Byte Forums
»
Computing
»
Malware Removal - HiJackThis™ Logs Go Here
[RESOLVED] Returning results as instructed
|
|
|
[RESOLVED] Returning results as instructed
|
|
11-06-2008, 09:51 PM
Post: #1
|
|||
|
|||
|
[RESOLVED] Returning results as instructed
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:31 PM, on 11/6/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\tp4mon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Yahoo!\Common\YMailAdvisor.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0427.0\msneshellx.dll O2 - BHO: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file) O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file) O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file) O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0427.0\msneshellx.dll O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Leslie.HOME\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Leslie.HOME\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Video Poker - http://download2.games.yahoo.com/games/c...vpt0_x.cab O16 - DPF: Yahoo! Bingo - http://download2.games.yahoo.com/games/c.../xt0_x.cab O16 - DPF: Yahoo! Blackjack - http://download2.games.yahoo.com/games/c.../jt0_x.cab O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/c.../kt4_x.cab O16 - DPF: Yahoo! Chinese Checkers - http://download2.games.yahoo.com/games/c...cct0_x.cab O16 - DPF: Yahoo! Dots - http://download2.games.yahoo.com/games/c...dtt1_x.cab O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/c...poti_x.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/Sta...b55579.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Face...oader5.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBu...b55579.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPA...b55579.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...2900836730 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...3345981374 O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BU...ofupld.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa...b60231.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v1...b56649.cab O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default...n=1,0,0,10 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...wflash.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StP...b55579.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 12810 bytes |
|||
|
|
11-08-2008, 12:17 AM
Post: #2
|
|||
|
|||
|
RE: Returning results as instructed
Hello and Welcome to the forums.
 I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Step 1 I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with certain malware removal fixes. So please disable TeaTimer by doing the following: 1) Run Spybot-S&D 2) Go to the Mode menu, and make sure "Advanced Mode" is selected 3) On the left hand side, choose Tools -> Resident 4) Uncheck "Resident TeaTimer" and OK any prompts You can reenable TeaTimer once your system is clean. Step 2 Please re-open HijackThis and scan. Check the boxes next to all the entries listed below. O2 - BHO: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file) O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file) O3 - Toolbar: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file) Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis. Step 2 Please download ATF Cleaner by Atribune.
Under Main choose: Select All Click the Empty Selected button.
Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Step 3 Download [color="#FF0000"]OTViewIt[/color] to your desktop.
Step 3 I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision. Quote:To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware. I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
Step 4 Please download ATF Cleaner by Atribune.
Under Main choose: Select All Click the Empty Selected button.
Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Step 5 Please do an online scan with Kaspersky WebScanner I highly recommend using Internet Explorer for best results! Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Click on the Accept button and install any components it needs.
![[Image: mrs.gif]](http://sosquad.net/sigs/mrs.gif) My help is always free, but if I have helped you, please consider making a donation to help me continue in the fight against Malware! |
|||
|
|
11-08-2008, 05:49 AM
Post: #3
|
|||
|
|||
RE: Returning results as instructed
(11-08-2008 12:17 AM)MoNsTeReNeRgY22 Wrote: Hello and Welcome to the forums.OTViewIt logfile created on: 11/7/2008 11:33:24 PM - Run OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Leslie.HOME\Local Settings\Temporary Internet Files\Content.IE5\3SARF1UR Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 510.92 Mb Total Physical Memory | 279.66 Mb Available Physical Memory | 54.74% Memory free 1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.94% Paging File free Paging file location(s): C:\pagefile.sys 0 0; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 27.94 Gb Total Space | 14.08 Gb Free Space | 50.41% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME Current User Name: Leslie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days ========== Processes ========== [2005/11/11 00:33:00 | 00,073,782 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe [2008/07/19 09:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008/07/19 09:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2005/08/08 00:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2001/08/18 07:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe [2008/07/19 09:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008/07/23 09:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008/04/13 19:12:38 | 00,082,944 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\tp4mon.exe [2008/07/19 09:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2006/11/23 14:10:42 | 00,056,928 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2008/03/30 09:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008/06/05 17:06:32 | 00,125,208 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe [2008/10/07 10:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2006/11/19 22:04:12 | 00,634,880 | ---- | M] () -- C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe [2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe [2007/09/20 10:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe [2008/11/07 23:33:08 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leslie.HOME\Local Settings\Temporary Internet Files\Content.IE5\3SARF1UR\OTViewIt[1].exe ========== (O23) Win32 Services ========== [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2008/07/19 09:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running]) [2008/07/19 09:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running]) [2008/07/19 09:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running]) [2008/07/23 09:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running]) [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) [2007/09/24 15:15:03 | 00,138,680 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) [2005/11/11 00:33:00 | 00,073,782 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running]) [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running]) [2001/08/18 07:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped]) [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Auto | Running]) [2005/08/08 00:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running]) [2001/08/18 07:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp [Auto | Running]) [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running]) [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped]) [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services ========== [2008/07/19 09:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running]) [2001/08/17 07:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Running]) [2008/06/28 11:08:07 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running]) [2008/07/19 09:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running]) [2008/07/19 09:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running]) [2008/07/19 09:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running]) [2008/07/19 09:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running]) [2008/07/19 09:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running]) [2001/06/20 16:32:54 | 00,004,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci [On_Demand | Stopped]) [2008/03/14 19:09:31 | 00,055,216 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Cdr4_xp.sys -- (Cdr4_xp [System | Running]) [2001/08/17 07:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running]) [2001/08/10 05:03:00 | 00,070,084 | ---- | M] (MK Systems CO., LTD.) -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02 [On_Demand | Running]) [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) [2005/11/11 00:33:00 | 00,010,112 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running]) [2004/08/04 00:41:35 | 00,606,684 | ---- | M] (LT) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running]) [2007/12/11 14:44:22 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running]) [2008/04/13 13:54:36 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA [On_Demand | Running]) [2001/08/18 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2007/01/29 15:27:24 | 00,306,304 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\rtl8185.sys -- (rtl8185 [On_Demand | Stopped]) [2003/01/23 12:57:58 | 00,122,240 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage [On_Demand | Running]) [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2008/06/20 06:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6 [System | Running]) [2008/04/13 13:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running]) [2001/08/17 08:48:14 | 00,011,520 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack [On_Demand | Running]) ========== (R ) Internet Explorer ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://www.yahoo.com "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Extensions Off Page"=about:NoAdd-ons "Local Page"=%SystemRoot%\system32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Secondary Start Pages"= "Security Risk Page"=about:SecurityRisk "Start Page"=http://www.yahoo.com [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://www.yahoo.com "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Default_Secondary_Page_URL"= "Local Page"=C:\WINDOWS\system32\blank.htm "Page_Transitions"= "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "SearchDefaultBranded"= "Start Page"=http://www.yahoo.com/ [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL] ""=http://home.microsoft.com/access/autosearch.asp?p=%s [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 "ProxyOverride" = *.local ========== (O1) Hosts File ========== HOSTS File = (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... ========== (O2) BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\] {02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) {53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) {5A263CF7-56A6-4D68-A8CF-345BE45BC911} (HKLM) -- C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.) {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) {9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) {AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (Google Inc.) {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) {d2ce3e00-f94a-4740-988e-03dc2f38c34f} (HKLM) -- C:\Program Files\MSN\Toolbar\3.0.0427.0\msneshellx.dll (Microsoft Corp.) {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc) ========== (O3) Toolbars ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}" (HKLM) -- C:\Program Files\MSN\Toolbar\3.0.0427.0\msneshellx.dll (Microsoft Corp.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) "{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) ========== (O4) Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software) "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.) "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" () "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.) "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.) "TrackPointSrv"=tp4mon.exe (IBM Corporation) "YMailAdvisor"="C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" (Yahoo! Inc.) "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) "Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found "YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) ========== (O4) Startup Folders ========== [2006/11/19 22:04:12 | 00,634,880 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe ========== (O6 & O7) Current Version Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 ========== (O8) IE Context Menu Extensions ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\] &Windows Live Search: Reg Error: Value does not exist or could not be read. File not found Add to Windows &Live Favorites: Reg Error: Value does not exist or could not be read. File not found E&xport to Microsoft Excel: Reg Error: Value does not exist or could not be read. File not found ========== (O9) IE Extensions ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) {13C1DBF6-7535-495c-91F6-8C13714ED485}: Button: Absolute Poker -- %UserProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker File not found {13C1DBF6-7535-495c-91F6-8C13714ED485}: Menu: Absolute Poker -- %UserProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker File not found {2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- Reg Error: Key does not exist or could not be opened. File not found {2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- Reg Error: Key does not exist or could not be opened. File not found {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2007/12/12 17:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.) {92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- Reg Error: Key does not exist or could not be opened. File not found {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2007/08/31 16:46:14 | 01,122,128 | ---- | M] (Safer Networking Limited) {e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2007/03/12 13:02:26 | 00,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKLM] -> %UserProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker [Absolute Poker] -> File not found CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> [Send to OneNote] -> File not found CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2007/12/12 17:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Research] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2007/08/31 16:46:14 | 01,122,128 | ---- | M] (Safer Networking Limited) CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) ========== (O12) Internet Explorer Plugins ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\] PluginsPage: "" = http://activex.microsoft.com/controls/fi...%s&mime=%s PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery ========== (O13) Default Prefixes ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// ========== (O15) Trusted Sites ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 1 domain(s) and sub-domain(s) not assigned to a zone. ========== (O16) DPF ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\] {05D44720-58E3-49E6-BDF6-D00330E511D3}: http://zone.msn.com/binFrameWork/v10/Sta...b55579.cab -- StagingUI Object {0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Face...oader5.cab -- Facebook Photo Uploader 5 {17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8...ontrol.cab -- Windows Genuine Advantage Validation Tool {193C772A-87BE-4B19-A7BB-445B226FE9A1}: http://downloads.ewido.net/ewidoOnlineScan.cab -- ewidoOnlineScan Control {2DAD3559-2923-4935-AD49-B673D2539944}: http://www-307.ibm.com/pc/support/acpir.cab -- IASRunner Class {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support {3BB54395-5982-4788-8AF4-B5388FFDD0D8}: http://zone.msn.com/BinFrameWork/v10/ZBu...b55579.cab -- MSN Games – Buddy Invite {48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- MySpace Uploader Control {5736C456-EA94-4AAC-BB08-917ABDD035B3}: http://zone.msn.com/binframework/v10/ZPA...b55579.cab -- ZonePAChat Object {6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsu...2900836730 -- WUWebControl Class {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsof...3345981374 -- MUWebControl Class {6F750202-1362-4815-A476-88533DE61D0C}: http://www.kodakgallery.com/downloads/BU...ofupld.cab -- Kodak Gallery Easy Upload Manager Class {8A94C905-FF9D-43B6-8708-F0F22D22B1CB}: http://www.worldwinner.com/games/shared/wwlaunch.cab -- Wwlaunch Control {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstal...s-i586.cab -- Java Plug-in 1.6.0_07 {9BDF4724-10AA-43D5-BD15-AEA0D2287303}: http://zone.msn.com/bingame/zpagames/zpa...b60231.cab -- MSN Games – Texas Holdem Poker {B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v1...b56649.cab -- MSN Games - Installer {C86FF4B0-AA1D-46D4-8612-025FB86583C7}: http://zone.msn.com/bingame/jobo/default...n=1,0,0,10 -- AstoundLauncher Control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstal...s-i586.cab -- Java Plug-in 1.6.0_05 {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstal...s-i586.cab -- Java Plug-in 1.6.0_07 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstal...s-i586.cab -- Java Plug-in 1.6.0_07 {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: -- Reg Error: Key does not exist or could not be opened. {D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/sh...wflash.cab -- Shockwave Flash Object {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}: http://zone.msn.com/binframework/v10/StP...b55579.cab -- MSN Games – Game Communicator Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened. Video Poker: http://download2.games.yahoo.com/games/c...vpt0_x.cab -- Reg Error: Key does not exist or could not be opened. Yahoo! Bingo: http://download2.games.yahoo.com/games/c.../xt0_x.cab -- Reg Error: Key does not exist or could not be opened. Yahoo! Blackjack: http://download2.games.yahoo.com/games/c.../jt0_x.cab -- Reg Error: Key does not exist or could not be opened. Yahoo! Checkers: http://download2.games.yahoo.com/games/c.../kt4_x.cab -- Reg Error: Key does not exist or could not be opened. Yahoo! Chinese Checkers: http://download2.games.yahoo.com/games/c...cct0_x.cab -- Reg Error: Key does not exist or could not be opened. Yahoo! Dots: http://download2.games.yahoo.com/games/c...dtt1_x.cab -- Reg Error: Key does not exist or could not be opened. Yahoo! Pool 2: http://download2.games.yahoo.com/games/c...poti_x.cab -- Reg Error: Key does not exist or could not be opened. ========== (O17) DNS Name Servers ========== {9B88E7C4-6503-43C4-AFDF-41962005F2D0} (Servers: | Description: Realtek RTL8185 54M Wireless LAN Network Adapter) {9C3C92CA-1C8F-4E4A-A803-4253ACF0350D} (Servers: | Description: ) {AAD4F3AD-1274-497A-A2F6-20EB9C90091D} (Servers: | Description: Realtek RTL8185 54M Wireless LAN Network Adapter) {ABB7A0DD-978C-4DD7-A83F-BBD494A44998} (Servers: | Description: Intel® PRO/100 VE Network Connection) ========== (O19) User Style Sheets ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles] ========== Safeboot Options ========== "AlternateShell"=cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2005/05/09 08:13:00 | 00,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== Files/Folders - Created Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [7 C:\WINDOWS\*.tmp files] [2008/11/07 20:41:15 | 00,023,832 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Amber_Arnold_customer_service_resume.doc [2008/11/06 15:39:08 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\Desktop\HijackThis.lnk [2008/11/06 15:39:07 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2008/11/06 15:25:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Leslie.HOME\Application Data\Malwarebytes [2008/11/06 15:25:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008/11/06 15:25:41 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk [2008/11/06 15:25:38 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/11/06 15:25:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes [2008/11/06 15:25:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2008/11/06 15:21:19 | 81,199,758 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\My Documents\backup.reg [2008/11/06 06:28:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2008/11/06 01:31:48 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2008/11/06 00:26:00 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll [2008/11/06 00:25:39 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll [2008/11/06 00:25:39 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll [2008/11/06 00:25:14 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe [2008/11/06 00:25:14 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys [2008/11/06 00:25:05 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll [2008/11/06 00:25:02 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll [2008/11/06 00:25:01 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll [2008/11/06 00:24:58 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll [2008/11/06 00:24:58 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll [2008/11/06 00:24:58 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll [2008/11/06 00:24:49 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll [2008/11/06 00:24:28 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll [2008/11/06 00:24:28 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe [2008/11/06 00:24:28 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll [2008/11/06 00:24:25 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll [2008/11/06 00:24:25 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll [2008/11/06 00:24:19 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll [2008/11/06 00:24:19 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll [2008/11/06 00:23:50 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe [2008/11/06 00:23:49 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll [2008/11/06 00:23:49 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll [2008/11/06 00:23:48 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll [2008/11/06 00:22:56 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll [2008/11/06 00:22:54 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll [2008/11/06 00:22:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll [2008/11/06 00:22:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll [2008/11/06 00:22:49 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll [2008/11/06 00:22:48 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll [2008/11/06 00:22:19 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf [2008/11/06 00:21:33 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll [2008/11/06 00:21:33 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll [2008/11/06 00:21:33 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll [2008/11/06 00:21:33 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll [2008/11/06 00:21:33 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll [2008/11/06 00:21:32 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll [2008/11/06 00:21:32 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll [2008/11/06 00:21:32 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll [2008/11/06 00:21:21 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll [2008/11/06 00:21:21 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll [2008/11/06 00:21:21 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll [2008/11/06 00:21:21 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll [2008/11/06 00:21:20 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll [2008/11/06 00:21:20 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll [2008/11/06 00:21:20 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll [2008/11/06 00:21:13 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll [2008/11/06 00:21:13 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll [2008/11/06 00:21:10 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll [2008/11/06 00:20:54 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll [2008/11/06 00:20:29 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll [2008/11/06 00:20:27 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll [2008/11/06 00:19:45 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll [2008/11/06 00:15:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp [2008/11/06 00:07:11 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7 [2008/11/05 21:52:55 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2008/11/05 21:52:53 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2008/11/05 21:52:52 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2008/11/05 21:52:52 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2008/11/05 21:52:10 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys [2008/11/05 21:42:13 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2008/11/05 21:31:00 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2008/11/05 12:48:18 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WING32.DLL [2008/11/04 11:16:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Leslie.HOME\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2008/11/03 16:09:04 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ieResetIcons.exe [2008/11/03 15:39:24 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone [2008/11/03 13:11:28 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\simptcp.dll [2008/11/03 13:11:28 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll [2008/11/02 19:39:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2008/11/02 18:36:53 | 00,088,576 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\AntiXPVSTFix.exe [2008/11/02 18:36:53 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe [2008/11/02 18:36:53 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe [2008/11/02 18:36:52 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe [2008/11/02 18:36:52 | 00,086,528 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe [2008/11/02 18:36:52 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe [2008/11/02 18:36:52 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe [2008/11/02 18:36:52 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe [2008/11/02 18:36:52 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe [2008/11/02 18:36:51 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe [2008/11/02 18:36:51 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe [2008/11/02 18:36:51 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe [2008/11/02 18:36:51 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe [2008/11/02 17:56:31 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2008/11/02 17:56:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2008/11/02 17:56:05 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour [2008/11/02 17:46:46 | 00,000,834 | ---- | C] () -- C:\WINDOWS\Active Setup Log.BAK [2008/11/02 17:07:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Leslie.HOME\Application Data\Lavasoft [2008/10/31 17:30:41 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2008/10/31 17:30:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Leslie.HOME\Application Data\skypePM [2008/10/31 17:28:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Leslie.HOME\Application Data\Skype [2008/10/31 17:28:04 | 00,000,000 | ---D | C] -- C:\Program Files\Skype [2008/10/31 17:27:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype [2008/10/30 00:33:44 | 00,190,086 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Spiderweb Marketing.bmp [2008/10/28 23:39:08 | 00,016,076 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Resume for Leslie.wpd Wolverine.htm [2008/10/27 15:52:58 | 00,081,780 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\Desktop\Georgia 2 yrs.jpg [2008/10/27 13:32:10 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player [2008/10/25 23:30:05 | 00,831,141 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\My Documents\sts[1]bobbyenglish.pdf [2008/10/25 21:25:36 | 00,831,158 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\My Documents\sts[1] 10 easy steps to success.pdf [2008/10/23 19:24:23 | 00,028,038 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Resume for Leslie.pdf [2008/10/23 19:07:26 | 00,043,144 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Resume for Leslie.wpd.wpd [2008/10/23 11:57:18 | 00,003,003 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\My Documents\gdi_left.gif [2008/10/20 17:51:49 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Acrobat.com.lnk [2008/10/20 17:35:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Leslie.HOME\Desktop\Adobe Reader 9 Installer [2008/10/20 17:31:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS [2008/10/20 17:31:51 | 00,000,000 | ---D | C] -- C:\Program Files\NOS [2008/10/20 17:28:20 | 00,013,944 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Chad's_Resume_10-08.docx [2008/10/20 15:31:19 | 00,051,712 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Erika_Scalissi_REVISE_2008.doc [2008/10/20 15:20:38 | 00,039,513 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Business_Management_Entry_Level_Position.doc [2008/10/20 15:13:49 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\My Documents\RESUME.doc [2008/10/17 19:44:08 | 00,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe [2008/10/17 17:06:24 | 00,040,960 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Julie_Holmes_7-08.doc [2008/10/15 21:59:23 | 01,399,989 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\My Documents\GDIflyer1.wpd [2008/10/15 21:45:05 | 00,160,083 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\My Documents\GDIflyer1.pdf [2008/10/15 21:33:34 | 01,082,880 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\My Documents\GDIflyer1.doc [2008/10/15 08:51:00 | 00,043,164 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Resume for Leslie.wpd [2008/10/14 07:10:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2008/10/09 15:54:26 | 00,186,411 | ---- | C] () -- C:\Documents and Settings\Leslie.HOME\My Documents\leslieg461.htm ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [7 C:\WINDOWS\*.tmp files] [2008/11/07 23:28:00 | 00,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2008/11/07 20:43:35 | 00,023,832 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Amber_Arnold_customer_service_resume.doc [2008/11/07 20:16:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2008/11/07 20:15:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2008/11/07 00:41:17 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2008/11/06 15:39:08 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\Desktop\HijackThis.lnk [2008/11/06 15:25:41 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk [2008/11/06 15:21:34 | 81,199,758 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\backup.reg [2008/11/06 06:33:14 | 00,433,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2008/11/06 06:33:14 | 00,067,962 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2008/11/06 06:33:13 | 00,509,720 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2008/11/06 06:28:39 | 00,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2008/11/06 06:27:01 | 00,411,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/11/06 01:41:52 | 00,250,048 | RHS- | M] () -- C:\ntldr [2008/11/06 00:37:40 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2008/11/06 00:34:51 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\desktop.ini [2008/11/05 20:06:59 | 05,846,506 | -H-- | M] () -- C:\Documents and Settings\Leslie.HOME\Local Settings\Application Data\IconCache.db [2008/11/05 11:34:57 | 00,000,653 | ---- | M] () -- C:\WINDOWS\win.ini [2008/11/05 11:34:57 | 00,000,304 | RHS- | M] () -- C:\boot.ini [2008/11/05 11:34:56 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2008/11/05 11:30:34 | 00,001,500 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg [2008/11/05 11:30:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2008/11/04 23:56:21 | 00,000,016 | ---- | M] () -- C:\WINDOWS\popcinfo.dat [2008/11/04 19:52:27 | 00,000,834 | ---- | M] () -- C:\WINDOWS\Active Setup Log.BAK [2008/11/04 11:19:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2008/11/03 15:58:09 | 53,574,0416 | -HS- | M] () -- C:\hiberfil.sys [2008/11/03 13:58:38 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2008/11/03 13:58:38 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2008/11/01 16:42:49 | 00,043,164 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Resume for Leslie.wpd [2008/10/31 17:30:41 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat [2008/10/30 00:33:44 | 00,190,086 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Spiderweb Marketing.bmp [2008/10/28 23:39:19 | 00,043,144 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Resume for Leslie.wpd.wpd [2008/10/28 23:39:08 | 00,016,076 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Resume for Leslie.wpd Wolverine.htm [2008/10/27 15:53:00 | 00,081,780 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\Desktop\Georgia 2 yrs.jpg [2008/10/25 23:30:05 | 00,831,141 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\sts[1]bobbyenglish.pdf [2008/10/25 21:25:36 | 00,831,158 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\sts[1] 10 easy steps to success.pdf [2008/10/23 19:24:34 | 00,028,038 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Resume for Leslie.pdf [2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008/10/21 13:54:36 | 00,003,003 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\gdi_left.gif [2008/10/20 18:07:10 | 00,013,944 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Chad's_Resume_10-08.docx [2008/10/20 17:51:49 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Acrobat.com.lnk [2008/10/20 15:31:21 | 00,051,712 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Erika_Scalissi_REVISE_2008.doc [2008/10/20 15:20:40 | 00,039,513 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Business_Management_Entry_Level_Position.doc [2008/10/20 15:13:52 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\RESUME.doc [2008/10/17 19:42:57 | 00,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe [2008/10/17 17:06:27 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Julie_Holmes_7-08.doc [2008/10/15 21:59:23 | 01,399,989 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\GDIflyer1.wpd [2008/10/15 21:33:56 | 01,082,880 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\GDIflyer1.doc [2008/10/15 19:38:34 | 00,160,083 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\GDIflyer1.pdf [2008/10/15 11:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll [2008/10/15 11:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2008/10/14 19:05:07 | 00,004,162 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\Jim Rogers.wpd [2008/10/09 15:54:29 | 00,186,411 | ---- | M] () -- C:\Documents and Settings\Leslie.HOME\My Documents\leslieg461.htm < End of report > |
|||
|
|
|
11-08-2008, 01:47 PM
Post: #4
|
|||
|
|||
|
RE: Returning results as instructed
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, November 8, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, November 08, 2008 02:04:40 Records in database: 1374369 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer C:\ D:\ Scan statistics Files scanned 71029 Threat name 1 Infected objects 2 Suspicious objects 0 Duration of the scan 02:44:10 File name Threat name Threats count C:\Documents and Settings\Leslie.HOME\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 C:\Documents and Settings\Leslie.HOME\Desktop\Unused Desktop Shortcuts\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 The selected area was scanned. |
|||
|
|
|
11-09-2008, 09:13 AM
(This post was last modified: 11-09-2008 09:13 AM by MoNsTeReNeRgY22.)
Post: #5
|
|||
|
|||
|
RE: Returning results as instructed
Nice job your log looks clean!
Please use the following suggestions to help prevent reinfection. Also, you may delete any tools I had you download during the cleaning process. System Restore maintains a backup of your programs and may also backup infections, so please reset it to make a clean Restore Point. Please do this: On the Desktop, right-click My Computer > click Properties > click the System Restore tab. Check Turn off System Restore. Click Apply > a window will pop up and ask if you really want to turn it off > click Yes. Please wait a few moments to let it clear. Now please remove the check from Turn off System Restore. Click Apply, and then click OK. System Restore will be working again and will have a new Restore Point. The following is a list of tools and utilities that I like to suggest to people to help keep from getting infected again. As a note, all of the tools and utilities mentioned are either free or have free versions available. SpywareBlaster - Great prevention tool to keep malware from installing on your system. **Tutorial on installing & using this product can be found HERE** SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. **Tutorial on installing & using this product can be found HERE** MVPS Hosts file - This handy download replaces your current HOSTS file with one containing well known ad sites and other bad/malicous sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. Firewall A firewall is very important, in order to protect your computer from hackers. I notice that you don't have one installed! Therefore I recommend Comodo, Online Armor, or Outpost. **Tutorial on Firewalls can be found HERE** Internet Browser - Internet Explorer is not the safest not the fastest internew browser anymore. There are way better alternatives out there that are faster, more secure, and have many more useful features. I recommend Opera or Firefox It is important to run only one of each type of protection program in resident mode at a time since conflicts can make them less effective. This would mean only one resident antivirus, firewall and scanning type of anti-spyware. Programs like Spyware Blaster and MBAM do not conflict with any of these since they don't have a real time scanning engine that would conflict. Windows Updates - It is highly recommended to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there. It is also highly recommended to stay on top of your updates at all times, for Windows and all the above mentioned applications. This will ensure that you stay protected at the maximum level possible. Finally, I strongly recommend ![[Image: action-smiley-036.gif]](http://www.clicksmilies.com/s0105/aktion/action-smiley-036.gif) How did I get infected in the first place? (by Tony Klein)Good luck and safe surfing
My help is always free, but if I have helped you, please consider making a donation to help me continue in the fight against Malware! |
|||
|
|
|
12-01-2008, 06:17 AM
Post: #6
|
|||
|
|||
|
RE: [RESOLVED] Returning results as instructed
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. My help is always free, but if I have helped you, please consider making a donation to help me continue in the fight against Malware! |
|||
|
|
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads... | |||||
| Thread: | Author | Replies: | Views: | Last Post | |
 |
[RESOLVED] Help plz?? T T | fnxsfks | 4 | 135 |
Today 01:21 AM Last Post: MoNsTeReNeRgY22 |
| [STALE] my results after... " MUST READ BEFORE POSTING! " ...plz help !!! thx | loreena | 2 | 217 |
12-01-2008 06:17 AM Last Post: MoNsTeReNeRgY22 |
|
| Submitting report as instructed - Thank You | acristescu | 2 | 84 |
12-01-2008 06:16 AM Last Post: MoNsTeReNeRgY22 |
|
| [RESOLVED] Getting owned | KrNfLyGuYbRi | 9 | 451 |
11-05-2008 06:54 PM Last Post: MoNsTeReNeRgY22 |
|
| [RESOLVED] Virus. Whent through steps heres my log | xChAoTiCx | 33 | 1,313 |
11-05-2008 06:53 PM Last Post: MoNsTeReNeRgY22 |
|
| [RESOLVED] Friends pc giving him problems, cant open control panel | exinsane | 13 | 605 |
09-19-2008 04:54 AM Last Post: MoNsTeReNeRgY22 |
|