Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.FakeAlert infection! HJT log posted [Solved]

Started by Jim45 , Feb 08 2009 12:32 AM

  • This topic is locked This topic is locked

#1
Jim45
Posted 08 February 2009 - 12:32 AM

Jim45

    Member

  • Member
  • PipPipPip
  • 234 posts
I was on the internet tonight, and out of nowhere, my NOD32 virus alert window popped up, told me it blocked and quarantined some variant of Win32/Kryptik.GENtrojan, or something like that. I wasn't too concerned, because it said it blocked and quarantined it. I went to the quarantine, deleted it, and went about my business. A minute or so later, I got this popup
http://i80.photobuck...c06/spyware.jpg
and yes, I fell for it, and clicked on 'enable protection'.......thought it was a real windows warning(I know, I know), and a few seconds later, my computer shut down and restarted by itself. Then I tried to open a browser window, and it opened some other fake security warning, telling me to click something and continue "safe" browsing(yeah right)so I closed it. Tried clicking one of my desktop links, and same thing. So then I ran MBAM, and it found Trojan.FakeAlert, and I removed it. It had me restart the computer to completely remove it, and then everything seemed fine, but I'm a little concerned that maybe there is more to it than that. I hope it was that simple, but wanted to doublecheck here to be sure. Here is my HiJackThis log, if that helps, and any feedback greatly appreciated! Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:06 PM, on 2/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [realteczs] "C:\Documents and Settings\Jim Lundquist\Application Data\Google\pfysw721318.exe" 2
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093415681217
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative....101/CTSUEng.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative....ClientNoMFC.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?322
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15106/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{866B4473-554A-423C-9CDA-751CB3F3A5D5}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5826 bytes
  • 0

Advertisements

#2
handhfan
Posted 09 February 2009 - 12:28 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Hello, Jim45, and welcome to GeeksToGo!

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

The log for OTListIt2 will be very long and may not fit in one post. Please make sure that it didn't get cut off, and feel free to post the rest of it in a separate reply. :)
  • 0

#3
Jim45
Posted 09 February 2009 - 10:30 PM

Jim45

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 234 posts
Hi handhfan......thanks! and here you go,. Oh, for whatever it's worth, I did do a system restore after this happened to get rid of something else, but I'm assuming that wouldn't matter?Just wanted to let you know.

OTListIt logfile created on: 2/9/2009 8:22:32 PM - Run
OTListIt2 by OldTimer - Version 2.0.0.10 Folder = C:\Documents and Settings\Jim Lundquist\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.30 Mb Total Physical Memory | 471.43 Mb Available Physical Memory | 61.44% Memory free
1.08 Gb Paging File | 0.82 Gb Available in Paging File | 76.06% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 19.33 Gb Free Space | 51.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIM
Current User Name: Jim Lundquist
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.)
PRC - C:\Documents and Settings\Jim Lundquist\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPodService [Disabled | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (MDM [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Symantec Core LC [Disabled | Stopped]) -- File not found
SRV - (usnsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WudfSvc [On_Demand | Stopped]) -- C:\WINDOWS\system32\WudfSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ctljystk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)
DRV - (eamon [Auto | Running]) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (easdrv [System | Running]) -- C:\WINDOWS\system32\drivers\easdrv.sys (ESET)
DRV - (emu10k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (emu10k1 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (epfwtdir [System | Running]) -- C:\WINDOWS\system32\drivers\epfwtdir.sys ()
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (HCF_MSFT [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (kbdhid [System | Running]) -- C:\WINDOWS\system32\drivers\kbdhid.sys (Microsoft Corporation)
DRV - (l8042pr2 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\L8042Pr2.sys (Logitech)
DRV - (LKbdFlt2 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys (Logitech)
DRV - (LMouFlt2 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\LMouFlt2.sys (Logitech)
DRV - (motccgp [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (motccgpfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (MotDev [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (motport [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\motport.sys (Motorola)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (nv4 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nv4.sys (NVIDIA Corporation)
DRV - (OMCI [System | Running]) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)
DRV - (Pcouffin [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
DRV - (pfc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\system32\drivers\pxhelp20.sys (Sonic Solutions)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfman [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (usbsermpt [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation)
DRV - (Wdf01000 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\wdf01000.sys (Microsoft Corporation)
DRV - (WS2IFSL [System | Running]) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [P2kAutostart] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....026/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1093415681217 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative....101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} http://www.creative....ClientNoMFC.cab (Creative Product Registration ActiveX Control Module)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?322 (QDiagHUpdateObj Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{866B4473-554A-423C-9CDA-751CB3F3A5D5}\\NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0792.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0792.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\system32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\system32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\system32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\drivers\*.tmp files]
[2009/02/09 20:20:50 | 00,488,960 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim Lundquist\Desktop\OTListIt2.exe
[2009/02/07 21:13:52 | 00,002,119 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Application Data\awRL2pFxtt.gif
[2009/02/07 21:13:52 | 00,000,607 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Application Data\awRL2pFxnn.gif
[2009/02/07 21:13:52 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Application Data\awRL2pFxyy.gif
[2009/02/04 23:21:24 | 00,123,053 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\My Documents\Howard forums links.jpg
[2009/01/31 18:38:37 | 00,093,791 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\My Documents\DREMEL INFO.jpg
[2009/01/31 13:54:40 | 00,369,152 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\My Documents\Transponder list.xls
[2009/01/31 13:49:41 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/01/28 00:38:51 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/01/27 20:15:58 | 00,000,570 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Desktop\Shortcut to P2kCommander.lnk
[2009/01/27 20:14:46 | 00,000,000 | ---D | C] -- C:\p2kcommander
[2009/01/27 07:19:52 | 00,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/01/26 23:51:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim Lundquist\My Documents\bitpim
[2009/01/26 23:50:37 | 00,000,000 | ---D | C] -- C:\Program Files\BitPim
[2009/01/26 23:12:15 | 00,018,688 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motccgp.sys
[2009/01/26 23:12:15 | 00,008,320 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motccgpfl.sys
[2009/01/26 23:11:28 | 00,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Motorola Software Update.lnk
[2009/01/26 23:11:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2009/01/26 18:30:54 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/01/26 18:30:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/01/26 17:59:04 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motport_01005.Wdf
[2009/01/26 17:58:53 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
[2009/01/26 17:58:51 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01005.Wdf
[2009/01/25 00:26:18 | 00,023,680 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motport.sys
[2009/01/25 00:26:18 | 00,023,680 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys
[2009/01/25 00:26:17 | 00,006,400 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motswch.sys
[2009/01/25 00:26:16 | 00,042,112 | ---- | C] (Motorola Inc) -- C:\WINDOWS\System32\drivers\motodrv.sys
[2009/01/25 00:25:42 | 00,000,000 | ---D | C] -- C:\Program Files\Motorola
[2009/01/24 20:14:30 | 00,000,426 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Desktop\The White House - Blog Post - President Obama delivers Your Weekly Address.url
[2009/01/23 11:11:37 | 00,078,521 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\My Documents\TOSHIBA HD-A2 4.0 firmware info.jpg
[2009/01/22 22:03:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim Lundquist\Application Data\ImgBurn
[2009/01/22 22:02:35 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2009/01/17 12:51:46 | 00,000,375 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Desktop\Amazon.com GE 29869GE2 Digital Answering System with 4 Mailboxes Electronics.url
[2009/01/11 21:34:24 | 00,000,236 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Desktop\OPPO HM-31, Advanced 3x1 HDMI Switch, 1080P and HDMI 1.3 Certified.url
[2009/01/11 18:47:06 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\My Documents\Samsung bulb info.doc

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\drivers\*.tmp files]
[28 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/02/09 20:21:01 | 00,488,960 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim Lundquist\Desktop\OTListIt2.exe
[2009/02/09 18:47:00 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily FY04.job
[2009/02/09 18:10:53 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/02/09 18:08:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/09 18:07:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/09 18:07:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/09 18:07:25 | 80,463,8720 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/07 23:56:14 | 00,000,572 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/07 23:56:14 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/07 21:13:52 | 00,002,119 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\Application Data\awRL2pFxtt.gif
[2009/02/07 21:13:52 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\Application Data\awRL2pFxnn.gif
[2009/02/07 21:13:52 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\Application Data\awRL2pFxyy.gif
[2009/02/05 17:20:25 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\My Documents\J & L Painting Invoice.doc
[2009/02/04 23:21:24 | 00,123,053 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\My Documents\Howard forums links.jpg
[2009/01/31 18:38:37 | 00,093,791 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\My Documents\DREMEL INFO.jpg
[2009/01/31 13:54:42 | 00,369,152 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\My Documents\Transponder list.xls
[2009/01/27 22:15:10 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/27 20:15:58 | 00,000,570 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\Desktop\Shortcut to P2kCommander.lnk
[2009/01/26 23:30:23 | 00,001,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Motorola Software Update.lnk
[2009/01/26 18:33:07 | 00,001,679 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Motorola Phone Tools.lnk
[2009/01/26 18:32:28 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/01/26 18:30:54 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/01/26 17:59:04 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motport_01005.Wdf
[2009/01/26 17:58:53 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
[2009/01/26 17:58:51 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01005.Wdf
[2009/01/24 20:14:31 | 00,000,426 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\Desktop\The White House - Blog Post - President Obama delivers Your Weekly Address.url
[2009/01/23 11:11:37 | 00,078,521 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\My Documents\TOSHIBA HD-A2 4.0 firmware info.jpg
[2009/01/17 12:51:46 | 00,000,375 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\Desktop\Amazon.com GE 29869GE2 Digital Answering System with 4 Mailboxes Electronics.url
[2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/11 21:34:25 | 00,000,236 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\Desktop\OPPO HM-31, Advanced 3x1 HDMI Switch, 1080P and HDMI 1.3 Certified.url
[2009/01/11 18:47:06 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\My Documents\Samsung bulb info.doc

========== LOP Check ==========

[2008/12/10 21:21:10 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/04/22 13:09:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/07/07 23:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2008/10/01 17:35:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/10/01 17:36:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2006/01/05 22:22:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2006/01/05 22:22:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2006/09/05 21:05:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/06/15 21:07:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/12/10 21:21:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2004/08/25 17:45:49 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2005/12/01 18:46:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2008/12/01 19:11:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/30 00:27:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2004/10/27 20:01:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2006/06/30 20:43:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2008/12/02 08:38:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2005/08/17 22:34:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/02/07 21:13:52 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data
[2009/02/08 00:30:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\AccurateRip
[2008/06/10 22:12:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Adobe
[2006/12/17 21:04:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\AdobeUM
[2006/07/30 20:33:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Ahead
[2009/02/08 00:30:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Apple Computer
[2006/06/23 17:48:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Azureus
[2007/01/29 21:02:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Creative
[2005/08/07 22:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\CyberLink
[2007/01/20 22:55:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\FastStone
[2009/02/08 00:21:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Google
[2004/08/25 17:45:50 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\GTek
[2005/01/06 20:37:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Help
[2004/08/24 19:22:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Identities
[2009/01/22 22:03:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\ImgBurn
[2007/02/11 00:34:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\InstallShield
[2004/08/24 20:36:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Macromedia
[2008/12/01 19:11:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Malwarebytes
[2008/08/05 12:39:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Microsoft
[2008/11/26 15:18:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Mozilla
[2004/10/27 20:01:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\MSN6
[2006/08/12 21:35:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Musicmatch
[2006/06/19 19:53:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Nero
[2006/06/11 17:46:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Real
[2004/08/26 13:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Share-to-Web Upload Folder
[2006/07/25 18:37:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\SlySoft
[2005/05/11 23:17:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Sun
[2008/12/02 08:38:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\SUPERAntiSpyware.com
[2009/02/08 00:30:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\uTorrent
[2008/06/12 00:14:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Vso
[2008/09/26 17:56:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Winamp
[2005/05/19 22:21:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\WinPatrol
[2008/09/20 22:24:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\WinRAR
[2001/08/18 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/02/09 18:47:00 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\HP Usg Daily FY04.job
[2009/02/09 18:10:53 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/02/09 18:07:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 3638 bytes -> C:\Documents and Settings\Jim Lundquist\Desktop\OPPO HM-31, Advanced 3x1 HDMI Switch, 1080P and HDMI 1.3 Certified.url:favicon
@Alternate Data Stream - 318 bytes -> C:\Documents and Settings\Jim Lundquist\Desktop\Staples® Gray Terry Manager's Chair at Staples®.url:favicon
@Alternate Data Stream - 318 bytes -> C:\Documents and Settings\Jim Lundquist\Desktop\Staples® Ellston™ Chair, Black Microsuede at Staples® (2).url:favicon
@Alternate Data Stream - 17542 bytes -> C:\Documents and Settings\Jim Lundquist\Desktop\Amazon.com GE 29869GE2 Digital Answering System with 4 Mailboxes Electronics.url:favicon
@Alternate Data Stream - 1406 bytes -> C:\Documents and Settings\Jim Lundquist\Desktop\The White House - Blog Post - President Obama delivers Your Weekly Address.url:favicon
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Jim Lundquist\Desktop\Woot One Day, One Deal (SM).url:favicon
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\System32\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Jim Lundquist\My Documents\Thumbs.db:encryptable
< End of report >


I'll just post the other one in the next reply, just to be safe.

Edited by Jim45, 09 February 2009 - 10:32 PM.

  • 0

#4
Jim45
Posted 09 February 2009 - 10:35 PM

Jim45

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 234 posts
OTListIt Extras logfile created on: 2/9/2009 8:22:32 PM - Run
OTListIt2 by OldTimer - Version 2.0.0.10 Folder = C:\Documents and Settings\Jim Lundquist\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.30 Mb Total Physical Memory | 471.43 Mb Available Physical Memory | 61.44% Memory free
1.08 Gb Paging File | 0.82 Gb Available in Paging File | 76.06% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 19.33 Gb Free Space | 51.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIM
Current User Name: Jim Lundquist
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\system32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\system32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\system32\wscript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\system32\wscript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\system32\wscript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\system32\wscript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\system32\wscript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\system32\wscript.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Computer, Inc.)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 ()
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent File not found
C:\Program Files\DNA\btdna.exe:*:Disabled:DNA File not found
C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu (Motorola)
C:\Program Files\BitPim\bitpimw.exe:*:Enabled:Open Source Mobile Phone Tool (http://www.bitpim.org)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1AEC8F41-4701-415D-9782-F69CFB535463}" = Creative Zen MicroPhoto
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{2A304FDE-F4E3-446D-AA0D-31425C897B71}" = PrintMaster 12
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{4EAE8F8E-0C2E-4814-9A04-635AFB9050AA}" = ESET NOD32 Antivirus
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.50
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{61DE738B-CA77-4B59-B9D3-67226BB7DCE3}" = Motorola Software Update
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7A837109-E671-470D-B489-F1EBE471D220}" = Windows Live Messenger
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}" = iTunes
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B41F81C2-71C5-4848-AFBC-5049FC724584}" = PS8100
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE0FCA1-4E95-11D4-9875-00105ACE7734}" = Logitech User's Guide
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E06C8E13-7A8C-434C-8548-34BC4762212D}" = Logitech Harmony Remote Software 7
"{E2EFF20D-30BF-4907-B1FD-B7EBCED798D6}" = HPHDiscovery
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"CyberScrub Professional 3.0" = CyberScrub Professional 3.0
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DVD Shrink_is1" = DVD Shrink 3.2
"FastStone Capture" = FastStone Capture 5.2
"FLAC" = FLAC Installer 1.1.1a (remove only)
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}" = iTunes
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Metallica Screensaver MA Tour" = Metallica Screensaver MA Tour Screen Saver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MSN Music Assistant" = MSN Music Assistant
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMIX!UninstallKey" = NeroMIX
"NMPUninstallKey" = Nero Media Player
"SBC Yahoo! Connection Manager" = SBC Yahoo! Dial (remove only)
"screensaver" = screensaver
"Shockwave" = Shockwave
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SysInfo" = Creative System Information
"The Print Shop Photo Pro 2.0" = The Print Shop Photo Pro
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/5/2008 7:33:57 PM | Computer Name = JIM | Source = Application Error | ID = 1000
Description = Faulting application showtime.exe, version 2.0.1.9, faulting module
nesplitter.ax, version 3.2.0.30, fault address 0x00005943.

Error - 11/5/2008 7:47:40 PM | Computer Name = JIM | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x000111de.

Error - 11/16/2008 2:02:17 PM | Computer Name = JIM | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 11/19/2008 12:56:26 PM | Computer Name = JIM | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00011629.

Error - 11/19/2008 1:18:36 PM | Computer Name = JIM | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00011f6e.

Error - 11/23/2008 11:44:09 PM | Computer Name = JIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/23/2008 11:44:09 PM | Computer Name = JIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/27/2008 6:11:08 AM | Computer Name = JIM | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80244022, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 2/2/2009 4:58:31 PM | Computer Name = JIM | Source = Application Error | ID = 1000
Description = Faulting application p2kcommander.exe, version 0.0.0.0, faulting module
p2kcommander.exe, version 0.0.0.0, fault address 0x0000667a.

Error - 2/5/2009 1:52:40 PM | Computer Name = JIM | Source = Application Error | ID = 1000
Description = Faulting application p2kcommander.exe, version 0.0.0.0, faulting module
p2kcommander.exe, version 0.0.0.0, fault address 0x0000667a.

[ System Events ]
Error - 2/8/2009 1:59:12 AM | Computer Name = JIM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 2/8/2009 3:51:35 AM | Computer Name = JIM | Source = Service Control Manager | ID = 7000
Description = The NVIDIA NDIS IO Control Driver service failed to start due to the
following error: %%2

Error - 2/8/2009 3:57:32 AM | Computer Name = JIM | Source = Service Control Manager | ID = 7000
Description = The NVIDIA NDIS IO Control Driver service failed to start due to the
following error: %%2

Error - 2/8/2009 4:22:53 AM | Computer Name = JIM | Source = Service Control Manager | ID = 7000
Description = The NVIDIA NDIS IO Control Driver service failed to start due to the
following error: %%2

Error - 2/8/2009 4:32:10 AM | Computer Name = JIM | Source = WinDefend | ID = 2004
Description = %%827 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x8050a001 Error description: The program can't find definition files that
help detect unwanted software. Check for updates to the definition files, and then
try again. For information on installing updates, see Help and Support. Signatures
loading: %%825 Loading signature version: 1.51.124.0 Loading engine version: 1.1.4205.0

Error - 2/8/2009 4:32:17 AM | Computer Name = JIM | Source = Service Control Manager | ID = 7000
Description = The NVIDIA NDIS IO Control Driver service failed to start due to the
following error: %%2

Error - 2/8/2009 4:49:42 AM | Computer Name = JIM | Source = Service Control Manager | ID = 7000
Description = The NVIDIA NDIS IO Control Driver service failed to start due to the
following error: %%2

Error - 2/8/2009 1:05:39 PM | Computer Name = JIM | Source = Service Control Manager | ID = 7000
Description = The NVIDIA NDIS IO Control Driver service failed to start due to the
following error: %%2

Error - 2/9/2009 12:36:16 PM | Computer Name = JIM | Source = Service Control Manager | ID = 7000
Description = The NVIDIA NDIS IO Control Driver service failed to start due to the
following error: %%2

Error - 2/9/2009 10:07:44 PM | Computer Name = JIM | Source = Service Control Manager | ID = 7000
Description = The NVIDIA NDIS IO Control Driver service failed to start due to the
following error: %%2


< End of report >
  • 0

#5
handhfan
Posted 09 February 2009 - 11:10 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE) JRE 6 Update 12.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u12-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u12-windows-i586-p.exe and select "Run as an Administrator.")

Please do an online scan with Kaspersky WebScanner

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply, along with a new HijackThis log.

  • 0

#6
Jim45
Posted 10 February 2009 - 01:43 AM

Jim45

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 234 posts
Here ya go!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, February 9, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, February 10, 2009 05:55:12
Records in database: 1777277
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 49193
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:14:40

No malware has been detected. The scan area is clean.

The selected area was scanned.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:20 PM, on 2/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093415681217
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative....101/CTSUEng.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative....ClientNoMFC.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?322
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15106/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{866B4473-554A-423C-9CDA-751CB3F3A5D5}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5984 bytes
  • 0

#7
handhfan
Posted 10 February 2009 - 01:47 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Your computer looks clean. Are you still having problems with your computer?
  • 0

#8
Jim45
Posted 10 February 2009 - 02:11 AM

Jim45

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 234 posts

Your computer looks clean. Are you still having problems with your computer?

No, not at all. I haven't had any problems since I used MBAM to remove the malware, but I came here to be sure, because it seemed too easy LOL. I figured something had to be hiding! I screwed up originally, because NOD32 popped up a window that said it denied access and quarantined it, but somehow I got some window that looked just like a windows security threat warning, and I clicked on the button that said "enable protection".......like an idiot. Then my computer shut down and restarted by itself. After it booted back up, couldn't open a browser window without getting another warning and something about clicking on something to continue safe browsing. I knew it was bs, so I closed the browser window and ran MBAM, and it found it. The whole restart thing had me worried. Thanks for your help! Feel like I wasted your time, but I wasn't sure if it was completely gone.
  • 0

#9
handhfan
Posted 10 February 2009 - 09:16 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
No problem. There was no time wasting here. :)

Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set. :)

  • Make sure you have an Internet Connection.
  • Download OTCleanIt to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please update Adobe Reader, by downloading and installing Adobe Reader 9.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard gives you realtime protection from spyware.
  • Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed.
  • Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit.

Have a safe and happy computing day!
  • 0

#10
Jim45
Posted 10 February 2009 - 02:21 PM

Jim45

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 234 posts
All done! Thanks for the help!
  • 0

#11
handhfan
Posted 10 February 2009 - 02:25 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP