb Free Space | 26.80% Space Free | Partition Type: NTFS
Drive F: | 47.85 Gb Total Space | 4.53 Gb Free Space | 9.47% Space Free | Partition Type: NTFS
Drive G: | 39.42 Gb Total Space | 24.55 Gb Free Space | 62.28% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INTERNET
Current User Name: Kim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\Hpqdirec.exe (Hewlett-Packard Co.)
C:\Documents and Settings\Kim\Desktop\OTListIt2.exe (OldTimer Tools)

========== (O23) Win32 Services (SafeList) ==========

(Apple Mobile Device [Disabled | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
(aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
(aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
(avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
(avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
(avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
(clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
(iPod Service [Disabled | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
(JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
(MSSQLSERVER [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
(MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
(NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
(Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
(RoxLiveShare10 [Disabled | Stopped]) -- File not found
(SessionLauncher [Disabled | Stopped]) -- File not found
(SQLSERVERAGENT [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE (Microsoft Corporation)
(usnjsvc [Disabled | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
(WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

(Aavmker4 [System | Running]) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
(aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
(aswMon2 [Auto | Running]) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
(aswRdr [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
(aswSP [System | Running]) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
(aswTdi [System | Running]) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
(Cdr4_xp [System | Running]) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys (Sonic Solutions)
(Cdralw2k [System | Running]) -- C:\WINDOWS\system32\drivers\cdralw2k.sys (Sonic Solutions)
(ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
(E100B [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
(GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
(HCF_MSFT [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)
(HPZid412 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\hpzid412.sys (HP)
(HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
(HPZius12 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
(kbdhid [System | Running]) -- C:\WINDOWS\system32\drivers\kbdhid.sys (Microsoft Corporation)
(nv [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
(OMCI [System | Running]) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)
(ossrv [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
(P17 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
(PD0620VID [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\P0620Vid.sys (Creative Technology Ltd.)
(pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
(PRISM_A02 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\WUSB20XP.sys (GlobespanVirata, Inc.)
(Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
(PxHelp20 [Boot | Running]) -- C:\WINDOWS\system32\drivers\pxhelp20.sys (Sonic Solutions)
(ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
(SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)
(USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
(usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usb8023x.sys (Microsoft Corporation)
(wceusbsh [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\wceusbsh.sys (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = www.direcwaysupport.com;192.168.0.*;127.0.0.1;<local>

O1 HOSTS File: (850 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.jizzonline.com
O1 - Hosts: 127.0.0.1 www.xnxxmovies.com
O1 - Hosts: 127.0.0.1 iwant18.com
O1 - Hosts: 127.0.0.1 www.sexhungryjoes.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKCU..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: (msn in My Computer)
O15 - HKCU\..Trusted Sites: objects.aol.com (* is out of zone range - 5)
O15 - HKCU\..Trusted Sites: 73 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4C57C98A-E582-46E4-8FD8-5EBDC94CEA39} http://www.mindjet.c.../MjMmViewer.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {8613571C-30D2-4BD4-9710-3DFDBADE8190} https://umdpacs.umdn...l/amiviewer.cab (AMI Pictorial Control CWeb 2.1 SPa05)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} https://umdpacs.umdn...tall/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} https://umdpacs.umdn...l/amiviewer.cab (AMI Pictorial Control CWeb 2.1 SPa06)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMesse...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} http://imlive.com/Ch...VideoContol.cab (Eyeball Video Session Control)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec....ta/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab (ActiveDataObj Class)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/bin/msnchat45.cab (MSN Chat Control 4.5)
O16 - DPF: ChatSpace Full Java Client 3.1.0.235N http://205.177.13.50...a/cfsn31235.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key does not exist or could not be opened.)
O18 - Protocol\Handler: - about - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - cdl - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - cdo - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - dvd - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - file - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ftp - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - gopher - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - http\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - https\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - javascript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - livecall - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler: - local - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mailto - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mhtml - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mk - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - res - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - sysimage - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - tv - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - vbscript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - wia - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9}C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9}C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153}C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5}C:\WINDOWS\system32\wpdshserviceobj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Browseui preloader) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Component Categories cache daemon) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = Explorer.exe
>C:\WINDOWS\explorer.exe (Microsoft Corporation)

"UserInit" = C:\WINDOWS\system32\userinit.exe,
>C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

"UIHost" = logonui.exe
>C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)

"VMApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl"
>C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
>C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)


========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
crypt32chain: "DllName" = crypt32.dll -- C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
cryptnet: "DllName" = cryptnet.dll -- C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
cscdll: "DllName" = cscdll.dll -- C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
dimsntfy: "DllName" = %SystemRoot%\System32\dimsntfy.dll -- C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
ScCertProp: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Schedule: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
sclgntfy: "DllName" = sclgntfy.dll -- C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
SensLogn: "DllName" = WlNotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
termsrv: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
wlballoon: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\system32\ntsd.exe (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders" = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
>C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
>C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
>C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,
>C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages" = kerberos,msv1_0,schannel,wdigest,
>C:\WINDOWS\system32\kerberos.dll (Microsoft Corporation)
>C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)
>C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
>C:\WINDOWS\system32\wdigest.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
C:\AUTOEXEC.BAT () -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/01/16 11:25:35 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kim\Desktop\OTListIt2.exe
[2009/01/15 19:10:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Desktop\Endoscopic Access to ITF
[2009/01/15 17:53:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Desktop\Lothrop Procedure
[2009/01/15 15:49:31 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Kim\Desktop\pulled.doc
[2009/01/15 13:02:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Desktop\Mucinous Carcinoma
[2009/01/13 08:14:13 | 00,042,266 | ---- | C] () -- C:\Documents and Settings\Kim\Desktop\me4.jpg
[2009/01/13 08:13:01 | 00,039,971 | ---- | C] () -- C:\Documents and Settings\Kim\Desktop\me3.jpg
[2009/01/13 08:10:07 | 00,027,668 | ---- | C] () -- C:\Documents and Settings\Kim\Desktop\me2.jpg
[2009/01/13 08:09:24 | 00,043,645 | ---- | C] () -- C:\Documents and Settings\Kim\Desktop\me1.jpg
[2009/01/12 11:00:12 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2009/01/12 10:42:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/12 10:42:49 | 00,000,695 | ---- | C] () -- C:\Documents and Settings\Kim\Desktop\SpywareBlaster.lnk
[2009/01/12 10:42:46 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/01/12 10:41:23 | 00,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2009/01/12 10:13:44 | 00,180,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kim\Desktop\OTCleanIt.exe
[2009/01/12 09:29:46 | 00,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/01/12 09:29:45 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/01/12 09:29:44 | 00,050,864 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/01/12 09:29:43 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/01/12 09:29:40 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/01/12 09:29:38 | 00,111,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/01/12 09:29:38 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/01/12 09:29:38 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/01/12 09:29:38 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/01/12 09:29:12 | 01,236,208 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/01/12 09:29:12 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/01/12 09:29:09 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/01/12 09:14:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg8
[2009/01/12 09:09:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/01/12 09:09:20 | 00,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/01/12 09:09:17 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/01/12 09:09:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Application Data\SUPERAntiSpyware.com
[2009/01/12 09:06:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/01/12 06:46:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Application Data\Malwarebytes
[2009/01/12 06:45:59 | 00,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/12 06:45:58 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/12 06:45:56 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/12 06:45:55 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/12 06:45:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/12 06:40:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/12 06:39:02 | 00,000,616 | ---- | C] () -- C:\Documents and Settings\Kim\Desktop\NTREGOPT.lnk
[2009/01/12 06:39:02 | 00,000,597 | ---- | C] () -- C:\Documents and Settings\Kim\Desktop\ERUNT.lnk
[2009/01/12 06:38:58 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/01/12 06:37:50 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Kim\Desktop\SysRestorePoint.exe
[2009/01/10 12:45:02 | 00,001,739 | ---- | C] () -- C:\Documents and Settings\Kim\Desktop\HijackThis.lnk
[2009/01/10 12:44:58 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/09 11:09:53 | 00,000,000 | ---D | C] -- C:\Program Files\YPOPs
[2009/01/08 13:51:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Application Data\BookmarkBridge
[2009/01/05 06:05:32 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/01/05 06:04:30 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/01/05 06:04:21 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/01/05 06:04:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/01/01 22:10:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Desktop\NYE 2009
[2009/01/01 22:08:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Desktop\Atlantic City 2008
[2009/01/01 09:11:57 | 02,205,067 | ---- | C] () -- C:\Documents and Settings\Kim\Desktop\2008 110.jpg

========== Files - Modified Within 30 Days ==========

[10 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/16 18:33:27 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/01/16 12:13:44 | 00,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2009/01/16 11:25:36 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kim\Desktop\OTListIt2.exe
[2009/01/15 20:33:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/01/15 15:55:20 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Kim\Desktop\pulled.doc
[2009/01/15 14:59:39 | 00,681,472 | -HS- | M] () -- C:\Documents and Settings\Kim\Desktop\Thumbs.db
[2009/01/14 14:38:56 | 00,000,776 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/14 14:38:56 | 00,000,272 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/14 14:38:56 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/01/14 14:37:14 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/14 14:15:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/14 14:15:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/14 14:15:16 | 16,096,37888 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/13 11:57:39 | 00,104,448 | ---- | M] () -- C:\Documents and Settings\Kim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/13 08:13:01 | 00,039,971 | ---- | M] () -- C:\Documents and Settings\Kim\Desktop\me3.jpg
[2009/01/13 08:10:07 | 00,027,668 | ---- | M] () -- C:\Documents and Settings\Kim\Desktop\me2.jpg
[2009/01/13 08:09:24 | 00,043,645 | ---- | M] () -- C:\Documents and Settings\Kim\Desktop\me1.jpg
[2009/01/13 08:05:02 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/12 15:55:02 | 00,688,604 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/12 15:55:02 | 00,552,488 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/12 15:55:02 | 00,123,390 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/12 10:42:49 | 00,000,695 | ---- | M] () -- C:\Documents and Settings\Kim\Desktop\SpywareBlaster.lnk
[2009/01/12 10:13:50 | 00,180,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kim\Desktop\OTCleanIt.exe
[2009/01/12 09:29:46 | 00,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/01/12 09:09:20 | 00,000,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/01/12 06:45:59 | 00,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/12 06:39:02 | 00,000,616 | ---- | M] () -- C:\Documents and Settings\Kim\Desktop\NTREGOPT.lnk
[2009/01/12 06:39:02 | 00,000,597 | ---- | M] () -- C:\Documents and Settings\Kim\Desktop\ERUNT.lnk
[2009/01/10 12:45:02 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\Kim\Desktop\HijackThis.lnk
[2009/01/10 12:40:04 | 00,000,544 | ---- | M] () -- C:\Documents and Settings\Kim\My Documents\My Sharing Folders.lnk
[2009/01/09 20:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/06 03:29:15 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/01 22:14:08 | 02,205,067 | ---- | M] () -- C:\Documents and Settings\Kim\Desktop\2008 110.jpg
[2008/12/30 00:41:20 | 00,000,287 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/18 21:01:19 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== LOP Check ==========

[2009/01/12 10:42:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/05 06:05:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/08/27 20:36:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/02/02 01:38:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/01/01 19:12:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2008/08/18 23:41:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/02/18 00:49:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2007/06/03 03:39:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2007/07/04 16:45:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2006/12/30 14:24:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/01/12 09:14:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg8
[2006/03/06 20:16:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/01/06 12:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2004/10/24 19:40:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ipswitch
[2009/01/12 06:45:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2006/02/15 22:11:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2005/03/26 18:15:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2004/11/20 18:33:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/10/06 23:35:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2005/06/20 22:18:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2008/08/19 01:20:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2008/01/06 12:54:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/01/06 12:51:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/01/12 09:17:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/01/12 09:09:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2005/11/21 23:27:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/01/12 15:08:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/12 06:05:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/07/29 21:20:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/09/26 22:48:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/01/12 09:09:17 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Kim\Application Data
[2005/10/18 19:00:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\.gaim
[2008/08/27 20:39:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\acccore
[2007/12/13 00:03:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Adobe
[2008/05/21 06:16:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\AdobeUM
[2005/10/26 18:04:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Ahead
[2007/05/24 01:25:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Aim
[2009/01/08 13:43:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Apple Computer
[2008/05/24 10:56:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\BitTorrent
[2009/01/08 13:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\BookmarkBridge
[2007/01/26 20:03:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Creative
[2005/10/07 13:00:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\CyberLink
[2007/02/08 23:03:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Digitope
[2007/12/30 21:50:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\DivX
[2008/01/01 19:04:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\DVD Flick
[2007/12/25 14:09:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Facebook
[2007/10/07 20:11:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\FileZilla
[2007/07/15 21:42:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Grisoft
[2005/10/10 15:39:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Help
[2005/02/15 23:07:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Hewlett-Packard
[2004/10/24 19:00:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Identities
[2007/12/30 14:39:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\ImgBurn
[2004/10/24 19:40:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Ipswitch
[2009/01/05 04:34:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Lavasoft
[2005/10/11 10:31:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Leadertech
[2004/10/30 19:44:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Macromedia
[2009/01/12 06:46:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Malwarebytes
[2009/01/05 05:31:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Kim\Application Data\Microsoft
[2007/02/24 20:33:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Mobipocket
[2008/09/01 09:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Mozilla
[2005/03/26 18:15:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\MSN6
[2007/02/22 21:16:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\MySpace
[2007/11/11 23:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\NPresenter
[2005/10/15 13:47:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Publish Providers
[2005/08/06 11:38:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Real
[2008/01/06 13:20:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Roxio
[2005/10/15 13:47:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Sony
[2008/01/07 21:04:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Sony Corporation
[2008/01/15 18:56:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Sony Setup
[2007/10/06 23:42:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Steinberg
[2005/08/08 18:24:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Sun
[2009/01/12 09:09:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\SUPERAntiSpyware.com
[2005/10/10 19:42:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Symantec
[2005/10/26 17:50:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Syntrillium
[2007/04/05 16:22:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Walgreens
[2008/01/06 11:59:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\WinRAR
[2008/09/26 22:48:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Kim\Application Data\yahoo!
[2007/09/10 23:08:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Yahoo! Messenger
[2009/01/15 20:33:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/08/29 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2005/04/26 04:44:36 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1098664698.job
[2009/01/14 14:15:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
< End of report >

#4 murrayki

  • Group: Member
  • Posts: 10
  • Joined: 12-January 09

Posted 16 January 2009 - 06:08 PM

OTListIt Extras logfile created on: 1/16/2009 6:59:00 PM - Run
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Kim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 63.84% Memory free
2.11 Gb Paging File | 1.65 Gb Available in Paging File | 78.53% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 8.15 Gb Free Space | 14.58% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 5.61 Gb Free Space | 11.49% Space Free | Partition Type: NTFS
Drive E: | 97.65 Gb Total Space | 26.17 Gb Free Space | 26.80% Space Free | Partition Type: NTFS
Drive F: | 47.85 Gb Total Space | 4.53 Gb Free Space | 9.47% Space Free | Partition Type: NTFS
Drive G: | 39.42 Gb Total Space | 24.55 Gb Free Space | 62.28% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INTERNET
Current User Name: Kim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger File not found
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module (Yahoo! Inc.)
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger File not found
C:\Program Files\Ares\Ares.exe:*:Enabled:Ares File not found
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console (Microsoft Corporation)
C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ ()
C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek ()
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice (Microsoft Corporation)
C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing (Microsoft Corporation)
C:\Program Files\NetMeeting\conf.exe:*:Enabled:WindowsŪ NetMeetingŪ (Microsoft Corporation)
C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA File not found
C:\Documents and Settings\Kim\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook ()
C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{12BB7942-1E1F-43D9-B441-4668C1629425}" = hp officejet 6100 series
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel® Network Connections 13.0.42.0
"{25A47244-91B7-4599-A340-B30D59E5C64E}" = Success
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{55BC7EFA-D832-4EE3-9DEA-49B0C07539D9}" =
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81463B08-A929-4125-A5F4-1B053AC35A09}" = Microsoft IntelliType Pro 5.0
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{AB46C238-3554-4D79-AB06-C393F87FF202}" = Windows Mobile Daylight Saving Time 2007 Updates
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DCDC8E79-4600-4C02-9824-CD3BB8971D4E}" =
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_6" = AIM 6
"avast!" = avast! Antivirus
"Creative PD0620" = Creative WebCam Instant Driver (1.03.02.0425)
"Creative WebCam Center" = Creative WebCam Center
"DC++" = DC++ 0.698
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"HijackThis" = HijackThis 2.0.2
"HP OfficeJet 6100 Series" = HP Photo and Imaging 2.0 - hp officejet 6100 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"RealPlayer 6.0" = RealPlayer
"Soulseek" = SoulSeek Client 156c
"Soulseek2" = SoulSeek 157 NS 12d
"SpywareBlaster_is1" = SpywareBlaster 4.1
"SuperBook Poker" = SuperBook Poker
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"YPOPs_is1" = YPOPs! 0.9.5.14

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Usmleworld Step3 QBank" = Usmleworld Step3 QBank

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/12/2009 10:08:16 AM | Computer Name = INTERNET | Source = MsiInstaller | ID = 11500
Description = Product: SUPERAntiSpyware Free Edition -- Error 1500. Another installation
is in progress. You must complete that installation before continuing this one.

Error - 1/12/2009 10:08:17 AM | Computer Name = INTERNET | Source = MsiInstaller | ID = 11500
Description = Product: SUPERAntiSpyware Free Edition -- Error 1500. Another installation
is in progress. You must complete that installation before continuing this one.

Error - 1/12/2009 10:08:19 AM | Computer Name = INTERNET | Source = MsiInstaller | ID = 11500
Description = Product: SUPERAntiSpyware Free Edition -- Error 1500. Another installation
is in progress. You must complete that installation before continuing this one.

Error - 1/12/2009 10:09:04 AM | Computer Name = INTERNET | Source = MsiInstaller | ID = 11500
Description = Product: SUPERAntiSpyware Free Edition -- Error 1500. Another installation
is in progress. You must complete that installation before continuing this one.

Error - 1/12/2009 11:49:53 AM | Computer Name = INTERNET | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 1/12/2009 11:52:10 AM | Computer Name = INTERNET | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 1/12/2009 11:57:53 AM | Computer Name = INTERNET | Source = Application Error | ID = 1000
Description = Faulting application hpoevm08.exe, version 4.2.0.169, faulting module
ole32.dll, version 5.1.2600.5512, fault address 0x0002cdbd.

Error - 1/12/2009 2:20:08 PM | Computer Name = INTERNET | Source = Application Error | ID = 1000
Description = Faulting application hpoevm08.exe, version 4.2.0.169, faulting module
ole32.dll, version 5.1.2600.5512, fault address 0x0002cdbd.

Error - 1/12/2009 2:25:17 PM | Computer Name = INTERNET | Source = Application Hang | ID = 1002
Description = Hanging application dellix.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/12/2009 2:45:16 PM | Computer Name = INTERNET | Source = Application Hang | ID = 1002
Description = Hanging application SbPFCl.exe, version 4.6.1861.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/12/2009 2:00:12 PM | Computer Name = INTERNET | Source = Service Control Manager | ID = 7000
Description = The Sunbelt Personal Firewall 4 service failed to start due to the
following error: %%1053

Error - 1/12/2009 2:00:12 PM | Computer Name = INTERNET | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 1/12/2009 4:20:31 PM | Computer Name = INTERNET | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 1/13/2009 11:35:36 AM | Computer Name = INTERNET | Source = TermDD | ID = 655410
Description = The RDP protocol component X.224 detected an error in the protocol
stream and has disconnected the client.

Error - 1/13/2009 11:55:49 AM | Computer Name = INTERNET | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 1/13/2009 11:56:00 AM | Computer Name = INTERNET | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 1/13/2009 11:56:10 AM | Computer Name = INTERNET | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 1/13/2009 11:56:21 AM | Computer Name = INTERNET | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 1/15/2009 12:47:41 AM | Computer Name = INTERNET | Source = TermDD | ID = 655410
Description = The RDP protocol component X.224 detected an error in the protocol
stream and has disconnected the client.

Error - 1/15/2009 12:47:54 AM | Computer Name = INTERNET | Source = TermDD | ID = 655410
Description = The RDP protocol component X.224 detected an error in the protocol
stream and has disconnected the client.


< End of report >

#5 handhfan

  • Group: Malware Removal
  • Posts: 13,659
  • Joined: 15-June 06

Posted 16 January 2009 - 09:23 PM

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Files
C:\Documents and Settings\All Users\Application Data\Viewpoint

:Commands
[empty temp]
[start explorer]
[Reboot]


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please do an online scan with Kaspersky WebScanner

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply, along with the OTMoveIt3 log, and a new HijackThis log.

#6 murrayki

  • Group: Member
  • Posts: 10
  • Joined: 12-January 09

Posted 17 January 2009 - 03:17 PM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint moved successfully.
========== COMMANDS ==========
Error: Unable to interpret <[empty temp]> in the current context!
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01172009_161217

#7 murrayki

  • Group: Member
  • Posts: 10
  • Joined: 12-January 09

Posted 17 January 2009 - 05:56 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 17, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 17, 2009 20:24:08
Records in database: 1638358
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Y:\
Z:\

Scan statistics:
Files scanned: 89940
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:04:59

No malware has been detected. The scan area is clean.

The selected area was scanned.


INTERESTING but not sure if its related, about halfway thru i got a program error/shut down message for the file "program scanner.exe". It didnt seem to affect the scan and I'm not sure the significance of that but I had never seen that file before.

#8 murrayki

  • Group: Member
  • Posts: 10
  • Joined: 12-January 09

Posted 17 January 2009 - 05:58 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:46 PM, on 1/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:87
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.direcwaysupport.com;192.168.0.*;127.0.0.1;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Full Java Client 3.1.0.235N - http://205.177.13.50...a/cfsn31235.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4C57C98A-E582-46E4-8FD8-5EBDC94CEA39} - http://www.mindjet.c.../MjMmViewer.cab
O16 - DPF: {8613571C-30D2-4BD4-9710-3DFDBADE8190} (AMI Pictorial Control CWeb 2.1 SPa05) - https://umdpacs.umdn...l/amiviewer.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://umdpacs.umdn...tall/msxml4.cab
O16 - DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} (AMI Pictorial Control CWeb 2.1 SPa06) - https://umdpacs.umdn...l/amiviewer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/Ch...VideoContol.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Filter hijack: text/html - {9158e567-0b85-489f-9ad5-c1c4a1aec2d6} - C:\WINDOWS\system32\mst122.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 6635 bytes

#9 handhfan

  • Group: Malware Removal
  • Posts: 13,659
  • Joined: 15-June 06

Posted 17 January 2009 - 09:39 PM

That error should be fine.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O18 - Filter hijack: text/html - {9158e567-0b85-489f-9ad5-c1c4a1aec2d6} - C:\WINDOWS\system32\mst122.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Files
C:\WINDOWS\system32\mst122.dll

:Commands
[emptytemp]
[start explorer]
[Reboot]


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post, along with a new HijackThis log.

#10 murrayki

  • Group: Member
  • Posts: 10
  • Joined: 12-January 09

Posted 18 January 2009 - 09:37 PM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\mst122.dll not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_240.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_280.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5b4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01182009_200110

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_240.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_280.dat not found!
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_5b4.dat scheduled to be moved on reboot.

#11 murrayki

  • Group: Member
  • Posts: 10
  • Joined: 12-January 09

Posted 18 January 2009 - 09:38 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:03 PM, on 1/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:87
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.direcwaysupport.com;192.168.0.*;127.0.0.1;<local>
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Full Java Client 3.1.0.235N - http://205.177.13.50...a/cfsn31235.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4C57C98A-E582-46E4-8FD8-5EBDC94CEA39} - http://www.mindjet.c.../MjMmViewer.cab
O16 - DPF: {8613571C-30D2-4BD4-9710-3DFDBADE8190} (AMI Pictorial Control CWeb 2.1 SPa05) - https://umdpacs.umdn...l/amiviewer.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://umdpacs.umdn...tall/msxml4.cab
O16 - DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} (AMI Pictorial Control CWeb 2.1 SPa06) - https://umdpacs.umdn...l/amiviewer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/Ch...VideoContol.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Filter hijack: text/html - {9158e567-0b85-489f-9ad5-c1c4a1aec2d6} - C:\WINDOWS\system32\mst122.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 6640 bytes

#12 handhfan

  • Group: Malware Removal
  • Posts: 13,659
  • Joined: 15-June 06

Posted 18 January 2009 - 09:41 PM

Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set. :)

  • Make sure you have an Internet Connection.
  • Download OTCleanIt to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


Please update Adobe Reader, by downloading and installing Adobe Reader 9.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
    1. Turn off System Restore.
      On the Desktop, right-click My Computer.
      Click Properties.
      Click the System Restore tab.
      Check Turn off System Restore.
      Click Apply, and then click OK.


    2. Restart your computer.

    3. Turn ON System Restore.
      On the Desktop, right-click My Computer.
      Click Properties.
      Click the System Restore tab.
      UN-Check Turn off System Restore.
      Click Apply, and then click OK.


System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard gives you realtime protection from spyware.
  • Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed.
  • Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.


To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

#13 murrayki

  • Group: Member
  • Posts: 10
  • Joined: 12-January 09

Posted 21 January 2009 - 05:30 PM

thank you thank you thank you!
appreciate your time and efforts greatly!!!!!!!
kim

#14 handhfan

  • Group: Malware Removal
  • Posts: 13,659
  • Joined: 15-June 06

Posted 21 January 2009 - 09:08 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Share this topic:


Page 1 of 1