Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Desktop not loading. Occassional Dr. Watson error [Solved]

Started by CREZ , Apr 26 2009 03:13 PM

  • This topic is locked This topic is locked

#1
CREZ
Posted 26 April 2009 - 03:13 PM

CREZ

    Member

  • Member
  • PipPip
  • 18 posts
I am having problems getting my desktop to load. It seems to be looking for some file to finish loading but never does. I have run Adaware, Spybot and Malware Bytes and have found no problems but there is definitely something wrong. The only way I can start a program is from the task manager.

Here is my scan

OTListIt logfile created on: 4/26/2009 4:35:30 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Christy\Local Settings\Temporary Internet Files\Content.IE5\7L1ENI0V
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.23 Mb Total Physical Memory | 36.34 Mb Available Physical Memory | 14.29% Memory free
625.58 Mb Paging File | 319.48 Mb Available in Paging File | 51.07% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 8.53 Gb Free Space | 22.90% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 550.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RESNIK
Current User Name: Christy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Documents and Settings\Christy\Local Settings\Temporary Internet Files\Content.IE5\7L1ENI0V\OTListIt2[1].exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSONStatusAgent2 [Auto | Running]) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MSCamSvc [Auto | Stopped]) -- File not found
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (4mmdat [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\4mmdat.sys (Microsoft Corporation)
DRV - (ac97intc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (EL90XBC [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HCF_MSFT [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys (Conexant)
DRV - (i81x [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV05NT.sys (Intel® Corporation)
DRV - (iAimFP3 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimFP4 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimFP5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV07nt.sys (Intel® Corporation)
DRV - (iAimFP6 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV08nt.sys (Intel® Corporation)
DRV - (iAimFP7 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV09nt.sys (Intel® Corporation)
DRV - (iAimTV0 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV01nt.sys (Intel® Corporation)
DRV - (iAimTV1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV3 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV4 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys (Intel® Corporation)
DRV - (iAimTV5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV10nt.sys (Intel® Corporation)
DRV - (iAimTV6 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV06nt.sys (Intel® Corporation)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (VX3000 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\VX3000.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/26 14:46:28 | 00,000,000 | ---D | M]


O1 HOSTS File: (766 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - SITEguard - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe File not found
O4 - HKLM..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe File not found
O4 - HKLM..\Run: [etavrwrA] C:\WINDOWS\etavrwrA.exe File not found
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136402504\ee\AOLSoftware.exe File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe File not found
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [keyboard] c:\\keyboard20.exe File not found
O4 - HKLM..\Run: [ms05893890944] C:\WINDOWS\ms05893890944.exe File not found
O4 - HKLM..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe File not found
O4 - HKLM..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe File not found
O4 - HKLM..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe" File not found
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [w0024100.dll] RUNDLL32.EXE w0024100.dll,I2 000de79800024100 File not found
O4 - HKLM..\Run: [w0044428.dll] RUNDLL32.EXE w0044428.dll,I2 000de79800044428 File not found
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKLM..\Run: [ypdvps] C:\WINDOWS\system32\ayyfqu.exe reg_run File not found
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Christy\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\TK8 EasyNote 1.1.lnk = C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 53 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 54 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range37 ([https] in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} http://www.wildtange...ave/Install.cab (CInstall Class)
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} http://aolsvc.aol.co...Web.1.0.0.8.cab (CPlayFirstmsiControl Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1194239175155 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1194239136359 (MUWebControl Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://66.42.244.165/Remote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.shockwave...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {988E213A-89C7-4C4E-B15F-5B7EDA2C34C0} http://www.shockwave...amesControl.cab (GenimoWebGames Control)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} http://www.shockwave...eb.1.0.0.10.cab (CPlayFirstzenerchiControl Object)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Hidden%20Expedition%20-%20Everest/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} http://www.shockwave...pt.1.0.0.21.cab (CPlayFirstSandScriptControl Object)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://www.shockwave...inematycoon.cab (TikGames Online Control)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://liveca12.cust...l/java/RntX.cab (Live Collaboration)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\yloevev.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\sebxasuand.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.DOS () - [ FAT32 ]
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ FAT32 ]
O32 - Autorun File - C:\autoexec.pav () - [ FAT32 ]
O32 - Autorun File - C:\AUTOEXEC.TR () - [ FAT32 ]
O32 - Autorun File - E:\AUTORUN.EXE (Sierra On-Line, Inc.) - [ CDFS ]
O32 - Autorun File - E:\AUTORUN.INF () - [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (SsiEfr.ex) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/04/26 16:03:40 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christy\Desktop\OTListIt2.exe
[2009/04/26 16:01:12 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/26 14:42:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/04/26 14:42:40 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/04/26 14:42:23 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/04/26 14:40:16 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/04/26 14:40:16 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/04/26 14:40:16 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/04/26 14:40:15 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/04/26 14:40:15 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/04/26 14:40:15 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/04/26 14:40:15 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/04/26 14:40:14 | 00,000,000 | ---D | C] -- C:\73d55daae67400ee96139967
[2009/04/26 11:14:40 | 00,001,643 | ---- | C] () -- C:\Documents and Settings\Christy\Desktop\HijackThis.lnk
[2009/04/26 11:14:39 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/26 10:36:16 | 00,000,000 | -HSD | C] -- C:\FOUND.008
[2009/04/22 21:48:13 | 26,664,5504 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/22 21:35:08 | 00,000,000 | -HSD | C] -- C:\FOUND.007
[2009/04/21 20:41:50 | 00,000,000 | -HSD | C] -- C:\FOUND.006
[2009/04/21 20:35:36 | 00,000,000 | -HSD | C] -- C:\FOUND.005
[2009/04/21 20:29:16 | 00,000,000 | -HSD | C] -- C:\FOUND.004
[2009/04/21 20:12:41 | 00,001,905 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\KODAK Software Updater.lnk
[2009/04/21 20:12:41 | 00,001,746 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2009/04/21 20:12:41 | 00,001,717 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/04/21 20:12:41 | 00,001,666 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/04/21 20:12:41 | 00,001,634 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/04/21 20:12:41 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\TK8 EasyNote 1.1.lnk
[2009/04/20 18:53:58 | 00,000,000 | -HSD | C] -- C:\FOUND.003
[2009/04/19 12:23:02 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/19 12:22:40 | 00,000,000 | -HSD | C] -- C:\FOUND.002
[2009/04/17 20:15:56 | 00,000,000 | -HSD | C] -- C:\FOUND.001
[2009/04/16 13:52:10 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 13:52:10 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 13:52:10 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 13:52:09 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 13:52:09 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 13:52:09 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 13:52:08 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 13:52:08 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 13:52:07 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 13:50:56 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/16 13:50:55 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 13:50:55 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/14 21:01:46 | 00,000,000 | ---D | C] -- C:\spoolerlogs
[2009/04/14 16:44:56 | 00,002,709 | ---- | C] () -- C:\WINDOWS\System32\sebxasuand.dat
[2009/04/07 16:35:37 | 00,002,709 | ---- | C] () -- C:\WINDOWS\System32\craexexje.dat
[2009/04/02 16:13:14 | 00,002,709 | ---- | C] () -- C:\WINDOWS\System32\ylofoebx.dat
[2009/03/31 11:19:13 | 00,002,709 | ---- | C] () -- C:\WINDOWS\System32\asgitojm.dat
[2009/03/27 22:45:26 | 00,002,709 | ---- | C] () -- C:\WINDOWS\System32\adoandpo.dat
[2009/03/14 04:13:40 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/10 16:55:11 | 00,000,859 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/17 14:12:48 | 00,000,246 | ---- | C] () -- C:\WINDOWS\System32\drivers\atmapi.sys
[2008/04/23 15:08:05 | 00,000,240 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2008/04/23 15:06:34 | 00,000,592 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2008/04/23 15:06:32 | 00,000,860 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/04/13 20:11:56 | 00,269,824 | ---- | C] () -- C:\WINDOWS\System32\yloevev.dll
[2008/03/29 01:56:09 | 00,000,268 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/02/08 14:27:15 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2007/11/27 22:41:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2007/07/16 20:01:06 | 00,000,175 | ---- | C] () -- C:\WINDOWS\PPAM115.INI
[2007/06/21 02:24:09 | 00,000,369 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/01/11 20:29:21 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2006/10/29 23:09:54 | 00,000,254 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2006/05/15 18:06:15 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/05/15 18:06:15 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/05/15 00:00:45 | 00,000,138 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/14 20:15:38 | 00,001,094 | ---- | C] () -- C:\WINDOWS\System32\w00de798.ini
[2006/05/14 20:15:12 | 00,000,482 | ---- | C] () -- C:\WINDOWS\xtflh.dll
[2006/02/17 00:51:18 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/01/04 14:19:50 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/12/05 13:37:50 | 00,007,912 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2005/09/15 10:28:03 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\rsUtil.dll
[2005/09/15 10:00:45 | 00,000,875 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/04 12:00:00 | 00,000,774 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 12:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/07/13 15:36:48 | 00,001,640 | ---- | C] () -- C:\WINDOWS\PPAM130.ini
[2002/12/05 18:51:00 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2000/02/08 02:05:36 | 00,110,080 | R--- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[2000/02/08 02:05:34 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL
[1999/03/30 09:53:50 | 00,000,793 | ---- | C] () -- C:\WINDOWS\BTI.INI
[1999/01/22 22:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/07/11 00:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/04/26 16:21:38 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/26 16:19:10 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/26 16:18:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/26 16:18:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/26 16:18:04 | 26,664,5504 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/26 16:03:44 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christy\Desktop\OTListIt2.exe
[2009/04/26 15:44:24 | 00,181,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/26 14:54:46 | 00,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/26 14:54:46 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/26 14:54:46 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/26 12:26:06 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/26 12:24:40 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/26 11:14:42 | 00,001,643 | ---- | M] () -- C:\Documents and Settings\Christy\Desktop\HijackThis.lnk
[2009/04/21 20:12:50 | 00,000,774 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/21 20:12:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/21 20:12:50 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/04/19 19:44:20 | 00,000,448 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2009/04/17 04:10:46 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/14 16:44:58 | 00,002,709 | ---- | M] () -- C:\WINDOWS\System32\sebxasuand.dat
[2009/04/07 16:35:38 | 00,002,709 | ---- | M] () -- C:\WINDOWS\System32\craexexje.dat
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/05 19:42:34 | 02,115,744 | -H-- | M] () -- C:\Documents and Settings\Christy\Local Settings\Application Data\IconCache.db
[2009/04/04 11:53:18 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/02 16:13:16 | 00,002,709 | ---- | M] () -- C:\WINDOWS\System32\ylofoebx.dat
[2009/03/31 11:19:14 | 00,002,709 | ---- | M] () -- C:\WINDOWS\System32\asgitojm.dat
[2009/03/28 11:15:42 | 00,001,384 | ---- | M] () -- C:\Documents and Settings\Christy\Desktop\Windows Explorer.lnk
[2009/03/28 10:48:18 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Christy\My Documents\Christy-Med Bills.xls
[2009/03/27 22:45:28 | 00,002,709 | ---- | M] () -- C:\WINDOWS\System32\adoandpo.dat
< End of report >

Any help would be greatly appreciated.
  • 0

Advertisements

#2
heir
Posted 30 April 2009 - 02:57 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hello CREZ !

Welcome to the site! :) My nickname is heir and I'll be helping clean up your computer. :)

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.


Looks as there is a lot in there that needs to be taken care of.
Let's begin.

Step 1.
SDFix:

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

This can be done from the taskmanager through pasting this line in the runbox
%userprofile%\desktop\SDFix.exe


Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum

Step 2.
ComboFix:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts. (To run it from task manager paste this line %userprofile%\desktop\combofix.exe in the runbox)

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Step 3.
Things I would like to see in your reply:

  • The content of C:\SDFix\Report.txt from step 1.
  • The content of C:\ComboFix.txt from step 2.

  • 0

#3
CREZ
Posted 02 May 2009 - 10:10 AM

CREZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks for responding. It has taken me quite a while to be able to run the items you requested. Here is the ComboFix file. I can't post the report.txt file because the site says it's too big a file to post. Not sure how to proceed.

CREZ

ComboFix 09-05-02.4 - Christy 05/01/2009 23:54.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.74 [GMT -4:00]
Running from: c:\documents and settings\Christy\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bootdll.pif
C:\bootfix.pif
C:\bootfixor.pif
C:\boothelp.pif
C:\bootnfix.pif
C:\diredit.pif
C:\direditor.pif
C:\dirfixer.pif
C:\dllboot.pif
C:\dllfix.pif
c:\documents and settings\Christy\Application Data\Sskdmns.dll
C:\fixboot.pif
C:\MSDLL.pif
c:\program files\Common Files\uninstall information
c:\program files\Common Files\windows
c:\program files\Common Files\windows\AutoIt3.exe
c:\program files\wincmapp
c:\program files\wincmapp\Uninstall.exe
C:\sysbat.bat
c:\windows\syssvc.exe
c:\windows\system32\ystem~1
C:\winntdll.pif

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APPLAYERGATEWAYMGR
-------\Legacy_WINDOWS_OVERLAY_COMPONENTS


((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-05-02 03:01 . 2009-05-02 03:01 -------- d-----w c:\windows\ERUNT
2009-05-02 00:57 . 2009-05-02 00:57 -------- d-sh--w C:\FOUND.011
2009-05-02 00:41 . 2008-11-06 06:03 -------- d-----w C:\SDFix
2009-05-02 00:18 . 2009-05-02 00:18 -------- d-sh--w C:\FOUND.009
2009-04-26 20:01 . 2009-04-26 20:01 -------- d-----w C:\Rooter$
2009-04-26 18:42 . 2009-04-26 18:42 -------- d-----w c:\windows\system32\XPSViewer
2009-04-26 18:42 . 2009-04-26 18:42 -------- d-----w c:\program files\MSBuild
2009-04-26 18:42 . 2009-04-26 18:42 -------- d-----w c:\program files\Reference Assemblies
2009-04-26 18:40 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-26 18:40 . 2008-07-06 12:06 89088 ------w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-26 18:40 . 2008-07-06 10:50 597504 ------w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-26 18:40 . 2008-07-06 12:06 575488 ------w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-26 18:40 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-26 18:40 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-26 18:40 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-26 18:40 . 2009-04-26 18:40 -------- d-----w C:\73d55daae67400ee96139967
2009-04-26 15:14 . 2009-04-26 15:14 -------- d-----w c:\program files\Trend Micro
2009-04-26 14:36 . 2009-04-26 14:36 -------- d-sh--w C:\FOUND.008
2009-04-23 01:35 . 2009-04-23 01:35 -------- d-sh--w C:\FOUND.007
2009-04-22 00:41 . 2009-04-22 00:41 -------- d-sh--w C:\FOUND.006
2009-04-22 00:35 . 2009-04-22 00:35 -------- d-sh--w C:\FOUND.005
2009-04-22 00:29 . 2009-04-22 00:29 -------- d-sh--w C:\FOUND.004
2009-04-20 22:53 . 2009-04-20 22:53 -------- d-sh--w C:\FOUND.003
2009-04-19 18:08 . 2009-04-19 18:08 -------- d-----w c:\documents and settings\Administrator.RESNIK\Application Data\Walgreens
2009-04-19 16:22 . 2009-04-19 16:22 -------- d-sh--w C:\FOUND.002
2009-04-19 11:12 . 2009-04-19 11:12 48792 ----a-w c:\documents and settings\Administrator.RESNIK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-19 10:57 . 2009-04-19 10:57 -------- d-----w c:\documents and settings\Administrator.RESNIK\Local Settings\Application Data\Help
2009-04-18 00:15 . 2009-04-18 00:15 -------- d-sh--w C:\FOUND.001
2009-04-16 17:52 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 17:52 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 17:52 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 17:52 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 17:52 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 17:52 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 17:52 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 17:52 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 17:52 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 17:50 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 17:50 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 01:01 . 2009-04-15 01:01 -------- d-----w C:\spoolerlogs
2009-04-14 20:44 . 2009-04-14 20:44 2709 ----a-w c:\windows\system32\sebxasuand.dat
2009-04-07 20:35 . 2009-04-07 20:35 2709 ----a-w c:\windows\system32\craexexje.dat
2009-04-02 20:13 . 2009-04-02 20:13 2709 ----a-w c:\windows\system32\ylofoebx.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 04:02 . 2009-04-19 16:23 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-02 03:57 . 2004-08-04 16:00 578560 ----a-w c:\windows\system32\user32.dll
2009-05-02 03:46 . 2009-02-07 03:45 330 ---ha-w c:\windows\Tasks\MP Scheduled Scan.job
2009-04-27 16:24 . 2009-02-14 16:03 472 ----a-w c:\windows\Tasks\Ad-Aware Update (Weekly).job
2009-04-26 16:24 . 2009-02-14 16:00 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-19 23:44 . 2007-06-17 23:45 448 ----a-w c:\windows\Tasks\EasyShare Registration Task.job
2009-04-06 19:32 . 2009-03-01 21:12 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2009-03-01 21:12 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-04 15:53 . 2009-02-10 03:25 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-03-31 15:19 . 2009-03-31 15:19 2709 ----a-w c:\windows\system32\asgitojm.dat
2009-03-28 02:45 . 2009-03-28 02:45 2709 ----a-w c:\windows\system32\adoandpo.dat
2009-03-27 01:10 . 2009-03-27 01:10 2709 ----a-w c:\windows\system32\pywicra.dat
2009-03-24 02:25 . 2009-03-24 02:25 2709 ----a-w c:\windows\system32\and32ee.dat
2009-03-22 01:58 . 2006-12-08 02:29 1632 ----a-w c:\windows\system32\d3d8caps.dat
2009-03-18 18:58 . 2009-03-17 23:32 2709 ----a-w c:\windows\system32\aruparg.dat
2009-03-07 16:01 . 2009-02-14 16:42 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-06 14:22 . 2004-08-04 16:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 16:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-22 17:55 . 2005-12-26 21:50 1744 ----a-w c:\windows\system32\d3d9caps.dat
2009-02-20 18:09 . 2004-08-04 16:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 15:24 . 2005-03-12 04:13 11880 ----a-w c:\program files\hijackthis.log
2009-02-09 12:10 . 2004-08-04 16:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 16:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 16:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 16:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 18:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 04:27 . 2009-02-08 04:27 31980 ---ha-w c:\windows\system32\mlfcache.dat
2009-02-08 04:17 . 2006-05-10 11:44 48792 ----a-w c:\documents and settings\Emily\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-07 23:02 . 2004-08-04 02:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-07 03:42 . 2005-11-05 04:10 48792 ----a-w c:\documents and settings\Christy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-06 11:11 . 2004-08-04 16:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2004-08-04 16:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 16:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-04 16:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-02-27 02:17 . 2008-02-27 02:17 0 ----a-w c:\program files\temp01
2006-05-15 00:18 . 2006-05-15 00:15 377 ----a-w c:\program files\Common Files\woge
2006-05-03 14:26 . 2006-05-03 14:26 12288 ----a-w c:\program files\Common Files\woge.dll.tcf
2005-09-06 01:34 . 2005-03-08 03:21 313283 ----a-w c:\program files\cwshredder.zip
2005-07-17 20:23 . 2005-07-17 20:23 774144 ------w c:\program files\RngInterstitial.dll
2005-06-01 00:35 . 2005-06-01 00:35 18347400 ------w c:\program files\yahoo_breakquest_tm5-3.exe
2005-04-18 04:09 . 2005-04-18 04:09 389152 ------w c:\program files\ccsetup117.zip
2005-03-13 20:45 . 2005-03-13 20:44 4605 ------w c:\program files\hijackthiscrez.txt
2005-03-13 20:40 . 2005-03-13 20:40 212849 ------w c:\program files\hijackthis.zip
2005-03-08 03:19 . 2005-03-08 03:19 149504 ------w c:\program files\cwshredder.exe
2005-03-08 03:11 . 2004-09-17 12:53 2636408 ------w c:\program files\aawsepersonal.exe
2005-03-08 03:08 . 2005-03-08 03:08 4331308 ------w c:\program files\spybotsd13.zip
2005-02-16 15:06 . 2005-02-16 15:06 218112 ------w c:\program files\HijackThis.exe
2004-10-20 15:42 . 2004-10-20 15:42 328488 ------w c:\program files\CWSInstall.exe
2004-09-23 22:57 . 2004-09-23 22:57 1099776 ----a-w c:\program files\QuickTimePlayer.exe
2004-05-14 17:15 . 2004-05-14 17:15 4354084 ------w c:\program files\spybotsd13.exe
.
Infected c:\windows\system32\user32.dll hex repaired


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"SansaDispatch"="c:\documents and settings\Christy\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-01-10 79872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-01-04 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.ex\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Network Monitor"=2 (0x2)
"cmdService"=2 (0x2)
"AppLayerGatewayMgr"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Best Buy Digital Music Store Powered by Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10183:TCP"= 10183:TCP:PORT_10183
"29589:TCP"= 29589:TCP:PORT_29589
"45014:TCP"= 45014:TCP:PORT_45014
"22439:TCP"= 22439:TCP:PORT_22439
"51843:TCP"= 51843:TCP:PORT_51843
"46497:TCP"= 46497:TCP:PORT_46497
"21019:TCP"= 21019:TCP:PORT_21019
"16171:TCP"= 16171:TCP:PORT_16171
"40650:TCP"= 40650:TCP:PORT_40650
"17932:TCP"= 17932:TCP:PORT_17932
"8202:TCP"= 8202:TCP:PORT_8202
"54078:TCP"= 54078:TCP:PORT_54078
"22318:TCP"= 22318:TCP:PORT_22318
"14833:TCP"= 14833:TCP:PORT_14833
"38368:TCP"= 38368:TCP:PORT_38368
"25280:TCP"= 25280:TCP:PORT_25280
"58130:TCP"= 58130:TCP:PORT_58130
"19742:TCP"= 19742:TCP:PORT_19742
"45813:TCP"= 45813:TCP:PORT_45813
"6290:TCP"= 6290:TCP:PORT_6290
"59409:TCP"= 59409:TCP:PORT_59409

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-26 64160]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-26 953168]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 4mmdat;4mmdat;c:\windows\system32\DRIVERS\4mmdat.sys [2008-04-13 12288]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\AUTORUN.EXE
.
Contents of the 'Scheduled Tasks' folder

2009-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:24]

2009-05-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
HKLM-Run-THGuard - c:\program files\TrojanHunter 4.5\THGuard.exe
HKLM-Run-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
HKLM-Run-ms05893890944 - c:\windows\ms05893890944.exe
HKLM-Run-IPHSend - c:\program files\Common Files\AOL\IPHSend\IPHSend.exe
HKLM-Run-HostManager - c:\program files\Common Files\AOL\1136402504\ee\AOLSoftware.exe
HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
HKLM-Run-etavrwrA - c:\windows\etavrwrA.exe
HKLM-Run-w0044428.dll - w0044428.dll
HKLM-Run-w0024100.dll - w0024100.dll
HKU-Default-Run-vmkxr - c:\windows\system32\ayyfqu.exe
HKU-Default-Run-PECarlin - c:\program files\PECarlin\PECarlin.exe
HKU-Default-Run-zioz - c:\progra~1\COMMON~1\zioz\ziozm.exe


.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
Trusted Zone: turbotax.com
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {205FF73B-CA67-11D5-99DD-444553540002} - hxxp://www.wildtangent.com/webdrivers/webinstall/shockwave/Install.cab
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {988E213A-89C7-4C4E-B15F-5B7EDA2C34C0} - hxxp://www.shockwave.com/content/butterflyescape/sis/GenimoWebGamesControl.cab
DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} - hxxp://www.shockwave.com/content/sandscript/sis/SandScript.1.0.0.21.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 00:03
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3920)
c:\windows\system32\sebxasuand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\program files\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\drwtsn32.exe
.
**************************************************************************
.
Completion time: 2009-05-02 0:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-02 04:11

Pre-Run: 8,845,361,152 bytes free
Post-Run: 8,928,657,408 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

276 --- E O F --- 2009-05-02 00:08
  • 0

#4
heir
Posted 02 May 2009 - 10:14 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

Thanks for responding. It has taken me quite a while to be able to run the items you requested. Here is the ComboFix file. I can't post the report.txt file because the site says it's too big a file to post. Not sure how to proceed.

Try doing this.
Zip it and attach it in your reply.


Please also do this.( You need to download OTListt2 again as you ran it from a temp location previously)

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
Extras.txt might not be generated. That's OK.

Edited by heir, 02 May 2009 - 10:44 AM.
Added OTL2-scan

  • 0

#5
CREZ
Posted 02 May 2009 - 11:56 AM

CREZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OTListIt logfile created on: 5/2/2009 1:43:01 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Christy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.23 Mb Total Physical Memory | 67.99 Mb Available Physical Memory | 26.74% Memory free
625.58 Mb Paging File | 297.39 Mb Available in Paging File | 47.54% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 8.15 Gb Free Space | 21.89% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 550.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RESNIK
Current User Name: Christy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\WINDOWS\system32\taskmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Documents and Settings\Christy\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSONStatusAgent2 [Auto | Running]) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MSCamSvc [Auto | Stopped]) -- File not found
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (4mmdat [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\4mmdat.sys (Microsoft Corporation)
DRV - (ac97intc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (EL90XBC [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HCF_MSFT [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys (Conexant)
DRV - (i81x [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV05NT.sys (Intel® Corporation)
DRV - (iAimFP3 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimFP4 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimFP5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV07nt.sys (Intel® Corporation)
DRV - (iAimFP6 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV08nt.sys (Intel® Corporation)
DRV - (iAimFP7 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV09nt.sys (Intel® Corporation)
DRV - (iAimTV0 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV01nt.sys (Intel® Corporation)
DRV - (iAimTV1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV3 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV4 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys (Intel® Corporation)
DRV - (iAimTV5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV10nt.sys (Intel® Corporation)
DRV - (iAimTV6 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV06nt.sys (Intel® Corporation)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (VX3000 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\VX3000.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/26 14:46:28 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Christy\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\TK8 EasyNote 1.1.lnk = C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 53 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 54 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range37 ([https] in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} http://www.wildtange...ave/Install.cab (CInstall Class)
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} http://aolsvc.aol.co...Web.1.0.0.8.cab (CPlayFirstmsiControl Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1194239175155 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1194239136359 (MUWebControl Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://66.42.244.165/Remote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.shockwave...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {988E213A-89C7-4C4E-B15F-5B7EDA2C34C0} http://www.shockwave...amesControl.cab (GenimoWebGames Control)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} http://www.shockwave...eb.1.0.0.10.cab (CPlayFirstzenerchiControl Object)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Hidden%20Expedition%20-%20Everest/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} http://www.shockwave...pt.1.0.0.21.cab (CPlayFirstSandScriptControl Object)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://www.shockwave...inematycoon.cab (TikGames Online Control)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://liveca12.cust...l/java/RntX.cab (Live Collaboration)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\sebxasuand.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000/09/25 19:59:20 | 00,000,180 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2005/05/10 10:06:30 | 00,000,386 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/09/03 17:46:50 | 00,000,257 | ---- | M] () - C:\autoexec.pav -- [ FAT32 ]
O32 - AutoRun File - [2005/03/05 23:38:28 | 00,000,514 | ---- | M] () - C:\AUTOEXEC.TR -- [ FAT32 ]
O32 - AutoRun File - [1997/10/03 10:51:54 | 00,019,456 | R--- | M] (Sierra On-Line, Inc.) - E:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1998/11/03 12:47:12 | 00,000,206 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AUTORUN.EXE -- [1997/10/03 10:51:54 | 00,019,456 | R--- | M] (Sierra On-Line, Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (SsiEfr.ex) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2009/05/02 00:11:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christy\Local Settings\temp
[2009/05/01 23:59:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/05/01 23:49:26 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/01 23:49:23 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/01 23:46:58 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/05/01 23:38:24 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/01 23:38:24 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/01 23:38:24 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/01 23:38:24 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/01 23:38:24 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/01 23:38:24 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/01 23:38:24 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/01 23:38:24 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/01 23:38:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/01 23:38:07 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/01 23:17:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christy\Application Data\WinRAR
[2009/05/01 23:12:50 | 26,664,5504 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/01 23:01:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/05/01 20:57:36 | 00,000,000 | -HSD | C] -- C:\FOUND.011
[2009/05/01 20:46:49 | 03,012,596 | R--- | C] () -- C:\Documents and Settings\Christy\Desktop\ComboFix.exe
[2009/05/01 20:41:52 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/05/01 20:41:15 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Christy\Desktop\SDFix.exe
[2009/05/01 20:18:48 | 00,000,000 | -HSD | C] -- C:\FOUND.009
[2009/04/27 06:36:45 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/04/26 16:03:40 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christy\Desktop\OTListIt2.exe
[2009/04/26 16:01:12 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/26 14:42:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/04/26 14:42:40 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/04/26 14:42:23 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/04/26 14:40:16 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/04/26 14:40:16 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/04/26 14:40:16 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/04/26 14:40:15 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/04/26 14:40:15 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/04/26 14:40:15 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/04/26 14:40:15 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/04/26 14:40:14 | 00,000,000 | ---D | C] -- C:\73d55daae67400ee96139967
[2009/04/26 11:14:40 | 00,001,643 | ---- | C] () -- C:\Documents and Settings\Christy\Desktop\HijackThis.lnk
[2009/04/26 11:14:39 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/26 10:36:16 | 00,000,000 | -HSD | C] -- C:\FOUND.008
[2009/04/22 21:35:08 | 00,000,000 | -HSD | C] -- C:\FOUND.007
[2009/04/21 20:41:50 | 00,000,000 | -HSD | C] -- C:\FOUND.006
[2009/04/21 20:35:36 | 00,000,000 | -HSD | C] -- C:\FOUND.005
[2009/04/21 20:29:16 | 00,000,000 | -HSD | C] -- C:\FOUND.004
[2009/04/21 20:12:41 | 00,001,905 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\KODAK Software Updater.lnk
[2009/04/21 20:12:41 | 00,001,746 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2009/04/21 20:12:41 | 00,001,717 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/04/21 20:12:41 | 00,001,666 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/04/21 20:12:41 | 00,001,634 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/04/21 20:12:41 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\TK8 EasyNote 1.1.lnk
[2009/04/20 18:53:58 | 00,000,000 | -HSD | C] -- C:\FOUND.003
[2009/04/19 12:23:02 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/19 12:22:40 | 00,000,000 | -HSD | C] -- C:\FOUND.002
[2009/04/17 20:15:56 | 00,000,000 | -HSD | C] -- C:\FOUND.001
[2009/04/16 13:52:10 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 13:52:10 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 13:52:10 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 13:52:09 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 13:52:09 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 13:52:09 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 13:52:08 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 13:52:08 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 13:52:07 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 13:50:56 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/16 13:50:55 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 13:50:55 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/14 21:01:46 | 00,000,000 | ---D | C] -- C:\spoolerlogs
[2009/04/14 16:44:56 | 00,002,709 | ---- | C] () -- C:\WINDOWS\System32\sebxasuand.dat
[2009/04/07 16:35:37 | 00,002,709 | ---- | C] () -- C:\WINDOWS\System32\craexexje.dat
[2009/04/02 16:13:14 | 00,002,709 | ---- | C] () -- C:\WINDOWS\System32\ylofoebx.dat
[2009/03/14 04:13:40 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/10 16:55:11 | 00,000,859 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/04/23 15:08:05 | 00,000,240 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2008/04/23 15:06:34 | 00,000,592 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2008/04/23 15:06:32 | 00,000,860 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/04/13 20:11:56 | 00,269,824 | ---- | C] () -- C:\WINDOWS\System32\yloevev.dll
[2008/03/29 01:56:09 | 00,000,268 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/02/08 14:27:15 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2007/11/27 22:41:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2007/07/16 20:01:06 | 00,000,175 | ---- | C] () -- C:\WINDOWS\PPAM115.INI
[2007/06/21 02:24:09 | 00,000,369 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/01/11 20:29:21 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2006/10/29 23:09:54 | 00,000,254 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2006/05/15 18:06:15 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/05/15 18:06:15 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/05/15 00:00:45 | 00,000,138 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/14 20:15:38 | 00,001,094 | ---- | C] () -- C:\WINDOWS\System32\w00de798.ini
[2006/05/14 20:15:12 | 00,000,482 | ---- | C] () -- C:\WINDOWS\xtflh.dll
[2006/02/17 00:51:18 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/01/04 14:19:50 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/12/05 13:37:50 | 00,007,912 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2005/09/15 10:28:03 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\rsUtil.dll
[2005/09/15 10:00:45 | 00,000,875 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/04 12:00:00 | 00,000,774 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 12:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/07/13 15:36:48 | 00,001,640 | ---- | C] () -- C:\WINDOWS\PPAM130.ini
[2002/12/05 18:51:00 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2000/02/08 02:05:36 | 00,110,080 | R--- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[2000/02/08 02:05:34 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL
[1999/03/30 09:53:50 | 00,000,793 | ---- | C] () -- C:\WINDOWS\BTI.INI
[1999/01/22 22:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/07/11 00:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2009/05/02 13:39:46 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christy\Desktop\OTListIt2.exe
[2009/05/02 13:35:34 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/02 13:33:22 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/02 13:32:48 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Christy\Local Settings\desktop.ini
[2009/05/02 13:32:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/02 13:32:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/02 13:32:06 | 26,664,5504 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/02 11:53:16 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/02 00:03:46 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/01 23:57:44 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\user32.dll
[2009/05/01 23:57:44 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/05/01 23:49:32 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/01 20:46:50 | 03,012,596 | R--- | M] () -- C:\Documents and Settings\Christy\Desktop\ComboFix.exe
[2009/05/01 20:41:26 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Christy\Desktop\SDFix.exe
[2009/05/01 15:36:48 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/27 12:24:40 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/26 15:44:24 | 00,181,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/26 14:54:46 | 00,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/26 14:54:46 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/26 14:54:46 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/26 12:24:40 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/26 11:14:42 | 00,001,643 | ---- | M] () -- C:\Documents and Settings\Christy\Desktop\HijackThis.lnk
[2009/04/21 20:12:50 | 00,000,774 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/21 20:12:50 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/04/19 19:44:20 | 00,000,448 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2009/04/17 04:10:54 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/14 16:44:58 | 00,002,709 | ---- | M] () -- C:\WINDOWS\System32\sebxasuand.dat
[2009/04/07 16:35:38 | 00,002,709 | ---- | M] () -- C:\WINDOWS\System32\craexexje.dat
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/02 16:13:16 | 00,002,709 | ---- | M] () -- C:\WINDOWS\System32\ylofoebx.dat
< End of report >
  • 0

#6
CREZ
Posted 02 May 2009 - 12:09 PM

CREZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I've attached the zip file of report.

Thanks.

Attached Files


  • 0

#7
heir
Posted 02 May 2009 - 02:14 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hm.. a lot of info to go through.
This will take some steps to clean :) .

Do you recognize these hidden files?
Sat  6 Jan 2007	   835,584 ...H. --- "C:\My Games\Captain BubbleBeard's Treasure\BubbleBeard.exe"
Wed 13 Jun 2007	 3,227,648 A..H. --- "C:\My Games\G.H.O.S.T. Hunters\GHOST Hunters.exe"
Sun 20 Jan 2008	41,674,855 ...H. --- "C:\My Games\The Great Tree\GreatTree.exe"
Thu 24 Jan 2008	20,825,295 A..H. --- "C:\My Games\Hide & Secret\Hide-and-Secret.exe"

O32 - AutoRun File - [2000/09/25 19:59:20 | 00,000,180 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2005/05/10 10:06:30 | 00,000,386 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/09/03 17:46:50 | 00,000,257 | ---- | M] () - C:\autoexec.pav -- [ FAT32 ]
O32 - AutoRun File - [2005/03/05 23:38:28 | 00,000,514 | ---- | M] () - C:\AUTOEXEC.TR -- [ FAT32 ]

There is also a lot of open ports. Do you recognize that you've opened these ports for traffic?
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10183:TCP"= 10183:TCP:PORT_10183
"29589:TCP"= 29589:TCP:PORT_29589
"45014:TCP"= 45014:TCP:PORT_45014
"22439:TCP"= 22439:TCP:PORT_22439
"51843:TCP"= 51843:TCP:PORT_51843
"46497:TCP"= 46497:TCP:PORT_46497
"21019:TCP"= 21019:TCP:PORT_21019
"16171:TCP"= 16171:TCP:PORT_16171
"40650:TCP"= 40650:TCP:PORT_40650
"17932:TCP"= 17932:TCP:PORT_17932
"8202:TCP"= 8202:TCP:PORT_8202
"54078:TCP"= 54078:TCP:PORT_54078
"22318:TCP"= 22318:TCP:PORT_22318
"14833:TCP"= 14833:TCP:PORT_14833
"38368:TCP"= 38368:TCP:PORT_38368
"25280:TCP"= 25280:TCP:PORT_25280
"58130:TCP"= 58130:TCP:PORT_58130
"19742:TCP"= 19742:TCP:PORT_19742
"45813:TCP"= 45813:TCP:PORT_45813
"6290:TCP"= 6290:TCP:PORT_6290
"59409:TCP"= 59409:TCP:PORT_59409


Step 1.
OTL-fix:

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} http://www.wildtangent.com/webdrivers/webi...ave/Install.cab (CInstall Class)
[2009/04/14 16:44:56 | 00,002,709 | ---- | C] () -- C:\WINDOWS\System32\sebxasuand.dat
[2009/04/07 16:35:37 | 00,002,709 | ---- | C] () -- C:\WINDOWS\System32\craexexje.dat
[2009/04/02 16:13:14 | 00,002,709 | ---- | C] () -- C:\WINDOWS\System32\ylofoebx.dat
[2008/04/13 20:11:56 | 00,269,824 | ---- | C] () -- C:\WINDOWS\System32\yloevev.dll
:Reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=-
:Files
c:\windows\system32\asgitojm.dat
c:\windows\system32\adoandpo.dat
c:\windows\system32\pywicra.dat
c:\windows\system32\and32ee.dat
c:\windows\system32\aruparg.dat
c:\program files\temp01
c:\windows\system32\sebxasuand.dll
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL2 fixlog

Step 2.
OTL-scan:

  • Double click on OTListIt2.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Underneath Extra Registry setting change it to Use SafeList.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Step 3.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 4.
Filescans:

  • Using Internet Explorer please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\CHOICE.COM
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Do the same with these:C:\ZZ.EXE
C:\WINDOWS\System32\w00de798.ini
c:\program files\Common Files\woge
c:\program files\Common Files\woge.dll.tcf


Step 5.
Things I would like to see in your reply:

  • Answer to my questions in the beginning of this post.
  • The content of the fixlog from OTL2 in step 1.
  • The content of OTListIt.txt and Extras.txt from step 2
  • The content of C:\lopR.txt in step 3.
  • The results from the filescans in step 4.
  • Information on how your computer is running after these steps.

  • 0

#8
CREZ
Posted 02 May 2009 - 08:12 PM

CREZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I am not able to run the first item. When I paste in the block to OTListIt2 it appears to begin to run and then the program locks up. At the bottom it says "Moving file c:\windows\system32\sebxasuand.dll" and won't continue. How should I proceed?

As far as the hidden files, the first 4 lines look like some games I may have downloaded but I don't know what the AutoRun File lines are about. As far as the open ports, I have no idea what those are.

CREZ
  • 0

#9
heir
Posted 02 May 2009 - 09:26 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Ok thanks.
I've changed the OTL-fix a bit
Do it like this then.

Step 1.
OTL-fix:

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} http://www.wildtangent.com/webdrivers/webi...ave/Install.cab (CInstall Class)
[2009/04/14 16:44:56 | 00,002,709 | ---- | C] () -- C:\WINDOWS\System32\sebxasuand.dat
[2009/04/07 16:35:37 | 00,002,709 | ---- | C] () -- C:\WINDOWS\System32\craexexje.dat
[2009/04/02 16:13:14 | 00,002,709 | ---- | C] () -- C:\WINDOWS\System32\ylofoebx.dat
[2008/04/13 20:11:56 | 00,269,824 | ---- | C] () -- C:\WINDOWS\System32\yloevev.dll
:Reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10183:TCP"=-
"29589:TCP"=-
"45014:TCP"=-
"22439:TCP"=-
"51843:TCP"=-
"46497:TCP"=-
"21019:TCP"=-
"16171:TCP"=-
"40650:TCP"=-
"17932:TCP"=-
"8202:TCP"=-
"54078:TCP"=-
"22318:TCP"=-
"14833:TCP"=-
"38368:TCP"=-
"25280:TCP"=-
"58130:TCP"=-
"19742:TCP"=-
"45813:TCP"=-
"6290:TCP"=-
"59409:TCP"=-
:Files
c:\windows\system32\asgitojm.dat
c:\windows\system32\adoandpo.dat
c:\windows\system32\pywicra.dat
c:\windows\system32\and32ee.dat
c:\windows\system32\aruparg.dat
c:\program files\temp01
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL2 fixlog

Step 2.
OTL-scan:

  • Double click on OTListIt2.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Underneath Extra Registry setting change it to Use SafeList.
  • Under the Custom Scans/Fixes box at the bottom left paste the following in

    C:\My Games\*.* /s
    C:\_OTListIt\MovedFiles\*.log


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need more then one post to fit all in.

Step 3.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 4.
Filescans:

  • Using Internet Explorer please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\CHOICE.COM
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Do the same with these:C:\ZZ.EXE
C:\WINDOWS\System32\w00de798.ini
c:\program files\Common Files\woge
c:\program files\Common Files\woge.dll.tcf


Step 5.
Things I would like to see in your reply:

  • The content of the fixlog from OTL2 in step 1.
  • The content of OTListIt.txt and Extras.txt from step 2
  • The content of C:\lopR.txt in step 3.
  • The results from the filescans in step 4.
  • Information on how your computer is running after these steps.

Edited by heir, 02 May 2009 - 09:29 PM.

  • 0

#10
CREZ
Posted 03 May 2009 - 10:29 AM

CREZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here are the Lop S & D and the final one of the VirScan.

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel Pentium III processor )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A04
USER : Christy ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total:37 Go (Free:8 Go)
D:\ (USB)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (USB) - FAT - Total:249 Mo (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sun 05/03/2009|11:48 )

--------------------\\ Listing folders in APPLIC~1

[09/03/2005|03:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[09/03/2005|05:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[09/03/2005|03:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Broderbund Software
[09/03/2005|03:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GameHouse
[09/03/2005|03:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[09/03/2005|03:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[09/03/2005|05:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[09/09/2005|09:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[09/03/2005|03:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> vidctrl
[09/03/2005|03:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint

[09/03/2005|03:45] C:\DOCUME~1\cresnik\APPLIC~1\<DIR> Aim
[09/03/2005|05:11] C:\DOCUME~1\cresnik\APPLIC~1\<DIR> Apple Computer
[09/03/2005|03:45] C:\DOCUME~1\cresnik\APPLIC~1\<DIR> Arcsoft
[09/03/2005|03:45] C:\DOCUME~1\cresnik\APPLIC~1\<DIR> Identities
[09/03/2005|03:45] C:\DOCUME~1\cresnik\APPLIC~1\<DIR> Inspiration Software
[09/03/2005|03:45] C:\DOCUME~1\cresnik\APPLIC~1\<DIR> Kontiki
[09/05/2005|03:13] C:\DOCUME~1\cresnik\APPLIC~1\<DIR> Lavasoft
[09/03/2005|03:45] C:\DOCUME~1\cresnik\APPLIC~1\<DIR> Leadertech
[09/03/2005|03:45] C:\DOCUME~1\cresnik\APPLIC~1\<DIR> Macromedia
[09/03/2005|03:29] C:\DOCUME~1\cresnik\APPLIC~1\<DIR> Microsoft
[09/03/2005|03:45] C:\DOCUME~1\cresnik\APPLIC~1\<DIR> Microsoft Web Folders
[09/03/2005|03:45] C:\DOCUME~1\cresnik\APPLIC~1\<DIR> MumboJumbo
[09/03/2005|03:45] C:\DOCUME~1\cresnik\APPLIC~1\<DIR> Peachtree
[09/03/2005|03:45] C:\DOCUME~1\cresnik\APPLIC~1\<DIR> Real
[09/03/2005|03:45] C:\DOCUME~1\cresnik\APPLIC~1\<DIR> Spybot - Search & Destroy
[09/03/2005|03:45] C:\DOCUME~1\cresnik\APPLIC~1\<DIR> Webshots
[09/03/2005|03:45] C:\DOCUME~1\cresnik\APPLIC~1\<DIR> Wildfire

[09/03/2005|03:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[09/03/2005|03:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[09/04/2005|12:33] C:\DOCUME~1\MONICA\APPLIC~1\<DIR> Apple Computer
[09/05/2005|07:25] C:\DOCUME~1\MONICA\APPLIC~1\<DIR> Help
[09/04/2005|12:32] C:\DOCUME~1\MONICA\APPLIC~1\<DIR> Identities
[09/04/2005|10:46] C:\DOCUME~1\MONICA\APPLIC~1\<DIR> Lavasoft
[09/04/2005|12:51] C:\DOCUME~1\MONICA\APPLIC~1\<DIR> Macromedia
[09/03/2005|03:29] C:\DOCUME~1\MONICA\APPLIC~1\<DIR> Microsoft
[09/10/2005|12:22] C:\DOCUME~1\MONICA\APPLIC~1\<DIR> Real
[09/05/2005|02:07] C:\DOCUME~1\MONICA\APPLIC~1\<DIR> Spybot - Search & Destroy
[09/06/2005|03:08] C:\DOCUME~1\MONICA\APPLIC~1\<DIR> Webshots

[09/06/2005|06:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Lavasoft
[09/03/2005|03:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[09/06/2005|06:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Spybot - Search & Destroy

[09/11/2005|09:54] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\<DIR> Microsoft

[03/07/2009|12:40] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[02/14/2009|11:52] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> {83C91755-2546-441D-AC40-9A6B4B860800}
[11/30/2005|08:42] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Adobe
[01/04/2006|02:22] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> AOL
[01/04/2006|02:19] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> AOL Downloads
[06/05/2007|02:41] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> AOL OCP
[01/04/2008|11:26] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Apple
[09/12/2005|10:51] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Apple Computer
[05/21/2008|08:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Astar Games
[05/09/2008|10:59] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> BigFishGamesCache
[05/08/2008|10:06] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Broderbund Software
[12/05/2007|10:23] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Christmasville
[02/05/2008|08:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> DivoGames
[07/10/2007|02:15] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Escape From Paradise
[04/11/2008|10:07] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> EscapeTheMuseum
[12/29/2007|08:15] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Flood Light Games
[05/08/2007|07:19] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> FloodLightGames
[02/20/2009|06:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> GameHouse
[05/22/2007|09:14] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Genimo
[12/14/2005|08:03] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> gerry
[04/29/2008|09:15] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Gogii
[06/03/2008|08:28] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Gogii Games
[01/22/2007|05:42] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Google
[09/02/2007|02:45] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Hewlett-Packard
[12/29/2007|09:06] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> HiddenSecretsNightmare
[05/20/2008|09:37] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Hot Lava Games
[12/25/2006|10:40] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> HP
[04/16/2007|08:46] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Intuit
[01/20/2007|07:12] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Irene
[10/10/2006|07:51] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> iWin
[05/15/2007|11:51] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> JollyBear
[06/17/2007|07:44] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Kodak
[12/18/2008|03:13] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Lavasoft
[03/01/2009|05:12] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Malwarebytes
[09/11/2005|09:54] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Microsoft
[03/05/2008|07:26] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> MonteCristo
[11/14/2005|09:42] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> MumboJumbo
[12/28/2007|09:11] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> MythPeople
[11/02/2007|07:13] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> NeptunesAdve
[08/14/2007|11:41] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Oberon Games
[10/07/2005|11:51] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> PlayFirst
[11/14/2005|11:06] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> PopCap
[11/27/2007|10:48] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Real
[10/06/2007|12:18] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> RealArcade
[11/30/2005|10:34] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Sandlot Games
[02/07/2009|12:40] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> SITEguard
[02/08/2008|03:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Skype
[08/15/2008|09:35] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Slapdash Games
[08/01/2007|07:48] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> SpinTop Games
[03/23/2006|12:51] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Spybot - Search & Destroy
[02/07/2009|12:37] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> STOPzilla!
[01/26/2007|11:19] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> TEMP
[10/29/2005|06:46] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Trymedia
[04/16/2007|08:41] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> TurboTax 2006
[09/12/2005|11:10] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Viewpoint
[07/07/2006|09:34] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> WildTangent
[05/15/2006|07:05] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Windows Genuine Advantage
[12/22/2007|10:12] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Zylom

[09/11/2005|09:54] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\<DIR> Microsoft

[05/14/2006|08:18] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\<DIR> Macromedia
[09/11/2005|09:54] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\<DIR> Microsoft
[05/15/2006|06:06] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\<DIR> Webroot

[01/15/2006|08:44] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> acccore
[11/30/2005|08:38] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Adobe
[12/17/2005|10:04] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> AdobeUM
[10/02/2005|06:47] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Aim
[10/18/2007|08:34] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> AlwaysNeat
[09/18/2005|03:04] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Apple Computer
[05/20/2006|12:01] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Beep
[01/12/2008|10:16] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Big Fish Games
[09/17/2008|08:11] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> BigFishv1005
[01/29/2008|09:37] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> CaribbeanHideaway
[03/25/2008|08:42] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> cerasus.media
[12/29/2007|08:15] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Flood Light Games
[05/10/2007|09:08] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> FloodLightGames
[12/08/2007|05:46] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> ForgottenRiddles
[07/18/2008|09:55] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> ForgottenRiddles2
[04/02/2008|07:55] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Friday's games
[02/10/2006|06:56] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> funkitron
[11/25/2007|09:40] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Gaijin Ent
[06/03/2008|08:28] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Gogii Games
[12/15/2005|08:06] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Google
[05/03/2008|12:23] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Harmonic Flow
[09/27/2006|06:23] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Help
[09/11/2005|10:26] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Identities
[09/26/2005|09:07] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Inspiration Software
[04/16/2007|08:43] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> InstallShield
[04/16/2007|08:48] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Intuit
[02/09/2008|01:40] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> iWin
[10/18/2005|12:41] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Lavasoft
[09/15/2005|08:59] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Macromedia
[04/27/2007|06:19] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Magic Academy
[12/22/2005|11:36] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Magic Match
[03/01/2009|04:17] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Malwarebytes
[07/04/2008|12:30] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Meridian93
[09/11/2005|09:54] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Microsoft
[09/15/2005|10:19] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Microsoft Web Folders
[11/10/2007|07:40] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Move Networks
[05/01/2006|08:12] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Peachtree
[01/02/2008|06:29] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Pirateville
[10/07/2005|11:51] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> PlayFirst
[01/03/2006|10:27] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Real
[02/20/2009|08:58] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Realv1001
[09/19/2008|11:31] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Realv1005
[01/10/2009|06:54] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> SanDisk
[12/26/2006|01:59] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Simple Star
[10/02/2008|09:27] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Skip-Bo
[02/08/2008|03:41] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Skype
[02/08/2008|03:43] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> skypePM
[09/14/2007|05:46] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> SpinTop
[03/29/2008|02:34] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> SprillBermudeEng
[11/13/2005|10:20] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Spybot - Search & Destroy
[07/27/2008|08:17] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Sudden Games
[05/27/2008|08:30] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> SultansLabyrinth
[09/15/2005|09:00] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Sun
[05/22/2006|09:56] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> TrojanHunter
[09/18/2007|07:48] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> VeniceMysteryData
[11/08/2006|07:15] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Walgreens
[10/06/2005|11:29] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Wildfire
[05/01/2009|11:17] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> WinRAR
[01/11/2007|08:19] C:\DOCUME~1\CHRISTY\APPLIC~1\<DIR> Yahoo!

[01/04/2006|05:42] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> acccore
[12/18/2005|04:34] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Adobe
[12/25/2005|11:50] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> AdobeUM
[09/12/2005|11:10] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Aim
[09/12/2005|10:53] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Apple Computer
[04/02/2007|10:15] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Chicken Chase
[05/08/2007|07:19] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> FloodLightGames
[02/26/2006|02:35] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> funkitron
[12/13/2005|12:50] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Google
[12/03/2005|06:17] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Help
[12/25/2006|10:45] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> HP
[09/11/2005|10:51] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Identities
[12/25/2006|11:03] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Image Zone Express
[09/26/2005|08:46] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Inspiration Software
[10/10/2006|07:51] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> iWin
[09/24/2005|09:48] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Lavasoft
[09/12/2005|11:21] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Macromedia
[01/17/2006|04:29] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Magic Match
[09/11/2005|09:54] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Microsoft
[09/17/2006|08:39] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> MySpace
[03/18/2006|02:41] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> PlayFirst
[06/23/2008|11:21] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Playrix Entertainment
[01/03/2006|11:52] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Real
[11/06/2006|03:52] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Simple Star
[02/05/2007|05:59] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Snapfish
[12/13/2005|03:15] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Spybot - Search & Destroy
[09/12/2005|02:42] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Sun
[01/11/2007|01:14] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Viewpoint
[11/06/2006|03:40] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Walgreens
[09/16/2005|03:14] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Webshots
[01/11/2007|12:30] C:\DOCUME~1\MONICA~1.RES\APPLIC~1\<DIR> Yahoo!

[01/04/2006|02:23] C:\DOCUME~1\EMILY\APPLIC~1\<DIR> acccore
[12/15/2005|04:02] C:\DOCUME~1\EMILY\APPLIC~1\<DIR> Adobe
[05/08/2006|08:24] C:\DOCUME~1\EMILY\APPLIC~1\<DIR> AdobeUM
[12/14/2005|11:31] C:\DOCUME~1\EMILY\APPLIC~1\<DIR> Aim
[12/15/2005|02:46] C:\DOCUME~1\EMILY\APPLIC~1\<DIR> Apple Computer
[04/08/2007|04:01] C:\DOCUME~1\EMILY\APPLIC~1\<DIR> Google
[09/20/2005|08:21] C:\DOCUME~1\EMILY\APPLIC~1\<DIR> Identities
[05/19/2006|06:27] C:\DOCUME~1\EMILY\APPLIC~1\<DIR> Lavasoft
[11/28/2005|07:29] C:\DOCUME~1\EMILY\APPLIC~1\<DIR> Macromedia
[09/11/2005|09:54] C:\DOCUME~1\EMILY\APPLIC~1\<DIR> Microsoft
[07/16/2007|06:21] C:\DOCUME~1\EMILY\APPLIC~1\<DIR> MySpace
[05/19/2006|06:20] C:\DOCUME~1\EMILY\APPLIC~1\<DIR> PC Tools
[01/04/2006|02:16] C:\DOCUME~1\EMILY\APPLIC~1\<DIR> Real
[12/20/2005|05:46] C:\DOCUME~1\EMILY\APPLIC~1\<DIR> Sun
[04/08/2007|04:01] C:\DOCUME~1\EMILY\APPLIC~1\<DIR> Yahoo!

[04/19/2009|06:57] C:\DOCUME~1\ADMINI~1.RES\APPLIC~1\<DIR> Help
[03/26/2009|12:15] C:\DOCUME~1\ADMINI~1.RES\APPLIC~1\<DIR> Malwarebytes
[09/11/2005|09:54] C:\DOCUME~1\ADMINI~1.RES\APPLIC~1\<DIR> Microsoft
[04/19/2009|02:08] C:\DOCUME~1\ADMINI~1.RES\APPLIC~1\<DIR> Walgreens

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[05/03/2009 11:29 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/27/2009 12:24 PM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[05/02/2009 11:53 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[05/03/2009 11:33 AM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[04/19/2009 07:44 PM][--a------] C:\WINDOWS\tasks\EasyShare Registration Task.job
[08/04/2004 08:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[07/17/2005|04:21] C:\Program Files\<DIR> _ArcadeDownloadFolder
[09/03/2004|03:52] C:\Program Files\<DIR> Accessories
[09/03/2004|04:02] C:\Program Files\<DIR> Adobe
[02/08/2008|04:58] C:\Program Files\<DIR> AIM
[04/20/2008|12:11] C:\Program Files\<DIR> AIM6
[09/03/2004|04:04] C:\Program Files\<DIR> aod
[02/09/2009|11:25] C:\Program Files\<DIR> Apple Software Update
[03/23/2005|08:51] C:\Program Files\<DIR> backups
[01/10/2009|04:42] C:\Program Files\<DIR> Best Buy Digital Music Store Powered by Rhapsody
[12/31/2005|06:48] C:\Program Files\<DIR> BFG
[05/09/2008|11:00] C:\Program Files\<DIR> bfgclient
[02/09/2009|11:05] C:\Program Files\<DIR> Bonjour
[09/03/2004|04:02] C:\Program Files\<DIR> Borland
[01/01/2006|01:31] C:\Program Files\<DIR> BricksOfAtlantis_at
[05/08/2008|10:06] C:\Program Files\<DIR> Broderbund
[03/31/2005|10:45] C:\Program Files\<DIR> Canon
[04/18/2005|12:11] C:\Program Files\<DIR> CCleaner
[09/03/2004|03:52] C:\Program Files\<DIR> CHAT
[09/03/2004|03:50] C:\Program Files\<DIR> Common Files
[09/03/2005|03:38] C:\Program Files\<DIR> ComPlus Applications
[09/12/2004|11:43] C:\Program Files\<DIR> Crystal Decisions
[09/03/2004|04:05] C:\Program Files\<DIR> Dane Elec
[09/03/2004|03:53] C:\Program Files\<DIR> DirectX
[09/03/2004|04:03] C:\Program Files\<DIR> DK Multimedia
[11/22/2005|03:38] C:\Program Files\<DIR> easetech
[09/15/2004|10:19] C:\Program Files\<DIR> Electronic Arts
[04/15/2008|07:49] C:\Program Files\<DIR> EPSON
[01/30/2006|10:48] C:\Program Files\<DIR> GoldMinerVegas_at
[09/13/2005|03:02] C:\Program Files\<DIR> Google
[06/14/2006|11:57] C:\Program Files\<DIR> Harmonic Flow
[12/25/2006|10:37] C:\Program Files\<DIR> Hewlett-Packard
[05/22/2006|06:24] C:\Program Files\<DIR> Hijackthis
[12/25/2006|10:34] C:\Program Files\<DIR> HP
[09/03/2004|04:02] C:\Program Files\<DIR> InstallShield Installation Information
[09/03/2004|03:53] C:\Program Files\<DIR> Intel
[09/05/2005|09:34] C:\Program Files\<DIR> InterMute
[09/03/2004|03:53] C:\Program Files\<DIR> Internet Explorer
[09/03/2005|05:08] C:\Program Files\<DIR> iPod
[09/03/2005|05:29] C:\Program Files\<DIR> iTunes
[09/15/2004|10:12] C:\Program Files\<DIR> Jane's Combat Simulations
[07/27/2005|04:59] C:\Program Files\<DIR> Java
[06/17/2007|07:47] C:\Program Files\<DIR> Kodak
[09/03/2004|04:04] C:\Program Files\<DIR> Kyodai
[02/14/2009|11:51] C:\Program Files\<DIR> Lavasoft
[03/01/2009|05:12] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[09/03/2004|04:04] C:\Program Files\<DIR> MapInfo MapX
[09/03/2008|11:46] C:\Program Files\<DIR> Messenger
[09/03/2004|03:58] C:\Program Files\<DIR> Microsoft Encarta
[09/03/2004|04:02] C:\Program Files\<DIR> Microsoft Expedia
[09/03/2004|03:58] C:\Program Files\<DIR> Microsoft Expedia Streets & Trips
[09/03/2005|03:58] C:\Program Files\<DIR> microsoft frontpage
[09/03/2004|04:00] C:\Program Files\<DIR> Microsoft Home Publishing 2000
[02/08/2008|02:59] C:\Program Files\<DIR> Microsoft LifeCam
[09/03/2004|03:59] C:\Program Files\<DIR> Microsoft Money
[09/03/2004|03:56] C:\Program Files\<DIR> Microsoft Office
[09/03/2004|03:59] C:\Program Files\<DIR> Microsoft Picture It! Express
[09/15/2005|10:21] C:\Program Files\<DIR> Microsoft Visual Studio
[09/03/2004|03:58] C:\Program Files\<DIR> Microsoft Works
[09/03/2004|03:58] C:\Program Files\<DIR> Microsoft Works Suite 2000
[09/03/2005|03:39] C:\Program Files\<DIR> Movie Maker
[09/03/2004|03:52] C:\Program Files\<DIR> MS Hardware
[04/26/2009|02:42] C:\Program Files\<DIR> MSBuild
[09/11/2005|10:09] C:\Program Files\<DIR> MSN
[11/14/2005|11:17] C:\Program Files\<DIR> MSN Games
[09/03/2005|03:37] C:\Program Files\<DIR> MSN Gaming Zone
[07/01/2007|08:50] C:\Program Files\<DIR> MSXML 4.0
[09/17/2006|08:38] C:\Program Files\<DIR> MySpace
[06/14/2006|11:52] C:\Program Files\<DIR> Mystery Case Files Prime Suspects
[09/03/2004|03:53] C:\Program Files\<DIR> NetMeeting
[01/01/2006|10:12] C:\Program Files\<DIR> Oberon Media
[09/03/2004|03:53] C:\Program Files\<DIR> Online Services
[09/03/2004|03:53] C:\Program Files\<DIR> Outlook Express
[05/23/2007|08:41] C:\Program Files\<DIR> OverTheEdge
[09/03/2004|04:04] C:\Program Files\<DIR> Palm
[03/02/2005|07:47] C:\Program Files\<DIR> Panda Software
[01/09/2005|05:02] C:\Program Files\<DIR> PC MightyMax
[09/15/2005|10:27] C:\Program Files\<DIR> Peachtree
[09/03/2004|03:52] C:\Program Files\<DIR> Plus!
[09/03/2004|04:02] C:\Program Files\<DIR> Quarterdeck
[04/23/2008|03:05] C:\Program Files\<DIR> Quicken
[02/09/2009|11:21] C:\Program Files\<DIR> QuickTime
[09/03/2004|04:05] C:\Program Files\<DIR> Radio@Netscape Plus
[09/03/2004|04:03] C:\Program Files\<DIR> Real
[06/05/2008|07:56] C:\Program Files\<DIR> RealArcade
[04/26/2009|02:42] C:\Program Files\<DIR> Reference Assemblies
[07/23/2005|11:06] C:\Program Files\<DIR> ReflexiveArcade
[07/14/2008|10:07] C:\Program Files\<DIR> Safari
[09/03/2004|04:02] C:\Program Files\<DIR> Seagate
[09/03/2004|04:01] C:\Program Files\<DIR> Seagate Software
[02/09/2005|05:42] C:\Program Files\<DIR> Shockwave.com
[06/23/2007|03:27] C:\Program Files\<DIR> Sierra On-Line
[02/08/2008|03:39] C:\Program Files\<DIR> Skype
[09/03/2004|04:03] C:\Program Files\<DIR> Spinner
[09/17/2004|10:31] C:\Program Files\<DIR> Spybot - Search & Destroy
[09/03/2004|03:53] C:\Program Files\<DIR> Symantec
[04/19/2006|05:59] C:\Program Files\<DIR> TK8
[04/26/2009|11:14] C:\Program Files\<DIR> Trend Micro
[03/02/2005|05:24] C:\Program Files\<DIR> TrojanHunter 4.0
[05/22/2006|08:35] C:\Program Files\<DIR> TrojanHunter 4.5
[12/06/2004|11:05] C:\Program Files\<DIR> TryMedia
[03/18/2008|07:31] C:\Program Files\<DIR> TurboTax
[09/03/2004|03:53] C:\Program Files\<DIR> Uninstall Information
[11/17/2004|07:50] C:\Program Files\<DIR> U-Storage Win98 Driver
[09/03/2004|04:04] C:\Program Files\<DIR> Viewpoint
[11/06/2006|03:50] C:\Program Files\<DIR> Walgreens
[09/03/2004|03:52] C:\Program Files\<DIR> Web Publish
[05/15/2006|06:06] C:\Program Files\<DIR> Webroot
[07/07/2006|09:34] C:\Program Files\<DIR> WildTangent
[02/06/2009|11:41] C:\Program Files\<DIR> Windows Defender
[01/10/2009|07:06] C:\Program Files\<DIR> Windows Media Connect 2
[09/03/2004|03:53] C:\Program Files\<DIR> Windows Media Player
[09/03/2004|04:01] C:\Program Files\<DIR> Windows Messaging
[09/03/2005|03:37] C:\Program Files\<DIR> Windows NT
[09/03/2004|04:04] C:\Program Files\<DIR> WindowsUpdate
[05/14/2006|11:53] C:\Program Files\<DIR> X-Cleaner
[09/03/2005|03:58] C:\Program Files\<DIR> xerox
[11/22/2005|03:32] C:\Program Files\<DIR> Xilisoft
[01/10/2007|11:37] C:\Program Files\<DIR> Yahoo!
[05/31/2007|06:04] C:\Program Files\<DIR> ZoomTown

--------------------\\ Listing Folders in C:\Program Files\Common Files

[03/28/2005|11:36] C:\Program Files\Common Files\<DIR> Adaptec Shared
[09/03/2004|03:52] C:\Program Files\Common Files\<DIR> Adobe
[03/18/2008|07:45] C:\Program Files\Common Files\<DIR> AnswerWorks 4.0
[01/04/2006|02:21] C:\Program Files\Common Files\<DIR> AOL
[01/04/2008|11:26] C:\Program Files\Common Files\<DIR> Apple
[05/16/2005|08:07] C:\Program Files\Common Files\<DIR> Broderbund
[09/12/2004|11:43] C:\Program Files\Common Files\<DIR> Crystal Decisions
[09/03/2004|03:50] C:\Program Files\Common Files\<DIR> Designer
[04/15/2008|09:21] C:\Program Files\Common Files\<DIR> EPSON
[12/25/2006|10:38] C:\Program Files\Common Files\<DIR> HP
[09/03/2004|03:52] C:\Program Files\Common Files\<DIR> InstallShield
[05/01/2006|08:11] C:\Program Files\Common Files\<DIR> Intuit
[02/07/2009|12:37] C:\Program Files\Common Files\<DIR> iS3
[07/27/2005|04:58] C:\Program Files\Common Files\<DIR> Java
[06/17/2007|07:50] C:\Program Files\Common Files\<DIR> Kodak
[09/03/2004|03:50] C:\Program Files\Common Files\<DIR> Microsoft Shared
[05/16/2005|08:06] C:\Program Files\Common Files\<DIR> MSSoap
[09/03/2004|03:52] C:\Program Files\Common Files\<DIR> Novell Shared
[09/03/2004|03:50] C:\Program Files\Common Files\<DIR> ODBC
[03/02/2005|05:38] C:\Program Files\Common Files\<DIR> Panda Software
[09/03/2004|03:52] C:\Program Files\Common Files\<DIR> Peach
[09/03/2004|03:52] C:\Program Files\Common Files\<DIR> Real
[09/03/2004|03:50] C:\Program Files\Common Files\<DIR> SERVICES
[07/23/2008|03:29] C:\Program Files\Common Files\<DIR> Skype
[09/03/2005|03:29] C:\Program Files\Common Files\<DIR> SpeechEngines
[09/03/2004|03:52] C:\Program Files\Common Files\<DIR> Symantec Shared
[09/03/2004|03:50] C:\Program Files\Common Files\<DIR> SYSTEM
[12/18/2008|03:12] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[04/25/2005|11:48] C:\Program Files\Common Files\<DIR> xing shared
[05/14/2006|08:15] C:\Program Files\Common Files\<DIR> zioz

--------------------\\ Process

( 36 Processes )

iexplore.exe ~ [PID:2208]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 11:52:47
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:328][D:6]-> C:\DOCUME~1\Christy\LOCALS~1\Temp
[F:14][D:0]-> C:\DOCUME~1\Christy\Cookies
[F:314][D:12]-> C:\DOCUME~1\Christy\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - Sun 05/03/2009|11:54 - Option : [1]

--------------------\\ Scan completed at 11:54:19



VirSCAN.org Scanned Report :
Scanned time : 2009/05/03 12:13:51 (EDT)
Scanner results: 84% Scanner(32/38) found malware!
File Name : woge.dll.tcf
File Size : 12288 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : fc6ed68f886024d0bf74b195cfe5de46
SHA1 : 8d1e32ac93e4ff2766b3d1eafcd5624cb232addd
Online report : http://virscan.org/r...52d093f0f9.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090503230831 2009-05-03 10.19 Trojan-Downloader.Win32.Small!IK
AhnLab V3 2009.05.03.00 2009.05.03 2009-05-03 1.50 Win-Trojan/Downloader.12288.S
AntiVir 7.9.0.160 7.1.3.142 2009-05-03 2.06 TR/Dldr.Small.ctp
Antiy 2.0.18 20090503.2333071 2009-05-03 0.02 -
Arcavir 2009 200905021130 2009-05-02 0.04 Downloader.Small.Ctp
Authentium 5.1.1 200905021543 2009-05-02 1.20 W32/Downloader.ZOP (Exact)
AVAST! 3.0.1 090502-0 2009-05-02 0.00 Win32:Small-ERJ [Trj]
AVG 7.5.52.442 270.12.11/2089 2009-04-30 2.05 Downloader.Generic.ZIE
BitDefender 7.81008.2901629 7.25172 2009-05-03 2.70 Trojan.Downloader.VB.QB
CA (VET) 9.0.0.143 31.6.6486 2009-05-02 38.83 Win32/Zquest.D trojan.
ClamAV 0.95 9319 2009-05-03 0.00 Trojan.Downloader.Small-2871
Comodo 3.8 1149 2009-05-03 1.93 TrojWare.Win32.TrojanDownloader.Small.CTP
CP Secure 1.1.0.715 2009.05.03 2009-05-03 9.02 Troj.Downloader.W32.Small.ctp
Dr.Web 4.44.0.9170 2009.05.03 2009-05-03 9.16 Adware.Dh
F-Prot 4.4.4.56 20090502 2009-05-02 1.16 W32/Downloader.ZOP (exact)
F-Secure 5.51.6100 2009.05.03.01 2009-05-03 2.15 Trojan-Downloader.Win32.Small.ctp [AVP]
Fortinet 2.81-3.117 10.346 2009-05-03 0.53 W32/Deskwizz.A!tr
GData 19.4999/19.317 20090503 2009-05-03 12.18 Trojan-Downloader.Win32.Small.ctp [Engine:A]
ViRobot 20090501 2009.05.01 2009-05-01 1.40 -
Ikarus T3.1.01.49 2009.05.03.72664 2009-05-03 2.76 Trojan-Downloader.Win32.Small
JiangMin 11.0.706 2009.05.03 2009-05-03 4.58 TrojanDownloader.Small.mq
Kaspersky 5.5.10 2009.05.03 2009-05-03 0.03 Trojan-Downloader.Win32.Small.ctp
KingSoft 2009.2.5.15 2009.5.3.21 2009-05-03 3.13 Win32.Troj.Small.ct.12288
McAfee 5.3.00 5603 2009-05-02 2.91 Zquest
Microsoft 1.4602 2009.05.03 2009-05-03 15.02 Trojan:Win32/Deskwizz
mks_vir 2.01 2009.05.03 2009-05-03 2.73 -
Norman 6.00.06 6.00.00 2009-04-28 10.01 W32/DLoader.WVY
Panda 9.05.01 2009.05.02 2009-05-02 2.81 Adware/Deskwizz
Trend Micro 8.700-1004 6.104.37 2009-05-03 0.02 TROJ_ADCLICK.AO
Quick Heal 10.00 2009.05.02 2009-05-02 1.57 TrojanDownloader.Small.ctp
Rising 20.0 21.27.41.00 2009-05-01 1.61 Trojan.DL.Small.ivi
Sophos 2.86.0 4.41 2009-05-03 2.21 -
Sunbelt 5118 5118 2009-05-02 2.85 -
Symantec 1.3.0.24 20090502.002 2009-05-02 0.17 -
nProtect 20090501.01 3562396 2009-05-01 31.06 Downloader/W32.Small.12288.C
The Hacker 6.3.4.1 v00317 2009-05-01 1.80 Trojan/Downloader.Small.ctp
VBA32 3.12.10.4 20090502.1751 2009-05-02 1.92 Trojan-Downloader.Win32.Small.ctp
VirusBuster 4.5.11.10 10.105.14/1315222 2009-05-03 1.61 Trojan.DL.Small.BNS
  • 0

Advertisements

#11
CREZ
Posted 03 May 2009 - 11:23 AM

CREZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Attached is a copy of the current OTListIt file. When I ran the items from Steps 1 and 2, the reports did not save. The computer locked up again.

There is no change in how my computer is running at this point. I still have to start all programs from the Windows Task Manager. About every 30-40 seconds, the desktop goes blank for a second and then redisplays but you can click on any of the icons.

CREZ

Attached Files


  • 0

#12
heir
Posted 04 May 2009 - 01:16 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Please don't attach logs if I don't specifically ask you to!
You need to read the instructions carefully as there were some settings to do before running OTListIt. Let's do it again.

There were only a result from the last filescan.
You need to scan each file one at a time and post the results fro each scan.
Let's do it again for the remainder

Step 1.
Filescans:

  • Using Internet Explorer please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\CHOICE.COM
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Do the same with these:C:\ZZ.EXE
C:\WINDOWS\System32\w00de798.ini
c:\program files\Common Files\woge


Step 2.
OTL-scan:

  • Double click on OTListIt2.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Underneath Extra Registry setting change it to Use SafeList.
  • Under the Custom Scans/Fixes box at the bottom left paste the following in

    C:\My Games\*.* /s
    C:\_OTListIt\MovedFiles\*.log


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need more then one post to fit all in.

Step 3.
Things I would like to see in your reply:

  • The results from the filescans in step 1.
  • The content of OTListIt.txt and Extras.txt from step 2.

Edited by heir, 04 May 2009 - 01:32 AM.

  • 0

#13
CREZ
Posted 04 May 2009 - 04:43 PM

CREZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
This is the scan report from VirSCAN for C:\Choice.com
VirSCAN.org Scanned Report :
Scanned time : 2009/05/04 18:10:20 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : CHOICE.COM
File Size : 1754 byte
File Type : DOS executable (COM)
MD5 : 7fd79fed61ffc923fc91cb651df44ccf
SHA1 : f4e9b82352ea402342dc675c68a455cb8d944c32
Online report : http://virscan.org/r...5799bdbe19.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090504213754 2009-05-04 2.08 -
AhnLab V3 2009.05.05.00 2009.05.05 2009-05-05 0.62 -
AntiVir 7.9.0.160 7.1.3.150 2009-05-04 2.02 -
Antiy 2.0.18 20090503.2333071 2009-05-03 0.02 -
Arcavir 2009 200905041616 2009-05-04 0.02 -
Authentium 5.1.1 200905041818 2009-05-04 1.10 -
AVAST! 3.0.1 090504-0 2009-05-04 0.92 -
AVG 7.5.52.442 270.12.11/2089 2009-04-30 2.12 -
BitDefender 7.81008.2901801 7.25198 2009-05-05 2.69 -
CA (VET) 9.0.0.143 31.6.6487 2009-05-04 11.19 -
ClamAV 0.95 9325 2009-05-04 0.00 -
Comodo 3.8 1149 2009-05-03 1.39 -
CP Secure 1.1.0.715 2009.05.05 2009-05-05 8.75 -
Dr.Web 4.44.0.9170 2009.05.04 2009-05-04 4.50 -
F-Prot 4.4.4.56 20090504 2009-05-04 1.09 -
F-Secure 5.51.6100 2009.05.04.08 2009-05-04 5.32 -
Fortinet 2.81-3.117 10.351 2009-05-04 0.15 -
GData 19.5033/19.320 20090504 2009-05-04 3.40 -
ViRobot 20090504 2009.05.04 2009-05-04 0.54 -
Ikarus T3.1.01.49 2009.05.04.72669 2009-05-04 2.78 -
JiangMin 11.0.706 2009.05.04 2009-05-04 1.73 -
Kaspersky 5.5.10 2009.05.04 2009-05-04 0.02 -
KingSoft 2009.2.5.15 2009.5.4.21 2009-05-04 0.46 -
McAfee 5.3.00 5605 2009-05-04 2.81 -
Microsoft 1.4602 2009.05.04 2009-05-04 7.30 -
mks_vir 2.01 2009.05.04 2009-05-04 2.74 -
Norman 6.01.05 6.01.00 2009-05-04 4.00 -
Panda 9.05.01 2009.05.04 2009-05-04 3.96 -
Trend Micro 8.700-1004 6.106.12 2009-05-04 0.02 -
Quick Heal 10.00 2009.05.04 2009-05-04 3.13 -
Rising 20.0 21.28.04.00 2009-05-04 1.20 -
Sophos 2.86.0 4.41 2009-05-05 2.22 -
Sunbelt 5120 5120 2009-05-04 0.80 -
Symantec 1.3.0.24 20090504.005 2009-05-04 0.04 -
nProtect 20090504.01 3571553 2009-05-04 8.68 -
The Hacker 6.3.4.1 v00318 2009-05-04 1.05 -
VBA32 3.12.10.4 20090503.1052 2009-05-03 1.83 -
VirusBuster 4.5.11.10 10.105.15/1315556 2009-05-04 1.68 -

This is scan from c:\ZZ.EXE
VirSCAN.org Scanned Report :
Scanned time : 2009/05/04 18:15:33 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : ZZ.EXE
File Size : 122512 byte
File Type : MS-DOS executable, MZ for MS-DOS
MD5 : 8d9b6ccb0c079df7167a8f6ff66d0b84
SHA1 : 1fcf903fc7736726bfb5dcb2349763d0bc2f0449
Online report : http://virscan.org/r...3d898a4c81.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090504213754 2009-05-04 3.12 -
AhnLab V3 2009.05.05.00 2009.05.05 2009-05-05 1.97 -
AntiVir 7.9.0.160 7.1.3.150 2009-05-04 2.02 -
Antiy 2.0.18 20090503.2333071 2009-05-03 0.02 -
Arcavir 2009 200905041616 2009-05-04 0.03 -
Authentium 5.1.1 200905041818 2009-05-04 1.11 -
AVAST! 3.0.1 090504-0 2009-05-04 0.01 -
AVG 7.5.52.442 270.12.11/2089 2009-04-30 2.06 -
BitDefender 7.81008.2901801 7.25198 2009-05-05 2.71 -
CA (VET) 9.0.0.143 31.6.6487 2009-05-04 7.20 -
ClamAV 0.95 9325 2009-05-04 0.02 -
Comodo 3.8 1149 2009-05-03 1.40 -
CP Secure 1.1.0.715 2009.05.05 2009-05-05 8.74 -
Dr.Web 4.44.0.9170 2009.05.04 2009-05-04 4.47 -
F-Prot 4.4.4.56 20090504 2009-05-04 1.12 -
F-Secure 5.51.6100 2009.05.04.08 2009-05-04 5.34 -
Fortinet 2.81-3.117 10.351 2009-05-04 0.18 -
GData 19.5033/19.320 20090504 2009-05-04 5.73 -
ViRobot 20090504 2009.05.04 2009-05-04 0.51 -
Ikarus T3.1.01.49 2009.05.04.72669 2009-05-04 2.83 -
JiangMin 11.0.706 2009.05.04 2009-05-04 1.79 -
Kaspersky 5.5.10 2009.05.04 2009-05-04 0.02 -
KingSoft 2009.2.5.15 2009.5.4.21 2009-05-04 0.80 -
McAfee 5.3.00 5605 2009-05-04 2.82 -
Microsoft 1.4602 2009.05.04 2009-05-04 6.47 -
mks_vir 2.01 2009.05.04 2009-05-04 2.70 -
Norman 6.01.05 6.01.00 2009-05-04 4.01 -
Panda 9.05.01 2009.05.04 2009-05-04 1.96 -
Trend Micro 8.700-1004 6.106.12 2009-05-04 0.02 -
Quick Heal 10.00 2009.05.04 2009-05-04 1.42 -
Rising 20.0 21.28.04.00 2009-05-04 1.71 -
Sophos 2.86.0 4.41 2009-05-05 2.19 -
Sunbelt 5120 5120 2009-05-04 1.04 -
Symantec 1.3.0.24 20090504.005 2009-05-04 0.08 -
nProtect 20090504.01 3571553 2009-05-04 5.42 -
The Hacker 6.3.4.1 v00318 2009-05-04 1.04 -
VBA32 3.12.10.4 20090503.1052 2009-05-03 1.83 -
VirusBuster 4.5.11.10 10.105.15/1315556 2009-05-04 1.62 -

VirSCAN.org Scanned Report :
Scanned time : 2009/05/04 18:20:40 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : w00de798.ini
File Size : 1094 byte
File Type : data
MD5 : a56cb55c15cf68d2b3598ae0d1acc60b
SHA1 : 1a046aa5ec95f70fc38c3f9709218df28a80357b
Online report : http://virscan.org/r...f7a61fd930.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090504213754 2009-05-04 8.39 -
AhnLab V3 2009.05.05.00 2009.05.05 2009-05-05 2.67 -
AntiVir 7.9.0.160 7.1.3.150 2009-05-04 2.01 -
Antiy 2.0.18 20090503.2333071 2009-05-03 0.02 -
Arcavir 2009 200905041616 2009-05-04 0.02 -
Authentium 5.1.1 200905041818 2009-05-04 1.13 -
AVAST! 3.0.1 090504-0 2009-05-04 0.92 -
AVG 7.5.52.442 270.12.11/2089 2009-04-30 2.02 -
BitDefender 7.81008.2901801 7.25198 2009-05-05 2.68 -
CA (VET) 9.0.0.143 31.6.6487 2009-05-04 16.03 -
ClamAV 0.95 9325 2009-05-04 0.00 -
Comodo 3.8 1149 2009-05-03 1.89 -
CP Secure 1.1.0.715 2009.05.05 2009-05-05 8.81 -
Dr.Web 4.44.0.9170 2009.05.04 2009-05-04 4.47 -
F-Prot 4.4.4.56 20090504 2009-05-04 1.09 -
F-Secure 5.51.6100 2009.05.04.08 2009-05-04 5.34 -
Fortinet 2.81-3.117 10.351 2009-05-04 0.49 -
GData 19.5033/19.320 20090504 2009-05-04 4.82 -
ViRobot 20090504 2009.05.04 2009-05-04 0.86 -
Ikarus T3.1.01.49 2009.05.04.72669 2009-05-04 2.82 -
JiangMin 11.0.706 2009.05.04 2009-05-04 3.91 -
Kaspersky 5.5.10 2009.05.04 2009-05-04 0.02 -
KingSoft 2009.2.5.15 2009.5.4.21 2009-05-04 0.89 -
McAfee 5.3.00 5605 2009-05-04 2.81 -
Microsoft 1.4602 2009.05.04 2009-05-04 9.86 -
mks_vir 2.01 2009.05.04 2009-05-04 2.76 -
Norman 6.01.05 6.01.00 2009-05-04 4.01 -
Panda 9.05.01 2009.05.04 2009-05-04 4.39 -
Trend Micro 8.700-1004 6.106.12 2009-05-04 0.02 -
Quick Heal 10.00 2009.05.04 2009-05-04 2.33 -
Rising 20.0 21.28.04.00 2009-05-04 1.16 -
Sophos 2.86.0 4.41 2009-05-05 2.19 -
Sunbelt 5120 5120 2009-05-04 2.30 -
Symantec 1.3.0.24 20090504.005 2009-05-04 0.27 -
nProtect 20090504.01 3571553 2009-05-04 6.62 -
The Hacker 6.3.4.1 v00318 2009-05-04 0.53 -
VBA32 3.12.10.4 20090503.1052 2009-05-03 1.71 -
VirusBuster 4.5.11.10 10.105.15/1315556 2009-05-04 1.60 -

VirSCAN.org Scanned Report :
Scanned time : 2009/05/04 18:24:34 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : woge
File Size : 377 byte
File Type : data
MD5 : 349cfcf9e6cbb3159a50a46ac963c1e5
SHA1 : 280344d48aa3085b644ab7c9421cf699b4e99a5d
Online report : http://virscan.org/r...36b8fc0a18.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090504213754 2009-05-04 3.15 -
AhnLab V3 2009.05.05.00 2009.05.05 2009-05-05 1.22 -
AntiVir 7.9.0.160 7.1.3.150 2009-05-04 2.06 -
Antiy 2.0.18 20090503.2333071 2009-05-03 0.02 -
Arcavir 2009 200905041616 2009-05-04 0.02 -
Authentium 5.1.1 200905041818 2009-05-04 1.10 -
AVAST! 3.0.1 090504-0 2009-05-04 0.92 -
AVG 7.5.52.442 270.12.11/2089 2009-04-30 2.03 -
BitDefender 7.81008.2901801 7.25198 2009-05-05 2.70 -
CA (VET) 9.0.0.143 31.6.6487 2009-05-04 7.36 -
ClamAV 0.95 9325 2009-05-04 0.00 -
Comodo 3.8 1149 2009-05-03 1.37 -
CP Secure 1.1.0.715 2009.05.05 2009-05-05 8.76 -
Dr.Web 4.44.0.9170 2009.05.04 2009-05-04 4.73 -
F-Prot 4.4.4.56 20090504 2009-05-04 1.09 -
F-Secure 5.51.6100 2009.05.04.08 2009-05-04 5.28 -
Fortinet 2.81-3.117 10.351 2009-05-04 0.17 -
GData 19.5033/19.320 20090504 2009-05-04 3.70 -
ViRobot 20090504 2009.05.04 2009-05-04 0.41 -
Ikarus T3.1.01.49 2009.05.04.72669 2009-05-04 2.80 -
JiangMin 11.0.706 2009.05.04 2009-05-04 1.79 -
Kaspersky 5.5.10 2009.05.04 2009-05-04 0.02 -
KingSoft 2009.2.5.15 2009.5.4.21 2009-05-04 1.49 -
McAfee 5.3.00 5605 2009-05-04 2.81 -
Microsoft 1.4602 2009.05.04 2009-05-04 6.96 -
mks_vir 2.01 2009.05.04 2009-05-04 2.68 -
Norman 6.01.05 6.01.00 2009-05-04 4.01 -
Panda 9.05.01 2009.05.04 2009-05-04 2.40 -
Trend Micro 8.700-1004 6.106.12 2009-05-04 0.02 -
Quick Heal 10.00 2009.05.04 2009-05-04 2.11 -
Rising 20.0 21.28.04.00 2009-05-04 0.82 -
Sophos 2.86.0 4.41 2009-05-05 2.19 -
Sunbelt 5120 5120 2009-05-04 0.66 -
Symantec 1.3.0.24 20090504.005 2009-05-04 0.19 -
nProtect 20090504.01 3571553 2009-05-04 6.39 -
The Hacker 6.3.4.1 v00318 2009-05-04 0.52 -
VBA32 3.12.10.4 20090503.1052 2009-05-03 1.83 -
VirusBuster 4.5.11.10 10.105.15/1315556 2009-05-04 1.61 -
  • 0

#14
CREZ
Posted 04 May 2009 - 05:19 PM

CREZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here is the extras.txt file. I have zipped the OTListIt.txt and attached it.

OTListIt Extras logfile created on: 5/4/2009 6:52:15 PM - Run 6
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Christy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.23 Mb Total Physical Memory | 78.41 Mb Available Physical Memory | 30.84% Memory free
625.58 Mb Paging File | 338.92 Mb Available in Paging File | 54.18% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 8.60 Gb Free Space | 23.09% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 550.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 249.47 Mb Total Space | 228.71 Mb Free Space | 91.68% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RESNIK
Current User Name: Christy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10183:TCP" = 10183:TCP:*:Enabled:PORT_10183
"29589:TCP" = 29589:TCP:*:Enabled:PORT_29589
"45014:TCP" = 45014:TCP:*:Enabled:PORT_45014
"22439:TCP" = 22439:TCP:*:Enabled:PORT_22439
"51843:TCP" = 51843:TCP:*:Enabled:PORT_51843
"46497:TCP" = 46497:TCP:*:Enabled:PORT_46497
"21019:TCP" = 21019:TCP:*:Enabled:PORT_21019
"16171:TCP" = 16171:TCP:*:Enabled:PORT_16171
"40650:TCP" = 40650:TCP:*:Enabled:PORT_40650
"17932:TCP" = 17932:TCP:*:Enabled:PORT_17932
"8202:TCP" = 8202:TCP:*:Enabled:PORT_8202
"54078:TCP" = 54078:TCP:*:Enabled:PORT_54078
"22318:TCP" = 22318:TCP:*:Enabled:PORT_22318
"14833:TCP" = 14833:TCP:*:Enabled:PORT_14833
"38368:TCP" = 38368:TCP:*:Enabled:PORT_38368
"25280:TCP" = 25280:TCP:*:Enabled:PORT_25280
"58130:TCP" = 58130:TCP:*:Enabled:PORT_58130
"19742:TCP" = 19742:TCP:*:Enabled:PORT_19742
"45813:TCP" = 45813:TCP:*:Enabled:PORT_45813
"6290:TCP" = 6290:TCP:*:Enabled:PORT_6290
"59409:TCP" = 59409:TCP:*:Enabled:PORT_59409

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 File not found
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater ()
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare (Eastman Kodak Company)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe (Microsoft Corporation)
C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe (Microsoft Corporation)
C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax (Intuit, Inc.)
C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager (Intuit, Inc.)
C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer (RealNetworks, Inc.)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\Best Buy Digital Music Store Powered by Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player (RealNetworks, Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03D574A6-9880-4165-8032-AD94E73CA783}" = CameraDrivers
"{0654B36D-B842-4308-ADE0-28461B935BF2}" = Peachtree Premium Accounting for Manufacturing 2006
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{13AD768A-9E04-499D-AE80-967A65DCCBA5}" = ebgcSDK
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{71A7D000-0D1F-4CF9-BB75-BB5920436F0C}" = Crystal Reports for Peachtree
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}" = Rhapsody Player Engine
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB73CF18-528A-4E18-83B2-380CD0BC8EA7}" = Calendar Creator
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B9297854-73CF-4C7D-9BA5-AD1ED6E74271}" = ebgcRes
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0C5511B-7B01-4329-8648-C2E0DEDF065F}" = CameraUserGuides
"{C1E1CA9C-A557-4DCA-90CB-203BCDDC78C3}" = Quicken 2003 Basic
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C9AF897F-9688-463f-A1C3-652A3AFEF52B}" = HP Photosmart Cameras 7.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"AIM_6" = AIM 6
"annabel" = Annabel
"Ballistik" = Ballistik
"Best Buy Digital Music Store" = Best Buy Digital Music Store
"BFGC" = Big Fish Games Client
"Big City Adventure™ - Sydney, Australia" = Big City Adventure™ - Sydney, Australia
"Big City Adventure™: San Francisco" = Big City Adventure™: San Francisco
"Big Kahuna Reef 2: Chain Reaction" = Big Kahuna Reef 2: Chain Reaction
"bookoflegends" = Book of Legends
"Bricks of Egypt 2: Tears of The Pharaohs" = Bricks of Egypt 2: Tears of The Pharaohs
"CCleaner" = CCleaner (remove only)
"Cubis Gold 2" = Cubis Gold 2
"Dream Chronicles™" = Dream Chronicles™
"EPSON Printer and Utilities" = EPSON Printer Software
"Escape the Museum" = Escape the Museum
"Forgotten Riddles - The Mayan Princess" = Forgotten Riddles - The Mayan Princess
"Forgotten Riddles: The Moonlight Sonatas" = Forgotten Riddles: The Moonlight Sonatas
"Funkiball® Adventure "Lost Legends"" = Funkiball® Adventure "Lost Legends"
"Hide and Secret: Cliffhanger Castle" = Hide and Secret: Cliffhanger Castle
"HijackThis" = HijackThis 2.0.2
"Hoyle Casino '98" = Hoyle Casino '98
"Hoyle Casino '99 Demo" = Hoyle Casino '99 Demo
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0654B36D-B842-4308-ADE0-28461B935BF2}" = Peachtree Premium Accounting for Manufacturing 2006
"InstallShield_{C1E1CA9C-A557-4DCA-90CB-203BCDDC78C3}" = Quicken 2003 Basic
"Interpol: The Trail of Dr. Chaos" = Interpol: The Trail of Dr. Chaos
"Jewel Quest Mysteries" = Jewel Quest Mysteries
"Jigsaw Puzzle Player" = Jigsaw Puzzle Player
"Liong: The Dragon Dance" = Liong: The Dragon Dance
"Little Shop - Big City" = Little Shop - Big City
"Little Shop - Memories" = Little Shop - Memories
"Little Shop - Road Trip" = Little Shop - Road Trip
"Little Shop of Treasures" = Little Shop of Treasures
"Luxor" = Luxor
"Luxor: Amun Rising" = Luxor: Amun Rising
"Magic Ball 2" = Magic Ball 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Mystery Case Files: Huntsville" = Mystery Case Files: Huntsville
"Mystery of Shark Island" = Mystery of Shark Island
"Mystery P.I.™ - The Vegas Heist" = Mystery P.I.™ - The Vegas Heist
"mysterypitmthenewyorkfortune" = Mystery P.I.™ - The New York Fortune
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Panda ActiveScan" = Panda ActiveScan
"Peggle Deluxe" = Peggle Deluxe
"PictoWords" = PictoWords
"RealArcade" = RealArcade
"RealPlayer 6.0" = RealPlayer
"Shape Shifter™" = Shape Shifter™
"Sierra Utilities" = Sierra Utilities
"Slingo Quest Hawaii" = Slingo Quest Hawaii
"Slingo® Quest" = Slingo® Quest
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"Super Collapse!™ 3 " = Super Collapse!™ 3
"Super Granny 2: Granny in Paradise™" = Super Granny 2: Granny in Paradise™
"The Mystery of the Crystal Portal" = The Mystery of the Crystal Portal
"The Nightshift Code™" = The Nightshift Code™
"Tumblebugs" = Tumblebugs
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"UnityWebPlayer" = Unity Web Player
"Venice Deluxe" = Venice Deluxe
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Women's Murder Club: A Darker Shade of Grey" = Women's Murder Club: A Darker Shade of Grey
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomTown" = ZoomTown Software
"Zuma " = Zuma

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/3/2009 11:26:42 AM | Computer Name = RESNIK | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 5/3/2009 11:26:51 AM | Computer Name = RESNIK | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.15.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/3/2009 11:46:00 AM | Computer Name = RESNIK | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.15.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/3/2009 12:37:43 PM | Computer Name = RESNIK | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 5/3/2009 12:47:15 PM | Computer Name = RESNIK | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/3/2009 12:51:31 PM | Computer Name = RESNIK | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 5/3/2009 12:57:55 PM | Computer Name = RESNIK | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/3/2009 1:38:26 PM | Computer Name = RESNIK | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 5/4/2009 6:05:45 PM | Computer Name = RESNIK | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 5/4/2009 6:49:19 PM | Computer Name = RESNIK | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.15.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/26/2009 1:32:37 PM | Computer Name = RESNIK | Source = Service Control Manager | ID = 7000
Description = The MSCamSvc service failed to start due to the following error: %%3

Error - 3/29/2009 8:35:39 PM | Computer Name = RESNIK | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 3/29/2009 8:35:39 PM | Computer Name = RESNIK | Source = Service Control Manager | ID = 7000
Description = The MSCamSvc service failed to start due to the following error: %%3

Error - 4/5/2009 8:57:35 PM | Computer Name = RESNIK | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 4/5/2009 8:57:35 PM | Computer Name = RESNIK | Source = Service Control Manager | ID = 7000
Description = The MSCamSvc service failed to start due to the following error: %%3

Error - 4/13/2009 11:47:24 AM | Computer Name = RESNIK | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 4/13/2009 11:47:24 AM | Computer Name = RESNIK | Source = Service Control Manager | ID = 7000
Description = The MSCamSvc service failed to start due to the following error: %%3

Error - 4/14/2009 9:02:48 PM | Computer Name = RESNIK | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 4/14/2009 11:54:34 PM | Computer Name = RESNIK | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 4/14/2009 11:54:34 PM | Computer Name = RESNIK | Source = Service Control Manager | ID = 7000
Description = The MSCamSvc service failed to start due to the following error: %%3


< End of report >

Attached Files


  • 0

#15
heir
Posted 04 May 2009 - 11:45 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Step 1.
Post a log:

Please post the content of this file c:\_OTListIt\MovedFiles\05032009_110853.log in your reply.

Step 1.
Filescan:

  • Using Internet Explorer please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\WINDOWS\system32\sebxasuand.dll
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Step 3.
Things I would like to see in your reply:

  • The content of c:\_OTListIt\MovedFiles\05032009_110853.log from step 1.
  • The result from the filescan in step 2.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP