being attacked by a virus!

View previous topic View next topic Go down

being attacked by a virus!

Post by kmiller on 5th February 2010, 1:53 am

help! my computer is infected with wormLsas.blaster.keyloger.
it seems that every program is infected!

kmiller
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-02-05
OS OS : Windows XP
Points Points : 25093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: being attacked by a virus!

Post by Belahzur on 5th February 2010, 2:14 am

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

being attacked by a virus!

Post by kmiller on 5th February 2010, 1:30 pm

HI! I cannot download the program to my desktop. My desktop is cleared of all icons and is a different color than it usually is. I downloaded the program to My Documents, but got a message that it was infected and wouldn't run. Now I'm freaking out.

kmiller
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-02-05
OS OS : Windows XP
Points Points : 25093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: being attacked by a virus!

Post by Belahzur on 5th February 2010, 4:49 pm

Rename OTL.exe to explorer.exe and see if it will run now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

being attacked by a virus!

Post by kmiller on 5th February 2010, 5:31 pm

Okay, that worked! and both logs are in My Documents. When I click on them a security warning comes up that notebook is infected and when I right click to copy them, it won't let me paste them here. argh.

kmiller
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-02-05
OS OS : Windows XP
Points Points : 25093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: being attacked by a virus!

Post by Belahzur on 5th February 2010, 6:44 pm

Can you open them in Wordpad instead of Notepad?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

being attacked by a virus!

Post by kmiller on 5th February 2010, 9:43 pm

nope. i get a message that says wordpad is infected.

kmiller
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-02-05
OS OS : Windows XP
Points Points : 25093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: being attacked by a virus!

Post by Belahzur on 5th February 2010, 10:24 pm

Can you transfer the log file over from the infected machine to a working machine via USB and post it from there?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

attacked by virus!

Post by kmiller on 6th February 2010, 2:05 am

okay - log #1
OTL Extras logfile created on: 2/5/2010 12:18:38 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 102.00 Mb Available Physical Memory | 20.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 42.85 Gb Free Space | 38.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MILLER
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN\MSNCoreFiles\msn.exe" = C:\Program Files\MSN\MSNCoreFiles\msn.exe:*:Enabled:msn -- File not found
"C:\Program Files\Valve\Steam\Steam.exe" = C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- File not found
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\1137537220\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1137537220\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1137537220\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1137537220\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Kazaa\kazaa.exe" = C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa -- File not found
"C:\Program Files\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility\ZyXEL G-220 v2.exe" = C:\Program Files\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility\ZyXEL G-220 v2.exe:*:Enabled:ZyXEL G-220 v2 Wireless Adapter Utility -- (ZyXEL Communications Corp.)
"C:\Program Files\Cartoon Network\Ben 10 Bounty Hunters\RT_Multiplayer.exe" = C:\Program Files\Cartoon Network\Ben 10 Bounty Hunters\RT_Multiplayer.exe:*:Enabled:RT_Multi Application -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0B5F5D71-117C-4381-98AC-9DBDAD5AE1B6}" = MSN Toolbar Platform
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25EF00A0-F17B-11D6-88EA-000476CD2443}(Verizon Online)" = Visual IP InSight(Verizon Online)
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{4ecaf021-478c-40c1-b777-3368a15f9966}" = Macromedia Flash Player
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{62C3CFD3-4B1C-4C8F-8C2E-9B13B66768AB}" = ZyXEL G-220 v2 Wireless Adapter Utility
"{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}" = ArcSoft PhotoImpression 4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = DVD
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C46B4678-0F42-4791-9D19-BE01BB3DD358}" = Roxio Easy DVD Copy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D76E927F-E292-434B-9661-3858F5D7BF63}" = EPSON PhotoCenter
"{D87D6386-3C2D-4239-9780-3418FB7B0E94}" = Print Lab Series
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E5B26C1E-4751-4F03-BC18-634F41F31EC6}" = DoMore
"{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F10082FE-BACB-4E58-A423-DAD6BFC8B3A2}" = Gateway Ink Monitor
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"5A137FCB-35EA-4849-8239-AFEBD2F45B3B" = Otto from Gateway (remove only)
"618CD711-AFB3-4EB4-9B48-ABD2AB370B21" = Slyder from Gateway (remove only)
"A375E2C6-77CA-4F2F-AB6F-CD0A96D87B24" = Overball from Gateway (remove only)
"ADFCE1E4-A420-437C-998D-EAF04E3601BE" = Excavation from Gateway (remove only)
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Arthur's Thinking Games" = Arthur's Thinking Games
"BECB8A74-E07D-44A1-813D-1E390EB3047B" = Orbital from Gateway (remove only)
"C4D2212B-5331-470D-9BF7-96DB25A398C7" = Polar Bowler from Gateway (remove only)
"CCleaner" = CCleaner (remove only)
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Creative Driver" = Creative Driver
"Dora's Lost and Found Adventure" = Dora's Lost and Found Adventure
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPN RunTime" = ESPN RunTime
"Glary Registry Repair_is1" = Glary Registry Repair 3.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"Intel(R) 537EP Data Fax Modem" = Intel(R) 537EP Data Fax Modem
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MWASPI" = MicroStaff WINASPI
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Ahead Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Photon" = Professor Franklin
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"PROR" = Microsoft Office Professional 2007 Trial
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 12.0" = RealPlayer
"RRF.exe" = Reader Rabbit's 1st Grade
"SFlyStudio" = Shutterfly Studio
"Shockwave" = Shockwave
"Silent Package Run-Time Sample" = ESPR320 Reference Guide
"SLAMRMO" = Smart Link 56K Modem
"TTB000001.TTB000001Toolbar" = CouponBar
"UnityWebPlayer" = Unity Web Player
"Verizon.MCCInstall" = Verizon Online Support Center
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.190
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2010 6:33:33 PM | Computer Name = MILLER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 6:07:53 PM | Computer Name = MILLER | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module qdvd.dll, version 6.5.2600.5512, fault address 0x000255ef.

Error - 1/18/2010 7:51:21 PM | Computer Name = MILLER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2010 7:49:56 PM | Computer Name = MILLER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2010 9:39:11 PM | Computer Name = MILLER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2010 9:40:21 PM | Computer Name = MILLER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2010 11:30:40 AM | Computer Name = MILLER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18854, fault address 0x000d6a3b.

Error - 1/20/2010 11:31:08 AM | Computer Name = MILLER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18854, fault address 0x000d6a3b.

[ OSession Events ]
Error - 8/13/2009 5:13:34 PM | Computer Name = MILLER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 600
seconds with 120 seconds of active time. This session ended with a crash.

Error - 8/13/2009 5:14:14 PM | Computer Name = MILLER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/25/2009 7:04:54 PM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/25/2009 7:56:06 PM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/25/2009 8:53:08 PM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/25/2009 9:50:20 PM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/25/2009 10:24:43 PM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/25/2009 11:03:04 PM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/26/2009 12:00:56 AM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/26/2009 12:54:58 AM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/26/2009 1:46:50 AM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/26/2009 3:29:03 AM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.


< End of report >

kmiller
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-02-05
OS OS : Windows XP
Points Points : 25093
# Likes # Likes : 0

View user profile

Back to top Go down

being attacked by a virus!

Post by kmiller on 6th February 2010, 2:07 am

log #2

OTL logfile created on: 2/5/2010 12:18:38 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 102.00 Mb Available Physical Memory | 20.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 42.85 Gb Free Space | 38.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MILLER
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/05 08:26:29 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\explorer.exe
PRC - [2010/02/03 23:43:45 | 001,060,352 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\87231324\87231324.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/12/11 20:39:30 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/11 20:37:42 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/11/01 00:59:48 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0346.1\mswinext.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/04/19 10:58:49 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/19 10:58:49 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/05/06 19:50:40 | 002,500,096 | ---- | M] () -- C:\Program Files\Shutterfly\Studio\Bin\SFlyStudio.exe
PRC - [2008/04/13 19:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2007/01/19 19:13:32 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/09/12 14:44:02 | 010,891,264 | ---- | M] (ZyXEL Communications Corp.) -- C:\Program Files\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility\ZyXEL G-220 v2.exe
PRC - [2006/03/09 15:29:00 | 000,143,436 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvsvc32.exe
PRC - [2005/05/19 13:55:58 | 000,101,888 | ---- | M] (Walt Disney Internet Group) -- C:\Program Files\ESPNRunTime\DIGServices.exe
PRC - [2005/05/18 14:49:24 | 000,282,624 | ---- | M] (Walt Disney Internet Group) -- C:\Program Files\DIGStream\digstream.exe
PRC - [2003/12/17 11:57:08 | 000,106,496 | ---- | M] (Sony Corporation.) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
PRC - [2003/12/12 18:55:06 | 000,053,248 | ---- | M] (TODO: ) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
PRC - [2003/11/21 21:02:42 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
PRC - [2003/06/24 21:33:00 | 000,303,180 | ---- | M] (Gateway) -- C:\Program Files\Gateway Utilities\GWInkMonitor.exe
PRC - [2003/06/07 06:32:32 | 000,050,688 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2003/01/21 16:34:42 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINNT\system32\cthelper.exe
PRC - [2002/03/18 05:34:42 | 000,364,544 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
PRC - [2002/03/18 05:34:42 | 000,102,400 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\Visual IP InSight\ipmon32.exe


========== Modules (SafeList) ==========

MOD - [2010/02/05 08:26:29 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\explorer.exe
MOD - [2003/01/21 16:34:52 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\WINNT\system32\ctagent.dll
MOD - [2002/03/18 05:34:42 | 000,094,208 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\Visual IP InSight\iphook32.dll
MOD - [2000/06/15 15:32:24 | 000,036,864 | ---- | M] (Tartan Software) -- C:\Program Files\Gateway Utilities\inkpeek.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/05 08:54:23 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/12/11 20:42:22 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/08/07 12:44:18 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/04/19 10:58:49 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/03/09 15:29:00 | 000,143,436 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINNT\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/19 16:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/11/02 16:57:04 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINNT\system32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/08/28 21:48:26 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/28 21:48:26 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/08/17 10:03:30 | 000,402,944 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\WlanGZXP.SYS -- (ZG760_XP)
DRV - [2006/08/17 10:03:30 | 000,019,072 | ---- | M] (ZDC., Inc. (ZDC)) [Kernel | Auto | Running] -- C:\WINNT\system32\ZDCndis5.sys -- (ZDCNDIS5)
DRV - [2006/07/05 13:10:23 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/07/05 13:10:23 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/03/09 15:29:00 | 003,650,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/11/19 19:45:31 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/08/04 00:41:44 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/08/04 00:41:42 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/08/04 00:41:39 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/08/04 00:41:39 | 000,013,776 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\recagent.sys -- (RecAgent)
DRV - [2004/08/04 00:41:38 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/08/04 00:41:37 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2003/12/03 17:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2003/08/03 23:16:08 | 000,120,094 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS)
DRV - [2003/08/03 23:16:00 | 000,096,858 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH)
DRV - [2003/08/03 23:15:04 | 000,091,419 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2003/07/16 15:52:40 | 000,050,805 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2003/07/16 15:52:28 | 001,075,685 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2003/07/16 15:51:56 | 000,481,305 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2003/07/16 15:51:28 | 000,031,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/07/02 19:00:00 | 000,274,816 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2003/03/31 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/03/18 11:00:54 | 000,542,976 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/03/04 11:56:26 | 000,145,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2003/01/21 16:14:26 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/01/21 16:14:16 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/01/21 16:14:00 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/01/21 16:13:52 | 000,184,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/01/21 16:13:40 | 000,497,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/01/21 16:12:20 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/01/21 16:12:08 | 000,139,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\hap16v2k.sys -- (hap16v2k)
DRV - [2003/01/21 16:11:50 | 000,822,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/01/21 10:10:14 | 000,286,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/01/17 01:19:32 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2002/04/01 11:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001/08/23 14:00:00 | 000,022,400 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 13:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 A1 44 24 AD A2 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 41
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0346.1\Firefox [2009/11/20 17:19:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/11/20 17:19:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/15 20:42:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/04 22:26:14 | 000,000,000 | ---D | M]

[2009/08/13 20:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/12/19 11:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o16931wn.default\extensions
[2009/08/14 18:18:58 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o16931wn.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/12/19 11:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o16931wn.default\extensions\ChoiceGuard@Microsoft
[2009/08/13 20:06:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

O1 HOSTS File: ([2009/08/13 19:52:37 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINNT\CouponBarIE.dll (Coupons, Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0346.1\npwinext.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINNT\CouponBarIE.dll (Coupons, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0346.1\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&ESPN) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll (Walt Disney Internet Group)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINNT\CouponBarIE.dll (Coupons, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [56730728] C:\Documents and Settings\All Users\Application Data\56730728\56730728.exe ()
O4 - HKLM..\Run: [87231324] C:\Documents and Settings\All Users\Application Data\87231324\87231324.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINNT\System32\cthelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe (Walt Disney Internet Group)
O4 - HKLM..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe (Walt Disney Internet Group)
O4 - HKLM..\Run: [EPSON Stylus Photo R320 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Gateway Ink Monitor] C:\Program Files\Gateway Utilities\GWInkMonitor.exe (Gateway)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IPInSightLAN 01] C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (TODO: )
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\Verizon Online\SupportCenter\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0346.1\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINNT\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZyXEL G-220 v2 Wireless Adapter Utility.lnk = C:\Program Files\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility\ZyXEL G-220 v2.exe (ZyXEL Communications Corp.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} [You must be registered and logged in to see this link.] (CInstall Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} [You must be registered and logged in to see this link.] (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} [You must be registered and logged in to see this link.] (Wizard101GameLauncher)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} [You must be registered and logged in to see this link.] (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} [You must be registered and logged in to see this link.] (Virtools WebPlayer Class)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} [You must be registered and logged in to see this link.] (IWinAmpActiveX Class)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Yahoo! Word Racer [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (OldTimer Tools)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/05 09:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/05 09:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/05 08:26:29 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\explorer.exe
[2010/02/05 08:24:23 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/04 20:50:49 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\winlogon.scr
[2010/02/03 23:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\56730728
[2010/02/03 23:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\87231324
[2010/02/02 11:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/01/29 09:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\amelia faces 1.27.10
[2010/01/15 12:19:24 | 000,230,808 | R--- | C] (Coupons, Inc.) -- C:\WINNT\cpnprt2.cid
[2010/01/13 15:50:24 | 000,049,904 | R--- | C] (Avanquest Software) -- C:\WINNT\System32\drivers\BVRPMPR5.SYS
[2010/01/13 15:49:29 | 000,000,000 | ---D | C] -- C:\Netgear
[2010/01/13 10:07:53 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\aclayers.dll
[2010/01/07 15:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\'08_05_03_01
[2010/01/07 14:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\project365
[2010/01/07 13:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\aj 12.09
[2010/01/07 13:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\circus school12.30.09
[2009/11/20 19:00:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/20 19:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/20 17:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/09/22 11:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/04/07 09:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Viewpoint
[2007/02/06 14:21:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/12/31 21:55:15 | 000,090,112 | R--- | C] ( ) -- C:\WINNT\System32\SCCD3X02.DLL
[2003/10/16 10:58:42 | 000,014,976 | ---- | C] ( ) -- C:\WINNT\System32\drivers\winddx.sys
[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/05 12:13:31 | 000,000,886 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/05 12:12:48 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Security Tool.lnk
[2010/02/05 12:12:45 | 000,049,980 | ---- | M] () -- C:\WINNT\System32\nvapps.xml
[2010/02/05 12:12:44 | 000,000,882 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/05 12:12:42 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/02/05 12:12:40 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/02/05 12:12:39 | 535,613,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/05 12:11:53 | 000,030,036 | ---- | M] () -- C:\WINNT\System32\BMXStateBkp-{00000001-00000000-00000001-00001102-00000004-10061102}.rfx
[2010/02/05 12:11:53 | 000,030,036 | ---- | M] () -- C:\WINNT\System32\BMXState-{00000001-00000000-00000001-00001102-00000004-10061102}.rfx
[2010/02/05 12:11:53 | 000,029,760 | ---- | M] () -- C:\WINNT\System32\BMXCtrlState-{00000001-00000000-00000001-00001102-00000004-10061102}.rfx
[2010/02/05 12:11:53 | 000,029,760 | ---- | M] () -- C:\WINNT\System32\BMXBkpCtrlState-{00000001-00000000-00000001-00001102-00000004-10061102}.rfx
[2010/02/05 12:11:53 | 000,001,080 | ---- | M] () -- C:\WINNT\System32\settingsbkup.sfm
[2010/02/05 12:11:53 | 000,001,080 | ---- | M] () -- C:\WINNT\System32\settings.sfm
[2010/02/05 12:11:53 | 000,000,288 | ---- | M] () -- C:\WINNT\System32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
[2010/02/05 12:11:53 | 000,000,288 | ---- | M] () -- C:\WINNT\System32\DVCState-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
[2010/02/05 12:11:40 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/02/05 12:11:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/05 12:11:30 | 004,481,358 | ---- | M] () -- C:\WINNT\{00000001-00000000-00000001-00001102-00000004-10061102}.CDF
[2010/02/05 08:26:29 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\explorer.exe
[2010/02/05 08:24:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/04 20:50:50 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\winlogon.scr
[2010/02/03 23:44:15 | 001,060,352 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\install.exe
[2010/02/03 07:46:37 | 000,043,178 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/02/03 07:46:21 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sweep.doc
[2010/02/03 07:41:27 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2010/02/02 11:45:07 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/30 00:46:46 | 000,583,762 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ticket for bus.mht
[2010/01/29 09:02:08 | 000,029,264 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\ViewerApp.dat
[2010/01/28 16:09:28 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/27 23:50:02 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2010/01/21 13:30:47 | 000,139,422 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Miller, Kath Elem 1-20-10[1].pdf
[2010/01/21 11:59:10 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Dear dad.doc
[2010/01/15 12:19:24 | 000,230,808 | R--- | M] (Coupons, Inc.) -- C:\WINNT\cpnprt2.cid
[2010/01/15 12:19:23 | 000,230,808 | ---- | M] (Coupons, Inc.) -- C:\WINNT\System32\cpnprt2.cid
[2010/01/15 00:39:06 | 000,001,374 | ---- | M] () -- C:\WINNT\imsins.BAK
[2010/01/14 00:39:30 | 001,918,235 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DSC01078.JPG
[2010/01/14 00:38:36 | 001,819,132 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DSC01076.JPG
[2010/01/13 18:16:42 | 000,005,880 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Router_Setup.html
[2010/01/12 17:10:25 | 000,304,186 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pizsza1.wav
[2010/01/12 17:03:40 | 000,950,330 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\aj sijn gs.wav
[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/05 09:08:50 | 000,000,886 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/05 08:54:34 | 000,000,882 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/03 23:44:42 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Security Tool.lnk
[2010/02/03 23:44:12 | 001,060,352 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\install.exe
[2010/02/03 07:46:21 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sweep.doc
[2010/02/02 11:45:07 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/30 00:46:40 | 000,583,762 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ticket for bus.mht
[2010/01/21 13:30:47 | 000,139,422 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Miller, Kath Elem 1-20-10[1].pdf
[2010/01/21 11:59:09 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Dear dad.doc
[2010/01/14 00:39:30 | 001,918,235 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DSC01078.JPG
[2010/01/14 00:38:36 | 001,819,132 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DSC01076.JPG
[2010/01/13 16:24:06 | 000,000,172 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\Router Login.url
[2010/01/13 16:24:01 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Router_Setup.html
[2010/01/12 17:10:25 | 000,304,186 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pizsza1.wav
[2010/01/12 17:03:40 | 000,950,330 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\aj sijn gs.wav
[2009/01/17 16:10:56 | 000,000,107 | ---- | C] () -- C:\WINNT\TLCAPPS.INI
[2008/02/28 13:32:02 | 000,000,043 | ---- | C] () -- C:\WINNT\spookydisplay.ini
[2008/02/28 13:31:59 | 000,063,488 | ---- | C] () -- C:\WINNT\xobglu16.dll
[2008/02/28 13:31:59 | 000,023,552 | ---- | C] () -- C:\WINNT\xobglu32.dll
[2007/10/04 21:50:58 | 000,000,031 | -H-- | C] () -- C:\WINNT\uccspecc.sys
[2007/07/18 08:01:09 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\InsDrvZD.dll
[2007/07/18 08:01:09 | 000,015,872 | ---- | C] () -- C:\WINNT\System32\InsDrvZD64.DLL
[2007/07/18 08:01:08 | 000,001,162 | ---- | C] () -- C:\WINNT\System32\W32N55.INI
[2007/07/18 08:01:05 | 000,000,008 | -HS- | C] () -- C:\WINNT\System32\drivers\_desktop.ini
[2007/07/18 08:01:05 | 000,000,008 | -HS- | C] () -- C:\WINNT\System32\_desktop.ini
[2007/07/10 22:00:44 | 000,000,097 | ---- | C] () -- C:\WINNT\iPlayer.INI
[2007/03/30 13:31:20 | 000,049,152 | ---- | C] () -- C:\WINNT\System32\dec_jl6.dll
[2007/02/22 21:02:54 | 000,006,048 | ---- | C] () -- C:\WINNT\System32\MCC16.dll
[2006/07/19 13:10:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\imageCache7.db
[2006/06/13 15:02:11 | 000,000,089 | ---- | C] () -- C:\WINNT\QTW.INI
[2006/03/20 14:58:46 | 000,000,344 | ---- | C] () -- C:\WINNT\hpipcopy.INI
[2006/03/09 15:29:00 | 000,573,440 | ---- | C] () -- C:\WINNT\System32\nvhwvid.dll
[2006/03/09 15:29:00 | 000,098,304 | ---- | C] () -- C:\WINNT\System32\nvapi.dll
[2006/01/17 16:49:22 | 000,000,028 | ---- | C] () -- C:\WINNT\atid.ini
[2005/11/09 11:27:26 | 000,002,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/09/12 17:13:49 | 000,000,000 | ---- | C] () -- C:\WINNT\SETUP32.INI
[2005/04/02 16:08:47 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/28 19:26:34 | 000,029,264 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ViewerApp.dat
[2005/01/29 15:08:12 | 000,000,022 | ---- | C] () -- C:\WINNT\System32\PICSDK.ini
[2005/01/29 14:51:50 | 000,000,058 | ---- | C] () -- C:\WINNT\System32\EAL32.INI
[2005/01/29 14:51:41 | 000,000,044 | ---- | C] () -- C:\WINNT\EPSPR320.ini
[2004/12/31 21:55:15 | 000,131,072 | R--- | C] () -- C:\WINNT\System32\SCCD3X01.DLL
[2004/12/23 22:13:49 | 000,000,048 | ---- | C] () -- C:\WINNT\WININIT.INI
[2004/10/29 16:50:00 | 001,662,976 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll
[2004/10/29 16:50:00 | 001,019,904 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll
[2004/10/29 16:50:00 | 000,286,720 | ---- | C] () -- C:\WINNT\System32\nvnt4cpl.dll
[2004/10/25 18:31:42 | 000,001,682 | -HS- | C] () -- C:\WINNT\System32\KGyGaAvL.sys
[2004/10/25 18:31:42 | 000,000,056 | RHS- | C] () -- C:\WINNT\System32\A6A088FB89.sys
[2004/08/30 16:41:42 | 000,000,002 | ---- | C] () -- C:\WINNT\msoffice.ini
[2004/08/05 13:11:04 | 000,001,043 | ---- | C] () -- C:\WINNT\hegames.ini
[2004/08/02 15:59:36 | 000,001,343 | ---- | C] () -- C:\WINNT\DISNEY.INI
[2004/07/13 20:12:19 | 000,002,404 | ---- | C] () -- C:\WINNT\cdPlayer.ini
[2004/07/02 17:53:08 | 000,000,000 | ---- | C] () -- C:\WINNT\PrintWiz.INI
[2004/07/02 07:15:12 | 000,185,344 | R--- | C] () -- C:\WINNT\FRANKCAL.DLL
[2004/03/30 20:16:45 | 000,000,751 | ---- | C] () -- C:\WINNT\Rtcwplat.INI
[2004/03/22 21:28:12 | 000,210,944 | ---- | C] () -- C:\WINNT\System32\MSVCRT10.DLL
[2004/03/22 21:28:12 | 000,000,163 | ---- | C] () -- C:\WINNT\KPCMS.INI
[2004/03/22 21:28:10 | 000,100,864 | ---- | C] () -- C:\WINNT\System32\Dc50ip32.dll
[2004/03/22 21:28:10 | 000,065,864 | ---- | C] () -- C:\WINNT\System32\Digita.sys
[2004/03/22 21:28:10 | 000,006,144 | ---- | C] () -- C:\WINNT\System32\ImgLibLead.dll
[2004/03/22 21:21:29 | 000,306,688 | ---- | C] () -- C:\WINNT\System32\Lffpx7.dll
[2004/03/22 21:21:29 | 000,095,232 | ---- | C] () -- C:\WINNT\System32\Lfkodak.dll
[2004/03/06 18:08:06 | 000,000,043 | ---- | C] () -- C:\WINNT\encore_launcher.ini
[2004/02/22 04:57:12 | 000,000,000 | ---- | C] () -- C:\WINNT\ka.ini
[2004/01/18 18:19:08 | 000,030,208 | ---- | C] () -- C:\WINNT\System32\WNASPI32.DLL
[2004/01/18 18:19:08 | 000,000,283 | ---- | C] () -- C:\WINNT\msfsetup.ini
[2004/01/18 18:10:35 | 000,003,654 | ---- | C] () -- C:\WINNT\System32\drivers\Sonyhcp.dll
[2004/01/11 17:25:53 | 000,043,178 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2004/01/01 09:01:08 | 000,089,088 | ---- | C] () -- C:\WINNT\System32\hpgt33.dll
[2003/12/14 14:16:31 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2003/10/16 10:58:42 | 000,466,944 | ---- | C] () -- C:\WINNT\System32\SLLights.dll
[2003/10/16 10:58:42 | 000,151,552 | ---- | C] () -- C:\WINNT\System32\amr_cpl.dll
[2003/10/15 10:15:29 | 000,049,152 | ---- | C] () -- C:\WINNT\System32\coinst.dll
[2003/10/14 16:56:53 | 000,000,825 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2003/10/14 16:56:05 | 000,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI
[2003/10/14 16:53:24 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\JAWTAccessBridge.dll
[2003/10/14 16:50:22 | 000,094,208 | ---- | C] () -- C:\WINNT\System32\PCDrKernelModeServices.dll
[2003/10/14 16:50:22 | 000,077,824 | ---- | C] () -- C:\WINNT\System32\ProgressTrace.dll
[2003/10/14 16:49:24 | 000,000,571 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2003/10/06 14:57:12 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2003/10/06 14:40:33 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2003/06/13 12:31:00 | 001,466,368 | ---- | C] () -- C:\WINNT\System32\nview.dll
[2003/06/13 12:31:00 | 000,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll
[2003/01/21 16:18:20 | 000,003,680 | ---- | C] () -- C:\WINNT\System32\aud2_gw.ini
[2003/01/21 16:18:20 | 000,000,029 | ---- | C] () -- C:\WINNT\System32\ctzapxx.ini
[2003/01/21 16:09:42 | 000,052,992 | ---- | C] () -- C:\WINNT\System32\upddrv9x.dll
[2002/06/14 09:19:22 | 000,000,180 | ---- | C] () -- C:\WINNT\System32\kill.ini
[2001/08/23 14:00:00 | 000,022,400 | ---- | C] () -- C:\WINNT\System32\drivers\SbcpHid.sys
[2001/07/26 17:39:50 | 000,000,092 | ---- | C] () -- C:\WINNT\System32\editinf.ini
[1980/01/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINNT\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:773DA865
< End of report >

kmiller
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-02-05
OS OS : Windows XP
Points Points : 25093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: being attacked by a virus!

Post by Belahzur on 6th February 2010, 8:11 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    PRC - [2010/02/03 23:43:45 | 001,060,352 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\87231324\87231324.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINNT\CouponBarIE.dll (Coupons, Inc.)
    O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINNT\CouponBarIE.dll (Coupons, Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINNT\CouponBarIE.dll (Coupons, Inc.)
    O4 - HKLM..\Run: [56730728] C:\Documents and Settings\All Users\Application Data\56730728\56730728.exe ()
    O4 - HKLM..\Run: [87231324] C:\Documents and Settings\All Users\Application Data\87231324\87231324.exe ()
    O9 - Extra Button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - Reg Error: Value error. File not found
    [2010/02/03 23:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\56730728
    [2010/02/03 23:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\87231324[2010/01/15 12:19:24 | 000,230,808 | R--- | C] (Coupons, Inc.) -- C:\WINNT\cpnprt2.cid
    [2010/02/05 12:12:48 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Security Tool.lnk



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

being attacked by a virus!

Post by kmiller on 6th February 2010, 9:05 pm

okay! did that. I saw in the text that exe was killed successfully. could that be true? is there anything else? thank you for your help.

kmiller
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-02-05
OS OS : Windows XP
Points Points : 25093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: being attacked by a virus!

Post by Belahzur on 7th February 2010, 1:00 am

Were you able to get the log?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum