Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Start up error RUNDLL: Error loading ...\Protect.dll [Solved]

Started by akabrek , Apr 28 2009 04:44 PM

  • This topic is locked This topic is locked

#1
akabrek
Posted 28 April 2009 - 04:44 PM

akabrek

    New Member

  • Member
  • Pip
  • 6 posts
Greetings and thanks for a great site.

today I picked up some form of malware. The most tell tale was the background screen on the computer became a blue screen with red green yellow squares and rectangles. I went through the steps outlined in the malware removal guide and things seem more or less back to normal.

The only noticable problem I seem to be having is during start up (once most icons load on the desktop) I get a box and an error.

The error:
-----------------------------------------------------------------
RUNDLL

Error Loading

C:\docume~\Tracy\Protect.dll

The specified module could not be found

-------------------------------------------------------------------


I am also showing two translucent Icons on the desk top.... desktop.ini and thumbs.db

Basically trying to solve the last few things listed above and have a more expert eye look at th e log files and see if I should remove other stuff too.

thanks


These are the Scan Log files:

Rooter Scan:

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:73171 Mo/Free:3718 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Tue 04/28/2009|17:13

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Windows Defender\MsMpEng.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\brsvc01a.exe
---------- C:\WINDOWS\system32\brss01a.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
---------- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
---------- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
---------- C:\Program Files\Dell\Media Experience\PCMService.exe
---------- C:\WINDOWS\system32\dla\tfswctrl.exe
---------- C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
---------- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
---------- C:\Program Files\Common Files\Dell\EUSW\Support.exe
---------- C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\QuickTime\qttask.exe
---------- c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\WINDOWS\system32\igfxpers.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
---------- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
---------- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
---------- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Tue 04/28/2009|17:15

----------------------\\ Scan completed at 17:15


--------------------------------------------------------------------------------------------


OTLisit Scan



OTListIt logfile created on: 4/28/2009 5:22:03 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Tracy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 124.51 Mb Available Physical Memory | 24.41% Memory free
1.22 Gb Paging File | 0.89 Gb Available in Paging File | 72.86% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 47.63 Gb Free Space | 66.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TALLENHOME
Current User Name: Tracy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\system32\brss01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
PRC - C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe (TODO: <Company name>)
PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
PRC - C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe ( )
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe ()
PRC - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe ()
PRC - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe ()
PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Tracy\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Belkin Wireless USB Network Adapter Service [Auto | Running]) -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe ()
SRV - (Brother XP spl Service [Auto | Running]) -- C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPodService [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (navapsvc [Auto | Stopped]) -- File not found
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (Norton AntiVirus Server [Auto | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (SymWSC [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ati2mtag [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (Eacfilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\eacfilt.sys (Nortel Networks)
DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (i81x [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys (Intel® Corporation)
DRV - (iAimFP3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimFP4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimTV0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys (Intel® Corporation)
DRV - (iAimTV1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys (Intel® Corporation)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntelC51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC52 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC53 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (IPSECEXT [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (IPSECSHM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mohfilt [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (MxlW2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (NAVAP [On_Demand | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys (Symantec Corporation)
DRV - (NAVAPEL [Auto | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS (Symantec Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090428.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090428.003\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RT73 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rt73.sys (Ralink Technology, Corp.)
DRV - (SbcpHid [System | Running]) -- C:\WINDOWS\system32\Drivers\SbcpHid.sys ()
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (292771 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 10107 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc.)
O4 - HKLM..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe (TODO: <Company name>)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [autochk] rundll32.exe C:\DOCUME~1\Tracy\protect.dll,_IWMPEvents@16 File not found
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://download.yaho...s/yinst0401.cab (YInstStarter Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1240947212468 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (cspzh.exe) - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21 - SSODL: tdomgafw - {F5D5E7D6-5247-496E-A53F-E08AE715CD69} - C:\WINDOWS\tdomgafw.dll File not found
O21 - SSODL: wetkadmr - {6CD51029-0465-4438-B38E-BA967D674894} - C:\WINDOWS\wetkadmr.dll File not found
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/04/28 17:19:31 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tracy\Desktop\OTListIt2.exe
[2009/04/28 17:13:31 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/28 17:05:07 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Tracy\Desktop\Rooter.exe
[2009/04/28 16:04:49 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/04/28 16:04:49 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/04/28 15:53:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/04/28 15:51:58 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/04/28 15:49:15 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/04/28 15:44:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/04/28 15:01:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tracy\Application Data\Malwarebytes
[2009/04/28 15:00:55 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/28 15:00:55 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/28 15:00:52 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/28 15:00:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/28 15:00:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/28 14:59:40 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tracy\Desktop\mbam-setup.exe
[2009/04/28 14:54:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/28 14:53:45 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Tracy\Desktop\NTREGOPT.lnk
[2009/04/28 14:53:45 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Tracy\Desktop\ERUNT.lnk
[2009/04/28 14:53:43 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/28 14:53:14 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Tracy\Desktop\erunt_setup.exe
[2009/04/28 14:48:40 | 00,007,180 | ---- | C] () -- C:\Documents and Settings\Tracy\Desktop\SysRestorePoint_v12.zip
[2009/04/28 14:42:46 | 00,047,078 | ---- | C] () -- C:\Documents and Settings\Tracy\Desktop\ATF-Cleaner.zip
[2009/04/28 13:24:50 | 53,482,7008 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/28 12:36:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tracy\Desktop\New Folder
[2009/04/28 11:21:43 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2009/04/28 11:21:43 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2009/04/28 11:21:21 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/04/28 11:21:21 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2009/04/28 09:46:16 | 00,000,109 | -HS- | C] () -- C:\WINDOWS\System32\2691305272.dat
[2009/04/22 20:04:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tracy\My Documents\wanakee logo
[2009/04/15 02:32:20 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 02:32:20 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 02:32:20 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/15 02:32:19 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 02:32:19 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 02:32:19 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 02:32:18 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 02:31:38 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 02:31:37 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 02:31:36 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/11 16:51:45 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/04/11 16:51:45 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/05/16 03:01:21 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/02/25 13:25:03 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
[2007/02/25 13:25:01 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/06/25 16:03:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\BROWNIE.INI
[2006/06/25 16:03:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/06/25 16:03:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\briwm04a.ini
[2006/06/25 16:02:48 | 00,000,459 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/06/25 16:02:48 | 00,000,012 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/06/25 16:02:46 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/05/02 23:42:31 | 00,626,688 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2006/04/02 18:09:56 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/04 10:38:43 | 00,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[2006/02/04 10:38:39 | 00,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2006/01/30 03:20:44 | 00,000,026 | ---- | C] () -- C:\WINDOWS\UpdaterDVW58E.INI
[2006/01/04 03:46:51 | 00,000,308 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/03/20 01:07:21 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/12/30 02:40:33 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/11/22 05:22:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/07/22 03:28:15 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/07/22 03:16:48 | 00,000,677 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/07/22 03:03:54 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/22 03:03:39 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/22 02:48:58 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/05/11 11:02:24 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/26 17:59:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/09/03 09:59:58 | 00,000,613 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 09:50:58 | 00,000,231 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/08/29 06:00:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\rpcrt3.dll
[2002/07/30 12:33:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/08/23 15:00:00 | 00,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1980/01/01 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/28 17:19:36 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tracy\Desktop\OTListIt2.exe
[2009/04/28 17:19:22 | 00,000,364 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/04/28 17:05:28 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/28 17:05:28 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/04/28 17:05:28 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/04/28 17:05:09 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Tracy\Desktop\Rooter.exe
[2009/04/28 17:03:54 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/28 17:00:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/28 17:00:47 | 53,482,7008 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/28 17:00:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/04/28 16:29:30 | 00,000,012 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2009/04/28 15:55:42 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Tracy\My Documents\DESKTOP.INI
[2009/04/28 15:53:12 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/28 15:43:07 | 00,000,613 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/04/28 15:37:11 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/04/28 15:24:26 | 04,315,336 | -H-- | M] () -- C:\Documents and Settings\Tracy\Local Settings\Application Data\IconCache.db
[2009/04/28 15:00:55 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/28 14:59:40 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tracy\Desktop\mbam-setup.exe
[2009/04/28 14:53:45 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Tracy\Desktop\NTREGOPT.lnk
[2009/04/28 14:53:45 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Tracy\Desktop\ERUNT.lnk
[2009/04/28 14:53:16 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Tracy\Desktop\erunt_setup.exe
[2009/04/28 14:48:40 | 00,007,180 | ---- | M] () -- C:\Documents and Settings\Tracy\Desktop\SysRestorePoint_v12.zip
[2009/04/28 14:42:47 | 00,047,078 | ---- | M] () -- C:\Documents and Settings\Tracy\Desktop\ATF-Cleaner.zip
[2009/04/28 13:17:36 | 00,003,570 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/04/28 12:19:32 | 00,000,677 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/04/28 09:49:46 | 00,000,109 | -HS- | M] () -- C:\WINDOWS\System32\2691305272.dat
[2009/04/11 16:53:23 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/11 16:51:45 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/11 16:51:45 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >
-----------------------------------------------------------------


OTListIt Extras logfile created on: 4/28/2009 5:22:03 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Tracy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 124.51 Mb Available Physical Memory | 24.41% Memory free
1.22 Gb Paging File | 0.89 Gb Available in Paging File | 72.86% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 47.63 Gb Free Space | 66.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TALLENHOME
Current User Name: Tracy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"16856:TCP" = 16856:TCP:*:Enabled:PORT_16856
"41558:TCP" = 41558:TCP:*:Enabled:PORT_41558
"17469:TCP" = 17469:TCP:*:Enabled:PORT_17469
"28395:TCP" = 28395:TCP:*:Enabled:PORT_28395
"35836:TCP" = 35836:TCP:*:Enabled:PORT_35836
"32056:TCP" = 32056:TCP:*:Enabled:PORT_32056
"25974:TCP" = 25974:TCP:*:Enabled:PORT_25974
"28896:TCP" = 28896:TCP:*:Enabled:PORT_28896
"30469:TCP" = 30469:TCP:*:Enabled:PORT_30469
"21809:TCP" = 21809:TCP:*:Enabled:PORT_21809
"5116:TCP" = 5116:TCP:*:Enabled:PORT_5116
"16301:TCP" = 16301:TCP:*:Enabled:PORT_16301
"56290:TCP" = 56290:TCP:*:Enabled:PORT_56290
"35558:TCP" = 35558:TCP:*:Enabled:PORT_35558
"63804:TCP" = 63804:TCP:*:Enabled:PORT_63804

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 File not found
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger (America Online, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer File not found
C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 File not found
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger (America Online, Inc.)
C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Disabled:QuickTime Player Application (Apple Computer, Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Computer, Inc.)
C:\Program Files\Nortel Networks\Extranet.exe:*:Enabled:Contivity VPN Client (Nortel Networks NA, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{17F6CD67-0E9D-4C4B-8F49-17F081092AE2}" = Better Homes and Gardens Interior Designer 7.0
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{38DFF723-C0B1-44AB-A927-62EDB033908F}" = Belkin 54g USB Network Adapter
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"AOL Instant Messenger" = AOL Instant Messenger
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MPEG4 Direct Maker" = MPEG4 Direct Maker
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealVNC_is1" = VNC Free Edition 4.1.2
"Shockwave" = Shockwave
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/28/2009 9:58:43 AM | Computer Name = TALLENHOME | Source = Application Hang | ID = 1002
Description = Hanging application Rtvscan.exe, version 8.0.0.9374, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/28/2009 10:39:18 AM | Computer Name = TALLENHOME | Source = Application Hang | ID = 1002
Description = Hanging application TeaTimer.exe, version 1.6.3.25, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/28/2009 1:38:10 PM | Computer Name = TALLENHOME | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.ByteVerify in File: C:\Documents and
Settings\Tracy\Application Data\Sun\Java\Deployment\cache\6.0\22\74018dd6-535fec85>>OP.class
by: Manual scan. Action: Clean failed : Quarantine succeeded : Virus Found!Virus
name: in File: C:\Documents and Settings\Tracy\Application Data\Sun\Java\Deployment\cache\6.0\22\74018dd6-535fec85
by: Manual scan. Action: Clean failed : Quarantine succeeded : Virus Found!Virus
name: Trojan Horse in File: C:\Documents and Settings\Tracy\Application Data\Sun\Java\Deployment\cache\6.0\52\1c9644b4-631d21e0>>vmain.class
by: Manual scan. Action: Clean failed : Quarantine succeeded : Virus Found!Virus
name: in File: C:\Documents and Settings\Tracy\Application Data\Sun\Java\Deployment\cache\6.0\52\1c9644b4-631d21e0
by: Manual scan. Action: Clean failed : Quarantine succeeded :

Error - 4/28/2009 2:17:35 PM | Computer Name = TALLENHOME | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan Horse in File: C:\Documents and Settings\Tracy\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-509b5189.zip>>vmain.class
by: Manual scan. Action: Clean failed : Quarantine succeeded : Virus Found!Virus
name: in File: C:\Documents and Settings\Tracy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-509b5189.zip
by: Manual scan. Action: Clean failed : Quarantine succeeded : Virus Found!Virus
name: Trojan.ByteVerify in File: C:\Documents and Settings\Tracy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-52b9c4dc-7eefba88.zip>>OP.class
by: Manual scan. Action: Clean failed : Quarantine succeeded : Virus Found!Virus
name: in File: C:\Documents and Settings\Tracy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-52b9c4dc-7eefba88.zip
by: Manual scan. Action: Clean failed : Quarantine succeeded :

Error - 4/28/2009 2:29:19 PM | Computer Name = TALLENHOME | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.Patchep!inf in File: C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
by: Manual scan. Action: Clean succeeded : Virus Found!Virus name: Trojan.Patchep!inf
in File: C:\WINDOWS\$NtServicePackUninstall$\lsass.exe by: Manual scan. Action:
Clean succeeded : Virus Found!Virus name: Trojan.Patchep!inf in File: C:\WINDOWS\$NtServicePackUninstall$\services.exe
by: Manual scan. Action: Clean succeeded : Virus Found!Virus name: Trojan.Patchep!inf
in File: C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe by: Manual scan. Action:
Clean succeeded : Virus Found!Virus name: Trojan.Patchep!inf in File: C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
by: Manual scan. Action: Clean succeeded :

Error - 4/28/2009 3:55:50 PM | Computer Name = TALLENHOME | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 4/28/2009 4:14:23 PM | Computer Name = TALLENHOME | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 4/28/2009 4:36:54 PM | Computer Name = TALLENHOME | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 4/28/2009 5:01:01 PM | Computer Name = TALLENHOME | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 4/28/2009 5:21:48 PM | Computer Name = TALLENHOME | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.14.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/28/2009 3:01:43 PM | Computer Name = TALLENHOME | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 4/28/2009 3:25:45 PM | Computer Name = TALLENHOME | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 4/28/2009 3:27:00 PM | Computer Name = TALLENHOME | Source = Service Control Manager | ID = 7000
Description = The Norton AntiVirus Auto Protect Service service failed to start
due to the following error: %%3

Error - 4/28/2009 3:27:00 PM | Computer Name = TALLENHOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
agp440

Error - 4/28/2009 3:56:23 PM | Computer Name = TALLENHOME | Source = Service Control Manager | ID = 7000
Description = The Norton AntiVirus Auto Protect Service service failed to start
due to the following error: %%3

Error - 4/28/2009 4:14:58 PM | Computer Name = TALLENHOME | Source = Service Control Manager | ID = 7000
Description = The Norton AntiVirus Auto Protect Service service failed to start
due to the following error: %%3

Error - 4/28/2009 4:37:32 PM | Computer Name = TALLENHOME | Source = Service Control Manager | ID = 7000
Description = The Norton AntiVirus Auto Protect Service service failed to start
due to the following error: %%3

Error - 4/28/2009 5:01:33 PM | Computer Name = TALLENHOME | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 4/28/2009 5:01:33 PM | Computer Name = TALLENHOME | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/28/2009 5:01:37 PM | Computer Name = TALLENHOME | Source = Service Control Manager | ID = 7000
Description = The Norton AntiVirus Auto Protect Service service failed to start
due to the following error: %%3


< End of report >

Edited by akabrek, 28 April 2009 - 05:44 PM.

  • 0

Advertisements

#2
heir
Posted 05 May 2009 - 03:24 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hello akabrek !

Welcome to the site! :) My nickname is heir and I'll be helping clean up your computer. :)

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

There are some open ports

"16856:TCP" = 16856:TCP:*:Enabled:PORT_16856
"41558:TCP" = 41558:TCP:*:Enabled:PORT_41558
"17469:TCP" = 17469:TCP:*:Enabled:PORT_17469
"28395:TCP" = 28395:TCP:*:Enabled:PORT_28395
"35836:TCP" = 35836:TCP:*:Enabled:PORT_35836
"32056:TCP" = 32056:TCP:*:Enabled:PORT_32056
"25974:TCP" = 25974:TCP:*:Enabled:PORT_25974
"28896:TCP" = 28896:TCP:*:Enabled:PORT_28896
"30469:TCP" = 30469:TCP:*:Enabled:PORT_30469
"21809:TCP" = 21809:TCP:*:Enabled:PORT_21809
"5116:TCP" = 5116:TCP:*:Enabled:PORT_5116
"16301:TCP" = 16301:TCP:*:Enabled:PORT_16301
"56290:TCP" = 56290:TCP:*:Enabled:PORT_56290
"35558:TCP" = 35558:TCP:*:Enabled:PORT_35558
"63804:TCP" = 63804:TCP:*:Enabled:PORT_63804

Do you recognize that you've opened those for traffic?

Let's remove what's found in those logs then.

Step 1.
Uninstall unwanted software:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Viewpoint Manager (Remove Only)
Viewpoint Media Player

Step 2.
OTL-fix:

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O4 - HKCU..\Run: [autochk] rundll32.exe C:\DOCUME~1\Tracy\protect.dll,_IWMPEvents@16 File not found
O21 - SSODL: tdomgafw - {F5D5E7D6-5247-496E-A53F-E08AE715CD69} - C:\WINDOWS\tdomgafw.dll File not found
O21 - SSODL: wetkadmr - {6CD51029-0465-4438-B38E-BA967D674894} - C:\WINDOWS\wetkadmr.dll File not found
:Files
C:\Program Files\Viewpoint
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

Step 3.
filescan:

Show hidden files, system files and known file-extensions:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Files and folders/Hidden files and folders heading
    • SELECT Show hidden files and folders
  • Under the Files and folders heading
    • UNCHECK Hide extensions for known file types.
    • UNCHECK Hide protected operating system files (Recommended).
  • Click OK

  • Using Internet Explorer 7 please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\WINDOWS\System32\drivers\SbcpHid.sys
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Do the same with this:C:\WINDOWS\SYSTEM32\CSPZH.EXE

Step 4.
OTL-scan:

  • Double click on OTListIt2.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window with OTListIt.Txt that's saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Step 5.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 6.
Things I would like to see in your reply:

  • Answer to my question in the beginning of this post.
  • The content of the fixlog from OTL2 in step 2.
  • The results from the filescans in step 3.
  • The content of the fresh OTListIt.txt from step 4.
  • Th econtent of C:\lopR.txt from step 5.
  • Information on how you computer is running after these steps.

  • 0

#3
akabrek
Posted 05 May 2009 - 10:14 AM

akabrek

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks Heir, looking forward to working with you.




Open Ports... As for the open ports, I have no idea about those. What should I do about those?


Step 1: Viewpoint manager and Viewpoint player have been removed

Steop2: Otl-fix has been performed. I was not sure wich log you wanted so I posted both the one that came up after the fix and a new scan log.

Step 3: I have not done yet. When I did the windows update it put Explore 8 on the machine. You had listed specifically to go to VirScan.org in Explorer 7. Do I need to reload that?

here is the otl fix log:

========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\autochk not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\tdomgafw deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5D5E7D6-5247-496E-A53F-E08AE715CD69}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\wetkadmr deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CD51029-0465-4438-B38E-BA967D674894}\ deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\Viewpoint not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z3C8B21Z\%253Dbelow_fold%253Bsection%253Dtitle%253Bconst%253Dtt0859635%253Bgenre%253DCrime%253Bgenre%253DComedy%253Bttype%253Dfeature%253Bgenre%253DMystery%253Bord%253D2036844127273379%253F scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z3C8B21Z\&userid=17851246&handle=tallen04&searchpage=5&p_hp=10&p_lp=10&urlcode=1&p_sb=P_Smoke_01&p_hc=P_HaveKids_02&p_b=P_Build_02&p_edu=P_Edu_04&chem_Ad=1&euid=JEQx33BTLOEiVp9SGigPwQ%3d%3d scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z0EFIXSD\homead;arena=nfl;arena=home;type=psa;team=HOME;user=Anonymous;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a;dpart=1;cust=no;u=RoPhWgq0G4YAAGdcl4Y;sz=985x40;tile[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z0EFIXSD\police_Cars-Trucks_W0QQ_trksidZm37QQcatrefZC12QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfso
oZ1QQfsopZ9QQftrtZ1QQftrvZ1QQmppfqyZpoliceQQsabfmtsZ1QQsacat[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z0EFIXSD\tk-2100-radio-earbud-programming-cable-earpiece-headset-speaker-mic_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQdfspZ32QQfromZR40QQfrtsZ50QQft
rtZ1QQft[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\W1YRC9EZ\nnew&race=4&rollover_header_color=%23FFEE80&rows=1&show_join_link=0&show_title=0&size=4&target=_blank&text_color=red&this_page=banners_member_models_customize&title_color=%23000000 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\SDQF85Q3\%253Dbelow_fold%253Bsection%253Dtitle%253Bconst%253Dtt0859635%253Bgenre%253DCrime%253Bgenre%253DComedy%253Bttype%253Dfeature%253Bgenre%253DMystery%253Bord%253D5257234795679950%253F scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\SDQF85Q3\&userid=17851246&handle=tallen04&searchpage=4&p_hp=10&p_lp=10&urlcode=1&p_sb=P_Smoke_01&p_hc=P_HaveKids_02&p_b=P_Build_02&p_edu=P_Edu_04&chem_Ad=1&euid=JEQx33BTLOEiVp9SGigPwQ%3d%3d scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\SDQF85Q3\userid=17851246&handle=tallen04&searchpage=14&p_hp=10&p_lp=10&urlcode=1&p_sb=P_Smoke_01&p_hc=P_HaveKids_02&p_b=P_Build_02&p_edu=P_Edu_04&chem_Ad=1&euid=JEQx33BTLOEiVp9SGigPwQ%3d%3d scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\OAHW2943\QcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfrtsZ50QQfsooZ1QQfsopZ1QQftrtZ1QQ
ftrvZ1QQlsotZQQmppfqyZchevyQ20capriceQ2090QQsabfmtsZ1QQsacatZQ2d1QQsaprchiZQQsaprcloZ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\OAHW2943\userid=17851246&handle=tallen04&searchpage=14&p_hp=10&p_lp=10&urlcode=1&p_sb=P_Smoke_01&p_hc=P_HaveKids_02&p_b=P_Build_02&p_edu=P_Edu_04&chem_Ad=1&euid=JEQx33BTLOEiVp9SGigPwQ%3d%3d scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\N210LRJ7\activity;src=671856;met=1;v=1;pid=16861957;aid=100772735;ko=0;cid=20903958;rid=20921851;rv=1;&timestamp=1183480909571;eid1=2;ecn1=1;etm1=10;eid2=12;ecn2=1;etm2=10;&_dc_ck=t[1].gif scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\N210LRJ7\tk-2100_W0QQcatrefZC6QQdfspZ32QQfposZ03054QQfromZR40QQfsooZ2QQfsopZ32QQftrtZ1QQftrvZ1QQftsZ2QQsabfmtsZ1
QQsacatZQ2d1QQsadisZ200QQsargnZQ2d1QQsaslcZ2QQsatitleZtkQ2d2100QQsbrf[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\ML2P85KV\chevy-caprice-90_W0QQ_trksidZm37QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfrtsZ100
QQfsooZ1QQfsopZ1QQftrtZ1QQftrvZ1QQmppfqyZchevyQ20capriceQ2[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\ML2P85KV\ford-crown-nos_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR40QQfrtsZ50QQfsooZ2QQfso
pZ2QQftrtZ1QQftrvZ1QQftsZ2QQmppfqyZfordQ20crownQ20nosQQsabfmt[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\G9YFWLQ3\userid=17851246&handle=tallen04&searchpage=12&p_hp=10&p_lp=10&urlcode=1&p_sb=P_Smoke_01&p_hc=P_HaveKids_02&p_b=P_Build_02&p_edu=P_Edu_04&chem_Ad=1&euid=JEQx33BTLOEiVp9SGigPwQ%3d%3d scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\F9HI1MOY\1new&race=4&rollover_header_color=%23FFEE80&rows=1&show_join_link=0&show_title=0&size=4&target=_blank&text_color=red&this_page=banners_member_models_customize&title_color=%23000000 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJ0N2N6L\chevy-caprice-90_W0QQ_trksidZm37QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfrtsZ50Q
QfsooZ1QQfsopZ1QQftrtZ1QQftrvZ1QQlsotZQQmppfqyZchevyQ20cap[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJ0N2N6L\homead;arena=nfl;arena=home;type=psa;team=HOME;user=Anonymous;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=b;dpart=1;cust=no;u=RoPhWgq0G4YAAGdcl4Y;sz=985x40;tile[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\A3KNPEZY\police_Cars-Trucks_W0QQ_trksidZm37QQcatrefZC12QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfso
oZ1QQfsopZ1QQftrtZ1QQftrvZ1QQlsotZQQmppfqyZpoliceQQsabfmtsZ1[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\9MSCIJN5\ford-crown-nos_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR40QQfrtsZ100QQfsooZ2QQfs
opZ2QQftrtZ1QQftrvZ1QQftsZ2QQmppfqyZfordQ20crownQ20nosQQsabfm[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\8V4BYL4Z\site=match&build=5&pagepos=439&adsize=553x108&brandid=0&bannerid=0&a=38&zip=03054&g=1&gp=2&co=1&state=30&city=103736&page=331&income=P_Income_00&subid=1&Params[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\8KZBS3VU\homead;arena=nfl;arena=home;type=psa;team=HOME;user=Anonymous;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a;dpart=1;adid=22079287;cust=no;u=RoPhWgq0G4YAAGdcl4Y;[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\8KZBS3VU\tk-2100-transceiver_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQdfspZ32QQfromZR40QQfso
oZ2QQfsopZ32QQftrtZ1QQftrvZ1QQftsZ2QQpqryZtkQ2d2100Q20transcieve[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\412B056Z\&userid=17851246&handle=tallen04&searchpage=8&p_hp=10&p_lp=10&urlcode=1&p_sb=P_Smoke_01&p_hc=P_HaveKids_02&p_b=P_Build_02&p_edu=P_Edu_04&chem_Ad=1&euid=JEQx33BTLOEiVp9SGigPwQ%3d%3d scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\09274HYR\homead;arena=nfl;arena=home;type=psa;team=HOME;user=Anonymous;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=b;dpart=1;cust=no;u=RoPhWgq0G4YAAGdcl4Y;sz=230x150;til[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\09274HYR\userid=17851246&handle=tallen04&searchpage=11&p_hp=10&p_lp=10&urlcode=1&p_sb=P_Smoke_01&p_hc=P_HaveKids_02&p_b=P_Build_02&p_edu=P_Edu_04&chem_Ad=1&euid=JEQx33BTLOEiVp9SGigPwQ%3d%3d scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\01AROTYB\%253Dbelow_fold%253Bsection%253Dtitle%253Bconst%253Dtt0859635%253Bgenre%253DCrime%253Bgenre%253DComedy%253Bttype%253Dfeature%253Bgenre%253DMystery%253Bord%253D1244654236271382%253F scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\01AROTYB\%253Dbelow_fold%253Bsection%253Dtitle%253Bconst%253Dtt0859635%253Bgenre%253DCrime%253Bgenre%253DComedy%253Bttype%253Dfeature%253Bgenre%253DMystery%253Bord%253D5696950657759960%253F scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\01AROTYB\&userid=17851246&handle=tallen04&searchpage=7&p_hp=10&p_lp=10&urlcode=1&p_sb=P_Smoke_01&p_hc=P_HaveKids_02&p_b=P_Build_02&p_edu=P_Edu_04&chem_Ad=1&euid=JEQx33BTLOEiVp9SGigPwQ%3d%3d scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Temporary Internet Files\Content.IE5\01AROTYB\0QQ_trksidZm37QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfrtsZ100Q
QfsooZ1QQfsopZ1QQftrtZ1QQftrvZ1QQmppfqyZchevyQ20capriceQ2090QQsabfmtsZ1QQsacatZQ2d1 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Perflib_Perfdata_7e4.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\~DFBF3A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\~DFBF4A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\~DFC021.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\~DFC032.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\~DFC149.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\~DFC15C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully


OTListIt logfile created on: 5/5/2009 11:12:36 AM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Tracy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 139.29 Mb Available Physical Memory | 27.31% Memory free
1.22 Gb Paging File | 0.89 Gb Available in Paging File | 72.93% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 48.63 Gb Free Space | 68.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TALLENHOME
Current User Name: Tracy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\system32\brss01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe ()
PRC - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe ()
PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
PRC - C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe (TODO: <Company name>)
PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
PRC - C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe ( )
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe ()
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Tracy\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Belkin Wireless USB Network Adapter Service [Auto | Running]) -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe ()
SRV - (Brother XP spl Service [Auto | Running]) -- C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPodService [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (navapsvc [Auto | Stopped]) -- File not found
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (Norton AntiVirus Server [Auto | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (SymWSC [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ati2mtag [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (Eacfilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\eacfilt.sys (Nortel Networks)
DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (i81x [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys (Intel® Corporation)
DRV - (iAimFP3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimFP4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimTV0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys (Intel® Corporation)
DRV - (iAimTV1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys (Intel® Corporation)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntelC51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC52 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC53 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (IPSECEXT [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (IPSECSHM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mohfilt [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (MxlW2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (NAVAP [On_Demand | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys (Symantec Corporation)
DRV - (NAVAPEL [Auto | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS (Symantec Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090428.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090428.003\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RT73 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rt73.sys (Ralink Technology, Corp.)
DRV - (SbcpHid [System | Running]) -- C:\WINDOWS\system32\Drivers\SbcpHid.sys ()
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

-----------------------___________________________

OTlist re scan

O1 HOSTS File: (292771 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 10107 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc.)
O4 - HKLM..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe (TODO: <Company name>)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://download.yaho...s/yinst0401.cab (YInstStarter Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1240947212468 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (cspzh.exe) - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/05/05 10:50:45 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/05 01:09:41 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tracy\Desktop\OTListIt2.exe
[2009/05/04 13:14:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/04/28 16:04:49 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/04/28 16:04:49 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/04/28 15:53:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/04/28 15:51:58 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/04/28 15:49:15 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/04/28 15:44:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/04/28 15:01:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tracy\Application Data\Malwarebytes
[2009/04/28 15:00:55 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/28 15:00:55 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/28 15:00:52 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/28 15:00:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/28 15:00:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/28 14:59:40 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tracy\Desktop\mbam-setup.exe
[2009/04/28 14:54:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/28 14:53:45 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Tracy\Desktop\NTREGOPT.lnk
[2009/04/28 14:53:45 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Tracy\Desktop\ERUNT.lnk
[2009/04/28 14:53:43 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/28 14:53:14 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Tracy\Desktop\erunt_setup.exe
[2009/04/28 14:48:40 | 00,007,180 | ---- | C] () -- C:\Documents and Settings\Tracy\Desktop\SysRestorePoint_v12.zip
[2009/04/28 14:42:46 | 00,047,078 | ---- | C] () -- C:\Documents and Settings\Tracy\Desktop\ATF-Cleaner.zip
[2009/04/28 13:24:50 | 53,482,7008 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/28 12:36:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tracy\Desktop\New Folder
[2009/04/28 11:21:43 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2009/04/28 11:21:43 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2009/04/28 11:21:21 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/04/28 11:21:21 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2009/04/28 09:46:16 | 00,000,109 | -HS- | C] () -- C:\WINDOWS\System32\2691305272.dat
[2009/04/22 20:04:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tracy\My Documents\wanakee logo
[2009/04/15 02:32:20 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 02:32:20 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 02:32:20 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/15 02:32:19 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 02:32:19 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 02:32:19 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 02:32:18 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 02:31:38 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 02:31:37 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 02:31:36 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/11 16:51:45 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/04/11 16:51:45 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/05/16 03:01:21 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/02/25 13:25:03 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
[2007/02/25 13:25:01 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/06/25 16:03:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\BROWNIE.INI
[2006/06/25 16:03:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/06/25 16:03:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\briwm04a.ini
[2006/06/25 16:02:48 | 00,000,459 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/06/25 16:02:48 | 00,000,012 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/06/25 16:02:46 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/05/02 23:42:31 | 00,626,688 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2006/04/02 18:09:56 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/04 10:38:43 | 00,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[2006/02/04 10:38:39 | 00,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2006/01/30 03:20:44 | 00,000,026 | ---- | C] () -- C:\WINDOWS\UpdaterDVW58E.INI
[2006/01/04 03:46:51 | 00,000,308 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/03/20 01:07:21 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/12/30 02:40:33 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/11/22 05:22:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/07/22 03:28:15 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/07/22 03:16:48 | 00,000,677 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/07/22 03:03:54 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/22 03:03:39 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/22 02:48:58 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/05/11 11:02:24 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/26 17:59:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/09/03 09:59:58 | 00,000,613 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 09:50:58 | 00,000,231 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/08/29 06:00:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\rpcrt3.dll
[2002/07/30 12:33:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/08/23 15:00:00 | 00,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1980/01/01 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/05 11:08:07 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/05 11:08:07 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/05/05 11:08:07 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/05/05 11:06:32 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/05 11:03:28 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Tracy\Local Settings\DESKTOP.INI
[2009/05/05 11:03:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/05 11:03:25 | 53,482,7008 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/05 11:03:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/05/05 09:19:26 | 00,000,364 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/05/05 03:03:07 | 00,000,613 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/05/05 01:09:47 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tracy\Desktop\OTListIt2.exe
[2009/04/28 16:29:30 | 00,000,012 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2009/04/28 15:55:42 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Tracy\My Documents\DESKTOP.INI
[2009/04/28 15:53:12 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/28 15:37:11 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/04/28 15:00:55 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/28 14:59:40 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tracy\Desktop\mbam-setup.exe
[2009/04/28 14:53:45 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Tracy\Desktop\NTREGOPT.lnk
[2009/04/28 14:53:45 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Tracy\Desktop\ERUNT.lnk
[2009/04/28 14:53:16 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Tracy\Desktop\erunt_setup.exe
[2009/04/28 14:48:40 | 00,007,180 | ---- | M] () -- C:\Documents and Settings\Tracy\Desktop\SysRestorePoint_v12.zip
[2009/04/28 14:42:47 | 00,047,078 | ---- | M] () -- C:\Documents and Settings\Tracy\Desktop\ATF-Cleaner.zip
[2009/04/28 12:19:32 | 00,000,677 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/04/28 09:49:46 | 00,000,109 | -HS- | M] () -- C:\WINDOWS\System32\2691305272.dat
[2009/04/11 16:53:23 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/11 16:51:45 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/11 16:51:45 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >
  • 0

#4
heir
Posted 05 May 2009 - 10:28 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

Steop2: Otl-fix has been performed. I was not sure wich log you wanted so I posted both the one that came up after the fix and a new scan log.

Step 3: I have not done yet. When I did the windows update it put Explore 8 on the machine. You had listed specifically to go to VirScan.org in Explorer 7. Do I need to reload that?


As for step 2 I apologize for the inconsistence in the instructions. Now that you posted both those logs you have done step 4 also. It's perfectly OK.

Use ie8 there can be a problem with copy and paste though. Just make sure to post the result from the scans in here that's readable and it will be fine.

Did that clear things up?
  • 0

#5
akabrek
Posted 05 May 2009 - 11:17 AM

akabrek

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Step3: The first file was scanned, but the second file (c:\windows\system32\cspzh.exe) was not there. The report is below for the first one.

Step4: Completed as you had already said.

Step5 Copmpleted and log posted below

Step6 I beileve all need logs have been posted. Computer seems to be running fine, the Protect.dll error does ot come up at start up anymore.

What should be done about the open ports?
are there any other items in the Regisry or other that should be removed?

thanks






VirSCAN.org Scanned Report :
Scanned time : 2009/05/05 12:41:40 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : SbcpHid.sys
File Size : 22400 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 30d94039a729571146eb9d736ec1aadd
SHA1 : 76cf4f0471b7308f746f10f5df3ad1eb20a48fbc
Online report : http://virscan.org/r...75cfb16878.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090505223632 2009-05-05 3.25 -
AhnLab V3 2009.05.06.00 2009.05.06 2009-05-06 0.85 -
AntiVir 7.9.0.160 7.1.3.156 2009-05-05 2.03 -
Antiy 2.0.18 20090503.2333071 2009-05-03 0.02 -
Arcavir 2009 200905051215 2009-05-05 0.10 -
Authentium 5.1.1 200905041818 2009-05-04 1.17 -
AVAST! 3.0.1 090504-1 2009-05-04 0.01 -
AVG 7.5.52.442 270.12.11/2089 2009-04-30 2.05 -
BitDefender 7.81008.2901850 7.25214 2009-05-05 2.72 -
CA (VET) 9.0.0.143 31.6.6489 2009-05-05 20.61 -
ClamAV 0.95 9328 2009-05-05 0.01 -
Comodo 3.8 1149 2009-05-03 1.80 -
CP Secure 1.1.0.715 2009.05.05 2009-05-05 8.87 -
Dr.Web 4.44.0.9170 2009.05.05 2009-05-05 4.57 -
F-Prot 4.4.4.56 20090504 2009-05-04 1.15 -
F-Secure 5.51.6100 2009.05.05.04 2009-05-05 5.35 -
Fortinet 2.81-3.117 10.354 2009-05-05 0.28 -
GData 19.5051/19.321 20090505 2009-05-05 7.55 -
ViRobot 20090504 2009.05.04 2009-05-04 0.78 -
Ikarus T3.1.01.49 2009.05.05.72673 2009-05-05 2.78 -
JiangMin 11.0.706 2009.05.05 2009-05-05 2.59 -
Kaspersky 5.5.10 2009.05.05 2009-05-05 0.05 -
KingSoft 2009.2.5.15 2009.5.5.21 2009-05-05 4.98 -
McAfee 5.3.00 5605 2009-05-04 2.83 -
Microsoft 1.4602 2009.05.05 2009-05-05 8.73 -
mks_vir 2.01 2009.05.05 2009-05-05 2.84 -
Norman 6.01.05 6.01.00 2009-05-05 4.01 -
Panda 9.05.01 2009.05.04 2009-05-04 8.63 -
Trend Micro 8.700-1004 6.108.05 2009-05-05 0.03 -
Quick Heal 10.00 2009.05.05 2009-05-05 1.86 -
Rising 20.0 21.28.12.00 2009-05-05 0.73 -
Sophos 2.86.0 4.41 2009-05-05 2.28 -
Sunbelt 5121 5121 2009-05-04 1.56 -
Symantec 1.3.0.24 20090504.005 2009-05-04 0.21 -
nProtect 20090504.01 3571553 2009-05-04 19.14 -
The Hacker 6.3.4.1 v00318 2009-05-04 2.19 -
VBA32 3.12.10.4 20090505.0803 2009-05-05 1.84 -
VirusBuster 4.5.11.10 10.105.16/1327531 2009-05-05 1.62 -




LOPR.TXT Log


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A10
USER : Tracy ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:71 Go (Free:48 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Tue 05/05/2009|13:05 )

--------------------\\ Listing folders in APPLIC~1

[05/19/2007|02:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[05/19/2007|02:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Jasc Software Inc
[05/19/2007|02:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[07/22/2004|03:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sonic
[05/19/2007|02:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun
[05/19/2007|02:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Symantec

[05/14/2007|01:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[03/17/2005|02:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[12/30/2004|02:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[03/02/2006|02:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[07/22/2004|03:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[07/22/2004|03:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell
[02/22/2007|01:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[07/23/2008|10:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[04/28/2009|03:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[04/28/2009|04:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[07/22/2004|03:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[07/22/2004|02:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[04/28/2009|04:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[11/22/2004|05:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[05/05/2009|10:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[05/06/2006|03:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[07/22/2004|02:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[07/22/2004|03:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Jasc Software Inc
[07/22/2004|03:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[07/22/2004|03:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sonic
[07/22/2004|03:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun
[07/22/2004|03:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec

[05/06/2006|07:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Help
[02/11/2007|02:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[07/11/2007|03:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[11/13/2004|11:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Symantec

[08/01/2004|09:55] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Symantec

[07/03/2008|09:04] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Adobe
[10/11/2007|03:33] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> AdobeUM
[03/22/2005|03:09] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Ahead
[09/23/2004|11:35] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Aim
[03/20/2007|11:20] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Apple Computer
[07/22/2006|02:40] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Brother
[02/04/2006|10:13] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Corel
[12/14/2004|11:55] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> CyberLink
[10/10/2004|12:58] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Help
[07/22/2004|02:47] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Identities
[07/22/2004|03:21] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Jasc Software Inc
[01/26/2008|04:05] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Lavasoft
[01/26/2005|10:54] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Leadertech
[08/01/2004|10:30] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Macromedia
[04/28/2009|03:01] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Malwarebytes
[12/12/2007|12:18] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Microsoft
[10/03/2007|12:19] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Move Networks
[01/08/2006|02:21] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Real
[01/26/2005|10:54] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Sonic
[07/22/2004|03:12] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Sun
[07/22/2004|03:21] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Symantec
[05/05/2008|02:48] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> TmpRecentIcons
[01/18/2007|02:11] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Viewpoint
[07/22/2006|11:48] C:\DOCUME~1\Tracy\APPLIC~1\<DIR> Yahoo! Messenger

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[05/05/2009 11:06 AM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[05/05/2009 09:19 AM][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[05/05/2009 11:03 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/29/2002 06:00 AM][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

--------------------\\ Listing Folders in C:\Program Files

[05/14/2007|01:12] C:\Program Files\<DIR> Adobe
[03/17/2005|02:37] C:\Program Files\<DIR> Ahead
[08/11/2005|08:30] C:\Program Files\<DIR> AIM
[08/11/2005|08:30] C:\Program Files\<DIR> AOD
[08/01/2004|10:34] C:\Program Files\<DIR> AWS
[02/25/2007|01:24] C:\Program Files\<DIR> Belkin
[06/25/2006|04:02] C:\Program Files\<DIR> Brother
[04/14/2007|02:18] C:\Program Files\<DIR> Chief Architect Inc
[09/18/2008|12:15] C:\Program Files\<DIR> Common Files
[07/22/2004|02:48] C:\Program Files\<DIR> ComPlus Applications
[07/22/2004|03:14] C:\Program Files\<DIR> CyberLink
[07/22/2004|03:24] C:\Program Files\<DIR> Dell
[07/22/2004|03:20] C:\Program Files\<DIR> Dell Computer
[01/07/2006|06:08] C:\Program Files\<DIR> DVD Decrypter
[01/07/2006|06:07] C:\Program Files\<DIR> DVD Shrink
[04/28/2009|02:53] C:\Program Files\<DIR> ERUNT
[04/28/2009|04:29] C:\Program Files\<DIR> Hijackthis
[04/14/2007|02:18] C:\Program Files\<DIR> InstallShield Installation Information
[07/22/2004|03:14] C:\Program Files\<DIR> Intel
[04/28/2009|03:55] C:\Program Files\<DIR> Internet Explorer
[03/02/2006|02:35] C:\Program Files\<DIR> iPod
[03/02/2006|02:35] C:\Program Files\<DIR> iTunes
[07/22/2004|03:21] C:\Program Files\<DIR> Jasc Software Inc
[05/02/2008|08:31] C:\Program Files\<DIR> Java
[09/03/2008|01:00] C:\Program Files\<DIR> Lavasoft
[07/22/2004|03:18] C:\Program Files\<DIR> Learn2.com
[04/28/2009|03:00] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[02/01/2005|09:15] C:\Program Files\<DIR> Maxis
[12/19/2008|12:17] C:\Program Files\<DIR> Messenger
[04/02/2006|06:08] C:\Program Files\<DIR> Microsoft ActiveSync
[05/10/2006|01:35] C:\Program Files\<DIR> Microsoft AntiSpyware
[04/28/2009|03:44] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[07/22/2004|02:48] C:\Program Files\<DIR> microsoft frontpage
[07/22/2004|03:19] C:\Program Files\<DIR> Microsoft Money
[04/02/2006|06:08] C:\Program Files\<DIR> Microsoft Office
[07/22/2004|03:14] C:\Program Files\<DIR> Modem Helper
[07/22/2004|03:14] C:\Program Files\<DIR> Modem On Hold
[12/19/2008|11:58] C:\Program Files\<DIR> Movie Maker
[12/06/2006|07:05] C:\Program Files\<DIR> MPEG4 Direct Maker
[07/22/2004|02:47] C:\Program Files\<DIR> MSN
[07/22/2004|02:48] C:\Program Files\<DIR> MSN Gaming Zone
[11/16/2006|04:01] C:\Program Files\<DIR> MSXML 4.0
[07/22/2004|03:24] C:\Program Files\<DIR> MUSICMATCH
[12/19/2008|11:54] C:\Program Files\<DIR> NetMeeting
[06/21/2006|09:01] C:\Program Files\<DIR> Nortel Networks
[07/22/2004|02:48] C:\Program Files\<DIR> Online Services
[12/19/2008|11:54] C:\Program Files\<DIR> Outlook Express
[03/02/2006|02:38] C:\Program Files\<DIR> QuickTime
[06/21/2006|09:08] C:\Program Files\<DIR> RealVNC
[07/22/2004|03:16] C:\Program Files\<DIR> Sonic
[04/28/2009|04:35] C:\Program Files\<DIR> Spybot - Search & Destroy
[11/22/2004|05:20] C:\Program Files\<DIR> Symantec
[11/22/2004|05:20] C:\Program Files\<DIR> Symantec_Client_Security
[08/03/2004|12:52] C:\Program Files\<DIR> Uninstall Information
[01/02/2007|01:45] C:\Program Files\<DIR> Windows Defender
[02/04/2007|12:22] C:\Program Files\<DIR> Windows Media Connect 2
[12/19/2008|11:54] C:\Program Files\<DIR> Windows Media Player
[12/19/2008|11:54] C:\Program Files\<DIR> Windows NT
[06/21/2007|03:03] C:\Program Files\<DIR> WindowsUpdate
[04/19/2005|03:59] C:\Program Files\<DIR> WinRAR
[07/22/2004|03:26] C:\Program Files\<DIR> WordPerfect Office 12
[07/22/2004|02:48] C:\Program Files\<DIR> XEROX
[08/01/2004|10:30] C:\Program Files\<DIR> Yahoo!
[07/22/2004|03:24] C:\Program Files\<DIR> Your Company Name

--------------------\\ Listing Folders in C:\Program Files\Common Files

[08/07/2004|10:42] C:\Program Files\Common Files\<DIR> Adobe
[03/17/2005|02:36] C:\Program Files\Common Files\<DIR> Ahead
[07/22/2004|03:17] C:\Program Files\Common Files\<DIR> AOL
[07/22/2004|03:26] C:\Program Files\Common Files\<DIR> Borland Shared
[07/22/2004|03:25] C:\Program Files\Common Files\<DIR> Corel
[07/22/2004|03:20] C:\Program Files\Common Files\<DIR> Dell
[04/02/2006|06:08] C:\Program Files\Common Files\<DIR> Designer
[04/14/2007|02:18] C:\Program Files\Common Files\<DIR> InstallShield
[07/22/2004|03:12] C:\Program Files\Common Files\<DIR> Java
[05/05/2009|03:03] C:\Program Files\Common Files\<DIR> Microsoft Shared
[07/22/2004|02:48] C:\Program Files\Common Files\<DIR> MSSoap
[07/22/2004|03:17] C:\Program Files\Common Files\<DIR> Nullsoft
[07/22/2004|02:48] C:\Program Files\Common Files\<DIR> ODBC
[01/08/2006|02:21] C:\Program Files\Common Files\<DIR> Real
[07/22/2004|02:48] C:\Program Files\Common Files\<DIR> Services
[07/22/2004|03:16] C:\Program Files\Common Files\<DIR> Sonic
[07/22/2004|03:14] C:\Program Files\Common Files\<DIR> Sonic Shared
[07/22/2004|02:48] C:\Program Files\Common Files\<DIR> SpeechEngines
[08/07/2004|02:55] C:\Program Files\Common Files\<DIR> SWF Studio
[11/22/2004|05:20] C:\Program Files\Common Files\<DIR> Symantec Shared
[12/19/2008|11:54] C:\Program Files\Common Files\<DIR> System

--------------------\\ Process

( 48 Processes )

iexplore.exe ~ [PID:3492]
iexplore.exe ~ [PID:2756]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 13:06:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:10][D:1]-> C:\DOCUME~1\Tracy\LOCALS~1\Temp
[F:41][D:0]-> C:\DOCUME~1\Tracy\Cookies
[F:776][D:4]-> C:\DOCUME~1\Tracy\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 05/05/2009|13:08 - Option : [1]

--------------------\\ Scan completed at 13:08:32
  • 0

#6
heir
Posted 05 May 2009 - 02:17 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

What should be done about the open ports?
are there any other items in the Regisry or other that should be removed?

I'll close those ports. Usually next time the application want to use a port your firewall software will ask if you want let the application to do so.
I'll continue to to clean and run scans until we get your computer as clean as it can get.
Let's move on!


Step 1.
Filescans:

  • Using Internet Explorer please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\WINDOWS\System32\2691305272.dat
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Step 2.
OTL-fix:

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (cspzh.exe) - File not found
:Services
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"16856:TCP"=-
"41558:TCP"=-
"17469:TCP"=-
"28395:TCP"=-
"35836:TCP"=-
"32056:TCP"=-
"25974:TCP"=-
"28896:TCP"=-
"30469:TCP"=-
"21809:TCP"=-
"5116:TCP"=-
"16301:TCP"=-
"56290:TCP"=-
"35558:TCP"=-
"63804:TCP"=-
:Files
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
C:\DOCUME~1\Tracy\APPLIC~1\Viewpoint
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL2 fixlog

Step 3.
Clean temp locations:

Please download ATF Cleaner by Atribune.
Caution: This program is for Windows 2000, XP and Vista onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step 4.
Scan with Malwarebytes AntiMalware:

  • Start MBAM select the update tab and Click on Check for Updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step 5.
Scan with Kaspersky Online Scanner:

Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Upgrading Java:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

Step 6.
Things I would like to see in your reply:

  • The results from the filescan from Step 1.
  • The content of the fixlog from OTL2 from Step 2.
  • The content of the report from MBAM from Step 4.
  • The content of the report from Kaspersky Online Scanner from Step 5.
  • Information on how your computer is running now.

  • 0

#7
akabrek
Posted 05 May 2009 - 09:19 PM

akabrek

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Below is the reports for step 1,2,4 and 5

Computer seems to be running fine, have not had any new problems in the last day or so, ever since the Protect.dll module error was seemingly taken care of.



Here are the logs:

VirSCAN.org Scanned Report :
Scanned time : 2009/05/05 16:31:32 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : 2691305272.dat
File Size : 109 byte
File Type : data
MD5 : 47ac2709789c6eedc39e02a730d164f8
SHA1 : b41a22f7291023a344448c1db2f32f55661ece30
Online report : http://virscan.org/r...a3c47e6aff.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090506030215 2009-05-06 1.87 -
AhnLab V3 2009.05.06.01 2009.05.06 2009-05-06 0.74 -
AntiVir 7.9.0.160 7.1.3.157 2009-05-05 2.02 -
Antiy 2.0.18 20090503.2333071 2009-05-03 0.02 -
Arcavir 2009 200905051215 2009-05-05 0.02 -
Authentium 5.1.1 200905051437 2009-05-05 1.10 -
AVAST! 3.0.1 090505-0 2009-05-05 0.00 -
AVG 7.5.52.442 270.12.11/2089 2009-04-30 2.03 -
BitDefender 7.81008.2901902 7.25218 2009-05-06 2.70 -
CA (VET) 9.0.0.143 31.6.6489 2009-05-05 7.45 -
ClamAV 0.95 9329 2009-05-05 0.00 -
Comodo 3.8 1151 2009-05-05 1.48 -
CP Secure 1.1.0.715 2009.05.05 2009-05-05 8.76 -
Dr.Web 4.44.0.9170 2009.05.05 2009-05-05 4.48 -
F-Prot 4.4.4.56 20090505 2009-05-05 1.10 -
F-Secure 5.51.6100 2009.05.05.05 2009-05-05 5.30 -
Fortinet 2.81-3.117 10.354 2009-05-05 0.14 -
GData 19.5052/19.321 20090505 2009-05-05 5.73 -
ViRobot 20090504 2009.05.04 2009-05-04 0.43 -
Ikarus T3.1.01.49 2009.05.05.72674 2009-05-05 2.84 -
JiangMin 11.0.706 2009.05.05 2009-05-05 4.53 -
Kaspersky 5.5.10 2009.05.05 2009-05-05 0.02 -
KingSoft 2009.2.5.15 2009.5.5.21 2009-05-05 1.22 -
McAfee 5.3.00 5606 2009-05-05 2.82 -
Microsoft 1.4602 2009.05.05 2009-05-05 6.19 -
mks_vir 2.01 2009.05.05 2009-05-05 2.69 -
Norman 6.01.05 6.01.00 2009-05-05 4.00 -
Panda 9.05.01 2009.05.04 2009-05-04 2.31 -
Trend Micro 8.700-1004 6.110.02 2009-05-05 0.02 -
Quick Heal 10.00 2009.05.05 2009-05-05 2.56 -
Rising 20.0 21.28.12.00 2009-05-05 0.42 -
Sophos 2.86.0 4.41 2009-05-06 2.21 -
Sunbelt 5121 5121 2009-05-04 2.21 -
Symantec 1.3.0.24 20090505.003 2009-05-05 0.23 -
nProtect 20090504.01 3571553 2009-05-04 19.57 -
The Hacker 6.3.4.1 v00319 2009-05-05 1.38 -
VBA32 3.12.10.4 20090505.0803 2009-05-05 1.72 -
VirusBuster 4.5.11.10 10.105.16/1327531 2009-05-05 1.61 -





========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System:cspzh.exe deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\16856:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\41558:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\17469:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\28395:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\35836:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\32056:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\25974:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\28896:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\30469:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\21809:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5116:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\16301:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\56290:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\35558:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\63804:TCP deleted successfully.
========== FILES ==========
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\UserShell moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\Welcome moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\AxMetaStream_Win moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint moved successfully.
C:\DOCUME~1\Tracy\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 moved successfully.
C:\DOCUME~1\Tracy\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 moved successfully.
C:\DOCUME~1\Tracy\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 moved successfully.
C:\DOCUME~1\Tracy\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 moved successfully.
C:\DOCUME~1\Tracy\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources moved successfully.
C:\DOCUME~1\Tracy\APPLIC~1\Viewpoint\Viewpoint Media Player moved successfully.
C:\DOCUME~1\Tracy\APPLIC~1\Viewpoint moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Perflib_Perfdata_cac.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\~DF1AF2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\~DF1AFD.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\~DF1B64.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\~DF1B6F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\~DF1BA6.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\~DF1BB1.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\TMP0000008802DDD4CC2F0C6F0F scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.3 log created on 05052009_164347

Files moved on Reboot...
File C:\Documents and Settings\Tracy\Local Settings\Temp\Perflib_Perfdata_cac.dat not found!
File C:\Documents and Settings\Tracy\Local Settings\Temp\~DF1AF2.tmp not found!
File C:\Documents and Settings\Tracy\Local Settings\Temp\~DF1AFD.tmp not found!
File C:\Documents and Settings\Tracy\Local Settings\Temp\~DF1B64.tmp not found!
File C:\Documents and Settings\Tracy\Local Settings\Temp\~DF1B6F.tmp not found!
File C:\Documents and Settings\Tracy\Local Settings\Temp\~DF1BA6.tmp not found!
File C:\Documents and Settings\Tracy\Local Settings\Temp\~DF1BB1.tmp not found!
File C:\WINDOWS\temp\TMP0000008802DDD4CC2F0C6F0F not found!

Registry entries deleted on Reboot...






Malwarebytes' Anti-Malware 1.36
Database version: 2079
Windows 5.1.2600 Service Pack 3

5/5/2009 5:13:58 PM
mbam-log-2009-05-05 (17-13-58).txt

Scan type: Quick Scan
Objects scanned: 83610
Time elapsed: 6 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, May 5, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, May 05, 2009 19:06:23
Records in database: 2134528
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 73813
Threat name: 2
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 01:50:13


File name / Threat name / Threats count
C:\Documents and Settings\Tracy\.housecall6.6\Quarantine\385e455b-15efcdf3.bac_a01052 Infected: Trojan-Downloader.Java.OpenStream.y 1
C:\Documents and Settings\Tracy\.housecall6.6\Quarantine\OMG.class-42fae06b-20c259b6.class.bac_a01052 Infected: Trojan-Downloader.Java.OpenStream.y 1
C:\downloads\vnc-4_1_2-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4
C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

The selected area was scanned.
  • 0

#8
heir
Posted 06 May 2009 - 06:53 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Let's remove the objects that Housecall 6.6 quarantined

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
:Files
C:\Documents and Settings\Tracy\.housecall6.6\Quarantine\385e455b-15efcdf3.bac_a01052
C:\Documents and Settings\Tracy\.housecall6.6\Quarantine\OMG.class-42fae06b-20c259b6.class.bac_a01052
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL2 fixlog

  • 0

#9
akabrek
Posted 07 May 2009 - 11:55 AM

akabrek

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
========== OTLISTIT ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\Documents and Settings\Tracy\.housecall6.6\Quarantine\385e455b-15efcdf3.bac_a01052 moved successfully.
File\Folder C:\Documents and Settings\Tracy\.housecall6.6\Quarantine\OMG.class-42fae06b-20c259b6.class.bac_a01052 not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Tracy\Local Settings\Temp\Perflib_Perfdata_1dc.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_3d8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\TMP000000830C891849628DA86B scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.3 log created on 05072009_132725

Files moved on Reboot...
File C:\Documents and Settings\Tracy\Local Settings\Temp\Perflib_Perfdata_1dc.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_3d8.dat not found!
File C:\WINDOWS\temp\TMP000000830C891849628DA86B not found!

Registry entries deleted on Reboot...
  • 0

#10
heir
Posted 07 May 2009 - 12:30 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hey there, akabrek

OK! Well done, your log is clean again! :)

Time for some housekeeping.

Step 1.
Clean up:

First:
We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Double-click OTListIt2.exe to start it.
Click the Clean up button
Click Yes to the reboot.

Now delete any tools/logs that is left over after you ran OTListIt2 CleanUp.


Second:
Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer.

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.
System Restore will now be active again.


Step 2.
Prevention:

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

First:
Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to download an update.

http://www.adobe.com.../readstep2.html

Remove the older versions and install the latest,


Second:
One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.


Third:
Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware
  • SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here
.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.


Fourth:
Next lets look at Firewalls. These help to prevent unauthorised access both to and from the internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system.

Personal Firewalls
Fifth:
On to personal Anti Virus programs.

One AV is a must have! But never more than one, as this can and will cause conflicts and false readings. I have listed three free AV's below which are as good as any paid subscription AV, as long as you allow them to update themselves.

Anti Virus Programs
Sixth:
Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers
Lastly:
It is a good idea to clear out all your temp files every now and again with ATF Cleaner. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.


To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.


I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!
  • 0

#11
heir
Posted 14 May 2009 - 12:11 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP