Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Infection and Possible Trojan [CLOSED]

Started by awoooga999 , Sep 26 2008 01:48 PM

  • This topic is locked This topic is locked

#16
awoooga999
Posted 08 October 2008 - 02:58 PM

awoooga999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
[2008/09/22 19:30:31 | 00,010,225 | ---- | M] () -- C:\Users\Tzvi Glanzman\Documents\Manne- how to save a life.docx
[2008/09/21 22:35:27 | 16,167,1373 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2008/09/14 20:38:58 | 00,022,016 | ---- | M] () -- C:\Users\Tzvi Glanzman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/14 15:44:03 | 00,028,452 | ---- | M] () -- C:\Users\Tzvi Glanzman\AppData\Roaming\com.kennettnet.MusicRescueProfiles.plist
[2008/09/14 15:44:03 | 00,003,156 | ---- | M] () -- C:\Users\Tzvi Glanzman\AppData\Roaming\com.kennettnet.MusicRescue.plist
[2008/09/11 00:48:25 | 00,000,680 | ---- | M] () -- C:\Users\Tzvi Glanzman\AppData\Local\d3d9caps.dat
< End of report >
  • 0

Advertisements

#17
awoooga999
Posted 08 October 2008 - 02:59 PM

awoooga999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
EXTRAS LOG

OTViewIt Extras logfile created on: 10/8/2008 4:38:55 PM - Run 3
OTViewIt by OldTimer - Version 1.0.10.1 Folder = C:\Users\Tzvi Glanzman\Desktop
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.31 Mb Total Physical Memory | 167.89 Mb Available Physical Memory | 16.57% Memory free
2.24 Gb Paging File | 0.88 Gb Available in Paging File | 39.28% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.23 Gb Total Space | 21.36 Gb Free Space | 20.30% Space Free | Partition Type: NTFS
Drive D: | 6.56 Gb Total Space | 0.67 Gb Free Space | 10.19% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 488.25 Mb Total Space | 1.50 Mb Free Space | 0.31% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TG-PC
Current User Name: Tzvi Glanzman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
"UacDisableNotify"=1
"InternetSettingsDisableNotify"=1
"AutoUpdateDisableNotify"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
"VistaSp1"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/08/30 15:35:12 | 00,952,088 | ---- | M] (EarthLink, Inc.) -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
[2007/11/29 17:07:32 | 01,670,336 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
[2007/10/23 10:36:02 | 00,356,352 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] -- C:\Windows\System32\wshbth.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000006 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/08/24 07:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])
[2008/09/24 00:42:21 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])
[2006/10/26 17:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[2001/06/20 20:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2007/01/12 15:50:48 | 01,828,440 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/27 01:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}"=HP Wireless Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}"=Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}"=Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}"=Roxio Creator EasyArchive
"{1B6966AB-F2B4-439A-8B8E-437E9E8B298A}"=Baseball Mogul 2007
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}"=HP Active Support Library
"{228C6B46-64E2-404E-898A-EF0830603EF4}"=HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}"=Notebook Interactive Viewer
"{254C37AA-6B72-4300-84F6-98A82419187E}"=Hewlett-Packard Active Check for Health Check
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}"=SymNet
"{3248F0A8-6813-11D6-A77B-00B0D0160000}"=Java™ SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}"=Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}"=HP Quick Launch Buttons 6.10 B9
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}"=Sonic Activation Module
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}"=Norton Internet Security
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}"=ccCommon
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}"=Skype Plugin Manager
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}"=HP Easy Setup - Frontend
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}"=Bluesoleil2.6.0.8 Release 070517
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}"=RTC Client API v1.2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}"=HP QuickPlay 3.0
"{48185814-A224-447A-81DA-71BD20580E1B}"=Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}"=Norton Confidential Browser Component
"{552171BC-30F8-3B29-9C4F-E3FE590B7CAC}"=Google Gears
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}"=Norton Internet Security
"{605EC7D2-90AF-4B3C-9940-FAA9A0F87BF8}"=DavkaViewer Platinum
"{60DE4033-9503-48D1-A483-7846BD217CA9}"=ICQ6
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}"=Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}"=Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}"=Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit
"{830D8CBD-C668-49e2-A969-C2C2106332E0}"=Norton AntiVirus
"{83FFCFC7-88C6-41c6-8752-958A45325C82}"=Roxio Creator Audio
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8C6027FD-53DC-446D-BB75-CACD7028A134}"=HP Update
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}"=Windows Mobile Device Center
"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}"=Project64 1.6
"{98835B64-146F-47F4-8C3B-3B34C637EDCD}"=Safari
"{99C5770C-1C90-42E7-9B74-D47CFAF14621}"=muvee autoProducer 5.0
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}"=Norton Protection Center
"{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}"=HP Total Care Advisor
"{A8B94669-8654-4126-BD28-D0D2412CDED6}"=TI Connect 1.6
"{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}"=HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81000000003}"=Adobe Reader 8.1.1
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}"=MSRedist
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator Basic v9
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}"=Norton Confidential Web Protection Component
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}"=Symantec Real Time Storage Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}"=LightScribe 1.4.124.1
"{E229BC3D-60CC-4994-A8AE-D36E2F7EE503}"=M˛Convert for iPod
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}"=Norton Internet Security
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}"=HP Help and Support
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}"=Norton Internet Security
"{E7044E25-3038-4A76-9064-344AC038043E}"=Windows Mobile Device Center Driver Update
"{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}"=HP User Guide 0048
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}"=AOL Mail and AIM Gadget
"{F4DB525F-A986-4249-B98B-42A8066251CA}"=AV
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}"=HP Easy Setup - Core
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}"=ooVoo
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}"=ASL_HS_Installer32
"Activation Assistant for the 2007 Microsoft Office suites"=Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"AIM Toolbar"=AIM Toolbar 5.0
"AIM_6"=AIM 6
"AOL Uninstaller"=AOL Uninstaller (Choose which Products to Remove)
"AVG8Uninstall"=AVG Free 8.0
"AviSynth"=AviSynth 2.5
"AVS DVDMenu Editor_is1"=AVS DVDMenu Editor 1.2.1.19
"AVS Video Tools 5_is1"=AVS Video Tools 5.6
"BitLord"=BitLord 1.1
"Broadcom 802.11b Network Adapter"=Broadcom 802.11 Wireless LAN Adapter
"CNXT_HDAUDIO"=Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7"=Soft Data Fax Modem with SmartCP
"Creative VF0250"=Creative Live! Cam Notebook Pro Driver (1.03.02.0404)
"CutePDF Writer Installation"=CutePDF Writer 2.7
"ENTERPRISE"=Microsoft Office Enterprise 2007
"Free YouTube to iPod Converter_is1"=Free YouTube to iPod Converter version 2.8
"HDMI"=Intel® Graphics Media Accelerator Driver
"HijackThis"=HijackThis 2.0.2
"HOMESTUDENTR"=Microsoft Office Home and Student 2007
"HPOOVClient-6811507 Uninstaller"=HP Connections (remove only)
"iPod To Computer Transfer_is1"=iPod To Computer Transfer 3.1
"LimeWire"=LimeWire PRO 4.14.10
"LiveUpdate"=LiveUpdate 3.2 (Symantec Corporation)
"Mozilla Firefox (2.0.0.17)"=Mozilla Firefox (2.0.0.17)
"Music Rescue_is1"=Music Rescue 3.1.2
"MVApplication1"=Maxell CreateIt
"Orbit_is1"=Orbit Downloader
"PeerGuardian_is1"=PeerGuardian 2.0
"Picasa2"=Picasa 2
"Replay Media Catcher2.10"=Replay Media Catcher
"Skype_is1"=Skype 3.1
"SopCast"=SopCast 2.0.4
"Spyware Doctor"=Spyware Doctor 5.5
"Switch"=Switch Sound File Converter
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}"=Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"ToolBand.SkypeIEToolbarToolbar"=Skype add-on for IE
"Videora iPod Converter"=Videora iPod Converter 3.07
"WAV MP3 Converter"=WAV MP3 Converter 2.7 build 819
"WildTangent hplaptop Master Uninstall"=My HP Games
"Windows Mobile Device Handbook"=Windows Mobile® Device Handbook
"WinRAR archiver"=WinRAR archiver
"Yahoo! Companion"=Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar"=Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/3/2008 8:20:25 AM | Computer Name = TG-PC | Source = Google Update | ID = 20
Description =

Error - 10/3/2008 9:20:25 AM | Computer Name = TG-PC | Source = Google Update | ID = 20
Description =

Error - 10/3/2008 10:20:25 AM | Computer Name = TG-PC | Source = Google Update | ID = 20
Description =

Error - 10/3/2008 11:20:25 AM | Computer Name = TG-PC | Source = Google Update | ID = 20
Description =

Error - 10/3/2008 12:20:25 PM | Computer Name = TG-PC | Source = Google Update | ID = 20
Description =

Error - 10/3/2008 1:20:24 PM | Computer Name = TG-PC | Source = Google Update | ID = 20
Description =

Error - 10/3/2008 2:20:24 PM | Computer Name = TG-PC | Source = Google Update | ID = 20
Description =

Error - 10/3/2008 3:20:24 PM | Computer Name = TG-PC | Source = Google Update | ID = 20
Description =

Error - 10/8/2008 3:17:09 PM | Computer Name = TG-PC | Source = Application Error | ID = 1000
Description = Faulting application ccApp.exe, version 106.1.1.4, time stamp 0x453ed8a6,
faulting module NSCWSCR2.DLL, version 2007.1.2.11, time stamp 0x453ec402, exception
code 0xc0000005, fault offset 0x0001bbb7, process id 0xcfc, application start time
0x01c92979a2b3df0a.

Error - 10/8/2008 4:26:31 PM | Computer Name = TG-PC | Source = Application Error | ID = 1000
Description = Faulting application ccApp.exe, version 106.1.1.4, time stamp 0x453ed8a6,
faulting module NSCWSCR2.DLL, version 2007.1.2.11, time stamp 0x453ec402, exception
code 0xc0000005, fault offset 0x0001bbb7, process id 0xb54, application start time
0x01c92983a8f3cd13.

[ Media Center Events ]
Error - 11/12/2007 8:49:23 PM | Computer Name = TzviGlanzman-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/2/2007 2:39:25 PM | Computer Name = TzviGlanzman-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/16/2007 6:41:58 PM | Computer Name = TzviGlanzman-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/19/2007 7:38:26 PM | Computer Name = TzviGlanzman-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/17/2008 8:04:30 AM | Computer Name = TzviGlanzman-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/26/2008 10:16:26 AM | Computer Name = TzviGlanzman-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/31/2008 10:01:44 PM | Computer Name = TzviGlanzman-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/1/2008 9:46:16 PM | Computer Name = TzviGlanzman-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/8/2008 5:40:16 PM | Computer Name = TzviGlanzman-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/18/2008 5:43:53 PM | Computer Name = TzviGlanzman-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 2/24/2008 11:27:26 PM | Computer Name = TzviGlanzman-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9012
seconds with 4500 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/8/2008 3:08:28 PM | Computer Name = TG-PC | Source = ipnathlp | ID = 30005
Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
on the same network as the interface with IP address 192.168.0.105. The allocator
has disabled itself on the interface to avoid confusing DHCP clients.

Error - 10/8/2008 3:08:28 PM | Computer Name = TG-PC | Source = ipnathlp | ID = 30009
Description = The DHCP allocator encountered a network error while attempting to
reply on IP address 0.0.0.0 to a request from a client. The data is the error code.

Error - 10/8/2008 3:08:42 PM | Computer Name = TG-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/8/2008 3:11:51 PM | Computer Name = TG-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 10/8/2008 3:16:56 PM | Computer Name = TG-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 10/8/2008 3:17:35 PM | Computer Name = TG-PC | Source = DCOM | ID = 10010
Description =

Error - 10/8/2008 4:19:36 PM | Computer Name = TG-PC | Source = HTTP | ID = 15016
Description =

Error - 10/8/2008 4:20:51 PM | Computer Name = TG-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 10/8/2008 4:20:54 PM | Computer Name = TG-PC | Source = ipnathlp | ID = 30005
Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
on the same network as the interface with IP address 192.168.0.105. The allocator
has disabled itself on the interface to avoid confusing DHCP clients.

Error - 10/8/2008 4:21:04 PM | Computer Name = TG-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

#18
awoooga999
Posted 08 October 2008 - 03:01 PM

awoooga999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
OTMOVE IT LOG

Explorer killed successfully
Service not present: Viewpoint Manager Service.
File/Folder C:\Program Files\Viewpoint not found.
< purity >
< EmptyTemp >
File delete failed. C:\Users\TZVIGL~1\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\TZVIGL~1\AppData\Local\Temp\~DF4EE6.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10082008_161111

Files moved on Reboot...
C:\Users\TZVIGL~1\AppData\Local\Temp\ehmsas.txt moved successfully.
File C:\Users\TZVIGL~1\AppData\Local\Temp\~DF4EE6.tmp not found!





I did not remove Limewire, and BT but I won't use.
thanks for the help/
  • 0

#19
SpySentinel
Posted 11 October 2008 - 03:20 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Sorry for the post disappearing. The Admins were working on moving the server, and there was a corruption, so many posts were lost. We are deeply sorry, and please accept our apology. For more information Read Here.
Below is my fix:


How is your computer running?


Step #1

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


Step #2

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Step #3

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Logs to post in a reply:
  • Malwarebytes Anti-Malware Log
  • Kaspersky Log

Edited by SpySentinel, 11 October 2008 - 05:16 PM.

  • 0

#20
Rorschach112
Posted 15 October 2008 - 01:41 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP