Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Google Hijacker/Google Search Result vir ...
Go to first new post server not found
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Ramnit virus, nearly cleared
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Network, good; Internet, bad
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Go to first new post This setup thing keeps popping up everyd ...
Go to first new post Extremely unresponsive, massive hang-ups ...
Go to first new post Trojan:dos/alureon.E still here!
Go to first new post Cannot access any google sites - youtube ...
Go to first new post "Congratulations, you won" &am ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Microsoft Visual C++ Runtime Library Buf ...
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Solved: Keylogger/Trojan Win32/sinowal.gen!R

Page 1 of 4 1 234
Reply  
Thread Tools
slb5's Avatar
Computer Specs
Member with 69 posts.
  
Join Date: Oct 2007
Experience: Beginner
07-Feb-2010, 06:26 PM #1
Keylogger/Trojan Win32/sinowal.gen!R
My PC is running XP with SP3 and I am using Firefox. My browser has been hacked.

I have a keylogger trojan named:

Win32/sinowal.gen!R
and
Win32/sinowal.gen!S

I found out I had something on my computer when I tried to log onto my bank's website (Chase dot com) and was redirected to a page for me to put in all my account details. I didn't give them any details but I know there is something on my computer from running Widows Live Care One safety scan. It found what it called a keylogger trojan and said it cleaned it, but it didn't.

I ran Superantispyware and Trend Micro Housecall and they didn't find anything.
Also, when I tried to search for Kaspersky anti-virus program I am redirected to a fake page.

Any help with this will be greatly appreciated.
Thank you.
Register for free to hide this ad!
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 25,165 posts.
  
Join Date: Mar 2001
Location: Bradford, England
08-Feb-2010, 06:46 AM #2
Hiya

Firstly, I would change your bank log in details as soon as you can, on another computer that is not connected to this one.

Then, can you do the following:

Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

---

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

---

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

-----
Please include the MBAM log, SAS log, Results.log and a fresh HijackThis log in your next reply

Regards

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

Proud Member of ASAP, Alliance of Security Analysis Professionals
slb5's Avatar
Computer Specs
Member with 69 posts.
  
Join Date: Oct 2007
Experience: Beginner
08-Feb-2010, 02:50 PM #3
Ok, thanks for you help. I am going to start now but wanted to mention that before I got your reply tried to install ESET nod32 and it didn't install properly and won't update or scan. Now I can't remove that as the uninstall isn't working. Can you help with the unistall of this and should I wait to do that before the other download and logs?
Thanks.
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 25,165 posts.
  
Join Date: Mar 2001
Location: Bradford, England
08-Feb-2010, 03:05 PM #4
The malware that you have installed may be blocking the use of anti-spyware programs, such as eset. Leave it for now, it won't cause any problems.

In the meantime, can you do the above still, but if any of the programs won't install/run, let me know and we'll do something else
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

Proud Member of ASAP, Alliance of Security Analysis Professionals
slb5's Avatar
Computer Specs
Member with 69 posts.
  
Join Date: Oct 2007
Experience: Beginner
08-Feb-2010, 03:34 PM #5
Downloaded and ran TFC and cleaned all temp files.

Downloaded and ran Malwarebytes...... it didn't find anything. I am posting the log and continuing with GMER to download and post log.


Malwarebytes' Anti-Malware 1.44
Database version: 3709
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/8/2010 11:31:21 AM
mbam-log-2010-02-08 (11-31-21).txt

Scan type: Quick Scan
Objects scanned: 133908
Time elapsed: 7 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
slb5's Avatar
Computer Specs
Member with 69 posts.
  
Join Date: Oct 2007
Experience: Beginner
08-Feb-2010, 07:29 PM #6
Had to run GMER twice as it had stopped the first time for some reason..... it takes a very long time to scan complete.
Here is the log from GMER and HJT to follow.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-08 15:24:55
Windows 5.1.2600 Service Pack 3
Running: o8kt6t2b.exe; Driver: C:\DOCUME~1\TERRIG~1\LOCALS~1\Temp\fxtyapow.sys


---- System - GMER 1.0.15 ----

SSDT 86D0D8A0 ZwAssignProcessToJobObject
SSDT 86D0CCB0 ZwOpenProcess
SSDT 86D0D0D0 ZwOpenThread
SSDT 86D0D6D0 ZwSuspendProcess
SSDT 86D0D4F0 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF51DA0B0]
SSDT 86D0D310 ZwTerminateThread

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 451 804E2AAD 7 Bytes [A0, 1D, F5, 10, D3, D0, 86]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[124] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 015A28F5
.text C:\WINDOWS\Explorer.EXE[124] WS2_32.dll!send 71AB4C27 5 Bytes JMP 015A2781
.text C:\WINDOWS\Explorer.EXE[124] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 015A2873
.text C:\WINDOWS\Explorer.EXE[124] WS2_32.dll!recv 71AB676F 5 Bytes JMP 015A27B9
.text C:\WINDOWS\Explorer.EXE[124] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 015A27F1
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[192] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E828F5
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[192] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E82781
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[192] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E82873
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[192] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E827B9
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[192] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E827F1
.text C:\Program Files\Bonjour\mDNSResponder.exe[316] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 007D28F5
.text C:\Program Files\Bonjour\mDNSResponder.exe[316] WS2_32.dll!send 71AB4C27 5 Bytes JMP 007D2781
.text C:\Program Files\Bonjour\mDNSResponder.exe[316] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 007D2873
.text C:\Program Files\Bonjour\mDNSResponder.exe[316] WS2_32.dll!recv 71AB676F 5 Bytes JMP 007D27B9
.text C:\Program Files\Bonjour\mDNSResponder.exe[316] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 007D27F1
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[400] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[400] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 04F028F5
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[400] WS2_32.dll!send 71AB4C27 5 Bytes JMP 04F02781
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[400] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 04F02873
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[400] WS2_32.dll!recv 71AB676F 5 Bytes JMP 04F027B9
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[400] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 04F027F1
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe[508] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 078528F5
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe[508] WS2_32.dll!send 71AB4C27 5 Bytes JMP 07852781
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe[508] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 07852873
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe[508] WS2_32.dll!recv 71AB676F 5 Bytes JMP 078527B9
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe[508] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 078527F1
.text C:\WINDOWS\system32\wdfmgr.exe[1356] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 008A28F5
.text C:\WINDOWS\system32\wdfmgr.exe[1356] WS2_32.dll!send 71AB4C27 5 Bytes JMP 008A2781
.text C:\WINDOWS\system32\wdfmgr.exe[1356] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 008A2873
.text C:\WINDOWS\system32\wdfmgr.exe[1356] WS2_32.dll!recv 71AB676F 5 Bytes JMP 008A27B9
.text C:\WINDOWS\system32\wdfmgr.exe[1356] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 008A27F1
.text C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe[2120] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 040328F5
.text C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe[2120] ws2_32.dll!send 71AB4C27 5 Bytes JMP 04032781
.text C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe[2120] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 04032873
.text C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe[2120] ws2_32.dll!recv 71AB676F 5 Bytes JMP 040327B9
.text C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe[2120] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 040327F1
.text C:\Program Files\iTunes\iTunesHelper.exe[2256] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E528F5
.text C:\Program Files\iTunes\iTunesHelper.exe[2256] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E52781
.text C:\Program Files\iTunes\iTunesHelper.exe[2256] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E52873
.text C:\Program Files\iTunes\iTunesHelper.exe[2256] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E527B9
.text C:\Program Files\iTunes\iTunesHelper.exe[2256] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E527F1
.text C:\Program Files\iPod\bin\iPodService.exe[2868] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B228F5
.text C:\Program Files\iPod\bin\iPodService.exe[2868] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B22781
.text C:\Program Files\iPod\bin\iPodService.exe[2868] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B22873
.text C:\Program Files\iPod\bin\iPodService.exe[2868] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B227B9
.text C:\Program Files\iPod\bin\iPodService.exe[2868] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B227F1
.text C:\WINDOWS\System32\alg.exe[3320] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B228F5
.text C:\WINDOWS\System32\alg.exe[3320] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B22781
.text C:\WINDOWS\System32\alg.exe[3320] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B22873
.text C:\WINDOWS\System32\alg.exe[3320] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B227B9
.text C:\WINDOWS\System32\alg.exe[3320] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B227F1

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\ACPI \Device\00000045 86C80478
Device \Driver\ACPI \Device\00000060 86C80478
Device \Driver\ACPI \Device\00000048 86C80478
Device \Driver\ACPI \Device\00000061 86C80478
Device \Driver\ACPI \Device\00000056 86C80478
Device \Driver\ACPI \Device\00000064 86C80478
Device \Driver\ACPI \Device\00000059 86C80478
Device \Driver\ACPI \Device\00000065 86C80478
Device \Driver\ACPI \Device\0000004c 86C80478
Device \Driver\ACPI \Device\0000004d 86C80478
Device \Driver\ACPI \Device\0000005a 86C80478
Device \Driver\ACPI \Device\0000004e 86C80478
Device \Driver\ACPI \Device\0000005b 86C80478
Device \Driver\ACPI \Device\0000005c 86C80478
Device \Driver\ACPI \Device\0000005e 86C80478

AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:456] 86D0B930

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\.application\bootstrap@ bootstrap.application.1

---- EOF - GMER 1.0.15 ----
slb5's Avatar
Computer Specs
Member with 69 posts.
  
Join Date: Oct 2007
Experience: Beginner
08-Feb-2010, 07:35 PM #7
And here is the HJT log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:33:40 PM, on 2/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://email.secureserver.net/login.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8942.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sage Service Host (v1.1) (Sage.LS1.ServiceHost.1.1) - Sage Software, Inc. - C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 6075 bytes
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 25,165 posts.
  
Join Date: Mar 2001
Location: Bradford, England
09-Feb-2010, 09:27 AM #8
Download Combofix from any of the links below and save it to your Desktop.

Link 1
Link 2
Link 3


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

Proud Member of ASAP, Alliance of Security Analysis Professionals
slb5's Avatar
Computer Specs
Member with 69 posts.
  
Join Date: Oct 2007
Experience: Beginner
09-Feb-2010, 12:42 PM #9
I ran the ComboFix with no problems. Here is the log:



ComboFix 10-02-08.09 - terri gregson 02/09/2010 8:31.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.616 [GMT -8:00]
Running from: c:\documents and settings\terri gregson\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\patch.exe
c:\windows\system\oeminfo.ini

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
.

2010-02-08 19:42 . 2010-02-08 19:42 293376 ----a-w- C:\o8kt6t2b.exe
2010-02-08 19:22 . 2010-02-08 19:22 -------- d-----w- c:\documents and settings\terri gregson\Application Data\Malwarebytes
2010-02-08 19:22 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-08 19:22 . 2010-02-08 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-08 19:22 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-08 19:22 . 2010-02-08 19:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-07 17:19 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-02-07 16:46 . 2010-02-07 16:46 -------- d-----w- c:\documents and settings\terri gregson\Application Data\ESET
2010-02-07 16:27 . 2010-02-07 16:27 -------- d-----w- c:\program files\ESET
2010-02-07 16:27 . 2010-02-07 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-01-13 00:48 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 17:13 . 2010-01-10 17:13 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-01-10 17:13 . 2010-01-10 17:13 -------- d-----w- c:\documents and settings\HelpAssistant\SCKB2005
2010-01-10 17:13 . 2010-01-10 17:13 -------- d-----w- c:\documents and settings\HelpAssistant\SCKB2004
2010-01-10 17:13 . 2010-01-10 17:13 -------- d-----w- c:\documents and settings\HelpAssistant\SCKB2003
2010-01-10 17:11 . 2010-02-08 19:12 -------- d-----w- c:\documents and settings\HelpAssistant

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 23:32 . 2001-12-19 22:59 -------- d-----w- c:\program files\Trend Micro
2010-02-07 18:15 . 2007-03-01 22:35 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-07 17:17 . 2009-03-27 16:05 117760 ----a-w- c:\documents and settings\terri gregson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-27 23:13 . 2008-12-19 16:47 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-10 17:29 . 2008-02-28 18:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-08 16:13 . 2010-01-08 16:13 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-01-04 16:41 . 2010-01-04 16:41 52224 ----a-w- c:\documents and settings\terri gregson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-21 19:14 . 2004-01-08 22:23 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2001-08-23 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-16 17:03 . 2009-11-16 17:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2005-11-10 00:50 . 2005-11-10 00:21 34412848 -c--a-w- c:\program files\iTunesSetup.exe
2005-07-18 15:12 . 2005-07-18 15:10 20798256 -c--a-w- c:\program files\AdbeRdr70_enu_full.exe
2005-07-18 15:10 . 2005-07-18 15:08 6811904 -c--a-w- c:\program files\psa2011se_us.exe
2005-07-18 15:08 . 2005-07-18 15:08 494704 -c--a-w- c:\program files\ytb01_efgsip.exe
2005-03-11 16:25 . 2005-03-11 16:25 534104 -c--a-w- c:\program files\psa2011_ytb01_DLM_enu_full.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-10 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"ZTgServerSwitch"="c:\program files\support.com\client\lserver\server.vbs" [2001-04-26 2220]
"WD Button Manager"="WDBtnMgr.exe" [2006-03-18 331776]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 77824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-29 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-08 16:07 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk
backup=c:\windows\pss\Forget Me Not.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=c:\windows\pss\GStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PrecisionTime.lnk
backup=c:\windows\pss\PrecisionTime.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Real-time Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Real-time Monitor.lnk
backup=c:\windows\pss\Real-time Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^terri gregson^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\terri gregson\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 20:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-27 00:18 413696 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 11:25 144784 -c--a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Trend Micro\\PC-cillin 2000\\WebTrapNT.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\MB7\\Programs\\mb7.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\terri gregson\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Sage\\LS1\\ServiceHost\\1.1\\Sage.LS1.ServiceHost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"2467:TCP"= 2467:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"4334:TCP"= 4334:TCP:Services
"6224:TCP"= 6224:TCP:Services
"3246:TCP"= 3246:TCP:Services

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11/16/2009 9:03 AM 108792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/26/2008 5:35 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/26/2008 5:35 PM 74480]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11/16/2009 9:04 AM 735960]
R2 Sage.LS1.ServiceHost.1.1;Sage Service Host (v1.1);c:\program files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe [12/16/2008 8:41 AM 106496]
R2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\drivers\SonyFKC.sys [12/14/2001 12:53 PM 12032]
R2 V7;V7;c:\windows\system32\drivers\V7.SYS [2/24/2005 6:10 PM 7196]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
S2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [5/20/2005 7:54 AM 112835]
S3 aligp;USB Composite Device;c:\windows\system32\drivers\AliGP.sys [5/20/2005 7:54 AM 8656]
S3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [5/20/2005 7:54 AM 5325]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [12/14/2001 4:55 PM 54271]
S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [12/14/2001 11:26 AM 593000]
.
.
------- Supplementary Scan -------
.
uStart Page = https://email.secureserver.net/login.php
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
FF - ProfilePath - c:\documents and settings\terri gregson\Application Data\Mozilla\Firefox\Profiles\23tdebwt.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ControlCenter2 - c:\program files\Brother\ControlCenter2\brctrcen.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 08:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x86E976E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7852f28
\Driver\ACPI -> 0x86e976e8
\Driver\atapi -> atapi.sys @ 0xf7737852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> 0x86c14690
PacketIndicateHandler -> NDIS.sys @ 0xf7650a21
SendHandler -> NDIS.sys @ 0xf7644d44
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0DF937C1
malicious code @ sector 0x0DF937C4 !
PE file found in sector at 0x0DF937DA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-02-09 08:39:29
ComboFix-quarantined-files.txt 2010-02-09 16:39

Pre-Run: 4,477,718,528 bytes free
Post-Run: 4,448,034,816 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - F3CE8036349A616A9AB3ED4E184711A1
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 25,165 posts.
  
Join Date: Mar 2001
Location: Bradford, England
09-Feb-2010, 02:59 PM #10
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

Proud Member of ASAP, Alliance of Security Analysis Professionals
slb5's Avatar
Computer Specs
Member with 69 posts.
  
Join Date: Oct 2007
Experience: Beginner
09-Feb-2010, 03:32 PM #11
OTL.txt Log:



OTL logfile created on: 2/9/2010 11:19:07 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\terri gregson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,024.00 Mb Total Physical Memory | 460.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.94 Gb Total Space | 4.16 Gb Free Space | 27.83% Space Free | Partition Type: NTFS
Drive D: | 96.85 Gb Total Space | 76.08 Gb Free Space | 78.56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 7B9600FA
Current User Name: terri gregson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\terri gregson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe (Sage Software, Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - c:\Program Files\support.com\client\bin\tgcmd.exe (Support.com, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\terri gregson\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Sage.LS1.ServiceHost.1.1) Sage Service Host (v1.1) -- C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe (Sage Software, Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Norton AntiVirus Server) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100205.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100205.002\NAVENG.SYS (Symantec Corporation)
DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (ALIEHCD) -- C:\WINDOWS\system32\drivers\AliEhci.sys (ALi Corporation)
DRV - (aliroothub) -- C:\WINDOWS\system32\drivers\AliRtHub.sys (ALi Corporation)
DRV - (aligp) -- C:\WINDOWS\system32\drivers\AliGP.sys (ALi Corporation)
DRV - (NAVAPEL) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys (Symantec Corporation)
DRV - (NAVAP) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys (Symantec Corporation)
DRV - (SonyFKC) -- C:\WINDOWS\system32\drivers\SonyFKC.sys (Sony Corporation)
DRV - (PxHelp20) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (VERITAS Software, Inc.)
DRV - (SONYWBMS) Sony Memory Stick controller(WB) -- C:\WINDOWS\system32\drivers\SonyWBMS.sys (Sony Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SMBE) Sony MPEG2 Encoder Board (WDM) -- C:\WINDOWS\system32\drivers\Smbe.sys (Sony Corporation)
DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMDM.sys (BCM)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)
DRV - (nv4) -- C:\WINDOWS\system32\drivers\nv4.sys (NVIDIA Corporation)
DRV - (BCM42XX) Broadcom iLine10(tm) -- C:\WINDOWS\system32\drivers\bcm42xx5.sys (Broadcom Corporation)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (Windows (R) 2000 DDK provider)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (V7) -- C:\WINDOWS\system32\drivers\V7.SYS (IBM Corporation)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://email.secureserver.net/login.php
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/16 07:32:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/16 07:32:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/02/07 08:27:28 | 000,000,000 | ---D | M]

[2009/06/14 07:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terri gregson\Application Data\Mozilla\Extensions
[2009/06/14 07:28:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\terri gregson\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/02 08:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terri gregson\Application Data\Mozilla\Firefox\Profiles\23tdebwt.default\extensions
[2009/09/02 08:34:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\terri gregson\Application Data\Mozilla\Firefox\Profiles\23tdebwt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/09 08:37:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/16 07:30:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/05/23 07:12:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/07/19 08:23:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/11/19 09:13:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/19 07:51:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/06/16 07:30:51 | 000,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/06/16 07:30:51 | 000,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/06/16 07:30:53 | 000,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008/06/11 21:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/06/26 08:12:23 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/06/26 08:12:23 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/06/26 08:12:23 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/06/26 08:12:23 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/06/26 08:12:23 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/06/26 08:12:23 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/06/26 08:12:23 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/06/14 07:28:37 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/06/14 07:28:37 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/06/14 07:28:37 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/06/14 07:28:37 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/06/14 07:28:37 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/06/14 07:28:37 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/06/14 07:28:37 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2001/08/18 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [ZTgServerSwitch] c:\Program Files\support.com\client\lserver\Server.vbs ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 63.249.95.8 63.249.95.9
slb5's Avatar
Computer Specs
Member with 69 posts.
  
Join Date: Oct 2007
Experience: Beginner
09-Feb-2010, 03:33 PM #12
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\terri gregson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\terri gregson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/14 12:34:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/02/10 14:17:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/09 11:14:26 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\terri gregson\Desktop\OTL.exe
[2010/02/09 08:29:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/09 08:29:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/09 08:29:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/09 08:29:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/09 08:29:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/09 08:28:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/09 08:28:55 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/02/09 08:28:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/08 15:32:32 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\terri gregson\Desktop\HijackThisInstaller.exe
[2010/02/08 11:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\terri gregson\Application Data\Malwarebytes
[2010/02/08 11:22:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/08 11:22:02 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/08 11:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/08 11:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/08 11:20:57 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\terri gregson\Desktop\mbam-setup.exe
[2010/02/08 11:06:24 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\terri gregson\Desktop\TFC.exe
[2010/02/08 08:43:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\terri gregson\Recent
[2010/02/07 09:19:37 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/02/07 08:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\terri gregson\Application Data\ESET
[2010/02/07 08:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/07 08:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/02/07 08:02:37 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/01/12 16:48:18 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2006/02/18 03:00:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/11/09 16:21:34 | 034,412,848 | ---- | C] (Apple Computer, Inc. ) -- C:\Program Files\iTunesSetup.exe
[2005/07/18 07:10:06 | 020,798,256 | ---- | C] (Netopsystems AG ) -- C:\Program Files\AdbeRdr70_enu_full.exe
[2005/07/18 07:08:35 | 006,811,904 | ---- | C] (Adobe Systems, Inc. ) -- C:\Program Files\psa2011se_us.exe
[2005/05/11 07:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/03/11 08:25:37 | 000,534,104 | ---- | C] (Adobe Systems) -- C:\Program Files\psa2011_ytb01_DLM_enu_full.exe
[2001/12/14 12:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2001/12/14 12:38:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/02/09 11:14:26 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\terri gregson\Desktop\OTL.exe
[2010/02/09 11:14:12 | 000,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2010/02/09 08:39:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/09 08:37:15 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/09 08:30:03 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/09 08:24:37 | 003,852,379 | R--- | M] () -- C:\Documents and Settings\terri gregson\Desktop\ComboFix.exe
[2010/02/09 08:15:03 | 000,013,058 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/09 08:14:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/09 08:14:33 | 1073,319,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/08 16:23:39 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\terri gregson\NTUSER.DAT
[2010/02/08 16:23:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\terri gregson\ntuser.ini
[2010/02/08 16:23:22 | 004,826,290 | -H-- | M] () -- C:\Documents and Settings\terri gregson\Local Settings\Application Data\IconCache.db
[2010/02/08 15:32:57 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\terri gregson\Desktop\HijackThis.lnk
[2010/02/08 15:32:32 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\terri gregson\Desktop\HijackThisInstaller.exe
[2010/02/08 11:42:51 | 000,293,376 | ---- | M] () -- C:\o8kt6t2b.exe
[2010/02/08 11:41:10 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\terri gregson\Desktop\bsyl195b.exe
[2010/02/08 11:22:08 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/08 11:21:09 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\terri gregson\Desktop\mbam-setup.exe
[2010/02/08 11:06:24 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\terri gregson\Desktop\TFC.exe
[2010/02/08 08:01:58 | 000,000,599 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/08 08:01:58 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/01/31 11:00:24 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\terri gregson\Desktop\Windows Explorer.lnk
[2010/01/28 10:53:47 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\terri gregson\Desktop\will definitions.doc
[2010/01/27 15:13:35 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/15 16:09:32 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\terri gregson\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2010/02/09 08:30:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/09 08:30:00 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/09 08:29:06 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/09 08:29:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/09 08:29:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/09 08:29:06 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/09 08:29:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/09 08:24:30 | 003,852,379 | R--- | C] () -- C:\Documents and Settings\terri gregson\Desktop\ComboFix.exe
[2010/02/08 15:32:57 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\terri gregson\Desktop\HijackThis.lnk
[2010/02/08 11:42:51 | 000,293,376 | ---- | C] () -- C:\o8kt6t2b.exe
[2010/02/08 11:41:10 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\terri gregson\Desktop\bsyl195b.exe
[2010/02/08 11:22:08 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/08 08:03:00 | 1073,319,936 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/28 10:53:47 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\terri gregson\Desktop\will definitions.doc
[2010/01/10 09:58:39 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\terri gregson\Local Settings\Application Data\housecall.guid.cache
[2006/04/19 11:55:05 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2006/04/19 11:54:21 | 000,006,145 | ---- | C] () -- C:\WINDOWS\hplj1320.ini
[2006/04/12 12:43:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2005/11/10 10:13:00 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\mbRegDLL.dll
[2005/11/10 10:13:00 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\IMBsec.dll
[2005/11/10 10:13:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\d4dll.dll
[2005/11/10 10:13:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2005/11/10 10:12:59 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\Bcfont32.dll
[2005/10/02 15:26:15 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\terri gregson\Local Settings\Application Data\fusioncache.dat
[2005/07/18 07:08:31 | 000,494,704 | ---- | C] () -- C:\Program Files\ytb01_efgsip.exe
[2005/06/07 06:50:44 | 000,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2005/06/07 06:50:44 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2005/05/31 14:28:45 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2005/05/31 14:28:45 | 000,000,211 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2005/05/31 14:28:45 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2005/05/31 14:28:45 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2005/05/31 14:28:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2005/03/06 16:07:53 | 000,000,156 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/02/25 10:29:15 | 000,000,313 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2005/02/25 08:00:46 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\cdintf.dll
[2005/02/24 18:51:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/24 18:10:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/02/24 18:10:42 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\macrovsn.dll
[2005/02/24 18:10:42 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\MMDVDROM.dll
[2005/02/24 17:59:49 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\terri gregson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/07/30 10:33:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/12/14 15:02:55 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
[2001/12/14 14:46:01 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2001/12/14 14:44:06 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2001/12/14 14:44:05 | 000,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2001/12/14 14:35:03 | 000,000,165 | ---- | C] () -- C:\WINDOWS\photoprn.ini
[2001/12/14 13:14:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/12/14 12:45:42 | 000,000,804 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/12/14 11:26:24 | 000,000,608 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/12/04 20:22:50 | 000,002,101 | ---- | C] () -- C:\WINDOWS\Pcc2KNT.ini
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== LOP Check ==========

[2010/02/07 08:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2006/10/20 08:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OKR
[2009/03/17 14:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2009/09/01 08:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
[2009/06/26 08:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/09/30 13:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terri gregson\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/07 08:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terri gregson\Application Data\ESET
[2001/12/14 14:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terri gregson\Application Data\InterTrust
[2006/08/05 13:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terri gregson\Application Data\Leadertech
[2009/07/16 07:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terri gregson\Application Data\Opera
[2008/09/26 13:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terri gregson\Application Data\ScanSoft
[2007/10/10 07:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terri gregson\Application Data\Webshots

========== Purity Check ==========


< End of report >
slb5's Avatar
Computer Specs
Member with 69 posts.
  
Join Date: Oct 2007
Experience: Beginner
09-Feb-2010, 03:34 PM #13
OTL Extras.txt




OTL Extras logfile created on: 2/9/2010 11:19:08 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\terri gregson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,024.00 Mb Total Physical Memory | 460.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.94 Gb Total Space | 4.16 Gb Free Space | 27.83% Space Free | Partition Type: NTFS
Drive D: | 96.85 Gb Total Space | 76.08 Gb Free Space | 78.56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 7B9600FA
Current User Name: terri gregson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"2467:TCP" = 2467:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"4334:TCP" = 4334:TCP:*:Enabled:Services
"6224:TCP" = 6224:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"2467:TCP" = 2467:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"4334:TCP" = 4334:TCP:*:Enabled:Services
"6224:TCP" = 6224:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe" = C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe:*isabled:WebTrap -- (Trend Micro Inc.)
"C:\Program Files\support.com\client\bin\tgcmd.exe" = C:\Program Files\support.com\client\bin\tgcmd.exe:*isabled:tgcmd Module -- (Support.com, Inc.)
"C:\MB7\Programs\mb7.exe" = C:\MB7\Programs\mb7.exe:*:Enabled:mb7 -- (Sage Software, Inc.)
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\terri gregson\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\terri gregson\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\octosh...bled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe" = C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe:*:Enabled:Sage Service Host (v1.1) -- (Sage Software, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{21CF3E6E-1659-433E-B6CE-165D793560DA}" = VAIO Grid Wallpaper
"{234A85E2-5317-44ED-8FB2-91DBB4BE17BF}" = Sage Master Builder API
"{2FAF5A9F-7EDE-4F1A-B082-C95A9F420630}" = Media Bar 3.2.12
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.2
"{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}" = VAIO Action Setup
"{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK
"{48BE827A-2D06-4804-90C3-4F2F8460F9D4}" = Support Actions Win2K,WinXP
"{59C72A68-708E-11D6-8123-000102408BEC}" = Sage Master Builder
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{6060E6A1-5342-4D2B-8F66-B6D6E20BBD03}" = VAIO Help & Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony DV Shared Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DF804A8-2CC2-4D22-A958-4534F6EC3C76}" = VAIO Registration
"{70A3C348-D02E-4641-9E74-0BAAA9B7A910}" = Intuit Master Builder Entitlement Client
"{802EF464-4992-42B3-8434-45151AD3C933}" = VAIO Serenus Wallpaper
"{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}" = ALi USB2.0 Driver
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{A228A09C-4826-42E0-A3D8-95B2BAAB5049}" = OpenMG Secure Module 3.0.01
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4356797-C122-4442-83F2-A32DBD7B71AF}" = Sage Master Builder
"{A839294B-70A9-11D5-9F5A-0050DAD742CD}" = PC-cillin 2000
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACEC9C3E-0100-4EBE-B298-35A2145828A0}" = VAIO Brezza Wallpaper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{E2069DE3-5924-4766-A385-CDA273885A31}" = DigitalPrint 1.1
"{E535DC62-56D6-11D5-8AE3-00105A7276CD}" = SonicStage 1.1.00
"{F3CB4DC0-4FC0-11D5-9254-0000F460E7A9}" = SonicStage CD-R Writing Module
"{F854647B-35E4-40DB-9F6B-D5F2ABCFCAE0}" = Sage Master Builder Licensing 1.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"DVD Express A/V Pak" = DVDExpress
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{70A3C348-D02E-4641-9E74-0BAAA9B7A910}" = Intuit Master Builder Entitlement Client
"LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Motion JPEG Software Decoder" = Motion JPEG Software Decoder
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Quicken 2002 New User Edition" = Quicken 2002 New User Edition
"VAIO Support" = VAIO Support
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2010 5:14:18 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\2d2d5e75.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 2/7/2010 5:14:18 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\2d2d5e75.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 2/7/2010 5:14:18 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\6615d31e.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 2/7/2010 5:14:18 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\6615d31e.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 2/7/2010 5:14:18 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\aec5fc6.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 2/7/2010 5:14:18 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\aec5fc6.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 2/7/2010 5:14:18 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\2400fd5c.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 2/7/2010 5:14:18 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\2400fd5c.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 2/7/2010 5:14:19 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\2400fd97.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 2/7/2010 5:14:19 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\2400fd97.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

[ System Events ]
Error - 2/8/2010 3:08:23 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/8/2010 3:08:23 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7034
Description = The DefWatch service terminated unexpectedly. It has done this 1
time(s).

Error - 2/8/2010 3:08:23 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/8/2010 3:08:23 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7031
Description = The Sage Service Host (v1.1) service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 2/8/2010 3:08:23 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 2/9/2010 12:14:55 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7000
Description = The ALi PCI to USB Enhanced Host Controller service failed to start
due to the following error: %%1058

Error - 2/9/2010 12:30:51 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7031
Description = The Sage Service Host (v1.1) service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 2/9/2010 12:32:24 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7031
Description = The Sage Service Host (v1.1) service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 2/9/2010 12:34:07 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7031
Description = The Sage Service Host (v1.1) service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 2/9/2010 12:35:30 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7031
Description = The Sage Service Host (v1.1) service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.


< End of report >
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 25,165 posts.
  
Join Date: Mar 2001
Location: Bradford, England
10-Feb-2010, 03:31 PM #14
Okay, can you scan these files for me:
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • C:\WINDOWS\System32\mbRegDLL.dll
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


Also, do the same for these:

C:\WINDOWS\System32\macrovsn.dll
C:\WINDOWS\System32\MMDVDROM.dll


Plus, do you know what this is:

C:\Documents and Settings\terri gregson\Desktop\bsyl195b.exe

if you're not sure, can you scan that one as well

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

Proud Member of ASAP, Alliance of Security Analysis Professionals
slb5's Avatar
Computer Specs
Member with 69 posts.
  
Join Date: Oct 2007
Experience: Beginner
10-Feb-2010, 03:50 PM #15
Update: looking at my desktop I see that the icon for the GMER scanner I downloaded yesterday is labeled bsyl195b


The last file I scanned found something...the file is C:\Documents and Settings\terri gregson\Desktop\bsyl195b.exe



The first file C:\WINDOWS\System32\mbRegDLL.dll scan found nothing....

VirSCAN.org Scanned Report :
Scanned time : 2010/02/10 11:44:16 (PST)
Scanner results: Scanners did not find malware!
File Name : mbRegDLL.dll
File Size : 753664 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 773cda5166b2495816f21f3892de4b6a
SHA1 : 0fd614585df99ff74d5c2bf22f198a926e47c018
Online report : http://virscan.org/report/80a8f46e9c...4fc231649.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100210230750 2010-02-10 4.88 -
AhnLab V3 2010.02.10.00 2010.02.10 2010-02-10 1.09 -
AntiVir 8.2.1.160 7.10.4.23 2010-02-10 0.29 -
Antiy 2.0.18 20100201.3785967 2010-02-01 0.12 -
Arcavir 2009 201002100223 2010-02-10 0.07 -
Authentium 5.1.1 201002101725 2010-02-10 2.30 -
AVAST! 4.7.4 100210-0 2010-02-10 0.07 -
AVG 8.5.720 271.1.1/2660 2010-02-01 5.18 -
BitDefender 7.81008.5034923 7.30317 2010-02-11 5.16 -
ClamAV 0.95.3 10374 2010-02-10 0.13 -
Comodo 3.13.579 3409 2010-02-10 0.97 -
CP Secure 1.3.0.5 2010.02.10 2010-02-10 0.11 -
Dr.Web 5.0.1.12222 2010.02.11 2010-02-11 5.24 -
F-Prot 4.4.4.56 20100209 2010-02-09 2.20 -
F-Secure 7.02.73807 2010.02.10.14 2010-02-10 9.88 -
Fortinet 11.481- 11.481 2010-02-10 0.30 -
GData 19.10428/19.743 20100210 2010-02-10 6.22 -
ViRobot 20100210 2010.02.10 2010-02-10 0.42 -
Ikarus T3.1.01.80 2010.02.10.75155 2010-02-10 4.72 -
JiangMin 13.0.900 2010.02.08 2010-02-08 8.99 -
Kaspersky 5.5.10 2010.02.10 2010-02-10 0.12 -
KingSoft 2009.2.5.15 2010.2.10.18 2010-02-10 0.69 -
McAfee 5.3.00 5888 2010-02-10 3.55 -
Microsoft 1.5406 2010.02.10 2010-02-10 6.62 -
Norman 6.01.09 6.01.00 2010-02-10 2.00 -
Panda 9.05.01 2010.02.09 2010-02-09 2.13 -
Trend Micro 9.120-1004 6.838.08 2010-02-10 0.04 -
Quick Heal 10.00 2010.02.10 2010-02-10 1.80 -
Rising 20.0 22.34.01.02 2010-02-09 1.09 -
Sophos 3.04.1 4.50 2010-02-11 3.15 -
Sunbelt 3.9.2398.2 5668 2010-02-09 2.96 -
Symantec 1.3.0.24 20100201.009 2010-02-01 0.00 -
nProtect 20100210.02 7196772 2010-02-10 5.18 -
The Hacker 6.5.1.1 v00187 2010-02-10 0.46 -
VBA32 3.12.12.2 20100209.2126 2010-02-09 2.63 -
VirusBuster 4.5.11.10 10.119.49/2031139 2010-02-11 2.57 -


On to the next file....


VirSCAN.org Scanned Report :
Scanned time : 2010/02/10 11:50:53 (PST)
Scanner results: Scanners did not find malware!
File Name : macrovsn.dll
File Size : 67584 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 2ae9e1322d0d85d2f94bf919ac6d58ae
SHA1 : 0c462d5d78952859df8b6e3246783df39341e3d3
Online report : http://virscan.org/report/891a2c2b7f...311fd064a.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100210230750 2010-02-10 4.23 -
AhnLab V3 2010.02.10.00 2010.02.10 2010-02-10 1.03 -
AntiVir 8.2.1.160 7.10.4.23 2010-02-10 0.42 -
Antiy 2.0.18 20100201.3785967 2010-02-01 0.12 -
Arcavir 2009 201002100223 2010-02-10 0.04 -
Authentium 5.1.1 201002101725 2010-02-10 1.34 -
AVAST! 4.7.4 100210-0 2010-02-10 0.01 -
AVG 8.5.720 271.1.1/2660 2010-02-01 5.17 -
BitDefender 7.81008.5034923 7.30317 2010-02-11 5.16 -
ClamAV 0.95.3 10374 2010-02-10 0.02 -
Comodo 3.13.579 3409 2010-02-10 2.68 -
CP Secure 1.3.0.5 2010.02.10 2010-02-10 0.06 -
Dr.Web 5.0.1.12222 2010.02.11 2010-02-11 5.28 -
F-Prot 4.4.4.56 20100209 2010-02-09 1.33 -
F-Secure 7.02.73807 2010.02.10.14 2010-02-10 0.15 -
Fortinet 11.481- 11.481 2010-02-10 0.34 -
GData 19.10428/19.743 20100210 2010-02-10 6.02 -
ViRobot 20100210 2010.02.10 2010-02-10 0.41 -
Ikarus T3.1.01.80 2010.02.10.75155 2010-02-10 4.53 -
JiangMin 13.0.900 2010.02.08 2010-02-08 4.69 -
Kaspersky 5.5.10 2010.02.10 2010-02-10 0.11 -
KingSoft 2009.2.5.15 2010.2.10.18 2010-02-10 2.89 -
McAfee 5.3.00 5888 2010-02-10 3.50 -
Microsoft 1.5406 2010.02.10 2010-02-10 7.58 -
Norman 6.01.09 6.01.00 2010-02-10 4.01 -
Panda 9.05.01 2010.02.09 2010-02-09 2.89 -
Trend Micro 9.120-1004 6.838.08 2010-02-10 0.03 -
Quick Heal 10.00 2010.02.10 2010-02-10 1.36 -
Rising 20.0 22.34.01.02 2010-02-09 1.07 -
Sophos 3.04.1 4.50 2010-02-11 3.15 -
Sunbelt 3.9.2398.2 5668 2010-02-09 2.80 -
Symantec 1.3.0.24 20100201.009 2010-02-01 0.00 -
nProtect 20100210.02 7196772 2010-02-10 4.28 -
The Hacker 6.5.1.1 v00187 2010-02-10 0.37 -
VBA32 3.12.12.2 20100209.2126 2010-02-09 2.51 -
VirusBuster 4.5.11.10 10.119.49/2031139 2010-02-11 2.37 -


Next file:

VirSCAN.org Scanned Report :
Scanned time : 2010/02/10 11:55:04 (PST)
Scanner results: Scanners did not find malware!
File Name : MMDVDROM.dll
File Size : 17920 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 855d1380bb7509f1728d183e442f05cd
SHA1 : fdb364381d69ec942ce488c7dfd0b1dfe024ca76
Online report : http://virscan.org/report/6b70b785d1...de6c889a8.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100210230750 2010-02-10 4.28 -
AhnLab V3 2010.02.10.00 2010.02.10 2010-02-10 1.01 -
AntiVir 8.2.1.160 7.10.4.23 2010-02-10 0.41 -
Antiy 2.0.18 20100201.3785967 2010-02-01 0.12 -
Arcavir 2009 201002100223 2010-02-10 0.03 -
Authentium 5.1.1 201002101725 2010-02-10 1.35 -
AVAST! 4.7.4 100210-0 2010-02-10 0.01 -
AVG 8.5.720 271.1.1/2660 2010-02-01 5.18 -
BitDefender 7.81008.5034923 7.30317 2010-02-11 5.14 -
ClamAV 0.95.3 10374 2010-02-10 0.01 -
Comodo 3.13.579 3409 2010-02-10 0.95 -
CP Secure 1.3.0.5 2010.02.10 2010-02-10 0.04 -
Dr.Web 5.0.1.12222 2010.02.11 2010-02-11 5.19 -
F-Prot 4.4.4.56 20100209 2010-02-09 1.28 -
F-Secure 7.02.73807 2010.02.10.14 2010-02-10 0.15 -
Fortinet 11.481- 11.481 2010-02-10 0.20 -
GData 19.10428/19.743 20100210 2010-02-10 6.20 -
ViRobot 20100210 2010.02.10 2010-02-10 0.43 -
Ikarus T3.1.01.80 2010.02.10.75155 2010-02-10 4.47 -
JiangMin 13.0.900 2010.02.08 2010-02-08 4.67 -
Kaspersky 5.5.10 2010.02.10 2010-02-10 0.11 -
KingSoft 2009.2.5.15 2010.2.10.18 2010-02-10 0.56 -
McAfee 5.3.00 5888 2010-02-10 3.53 -
Microsoft 1.5406 2010.02.10 2010-02-10 6.63 -
Norman 6.01.09 6.01.00 2010-02-10 4.00 -
Panda 9.05.01 2010.02.09 2010-02-09 1.99 -
Trend Micro 9.120-1004 6.838.08 2010-02-10 0.03 -
Quick Heal 10.00 2010.02.10 2010-02-10 1.33 -
Rising 20.0 22.34.01.02 2010-02-09 1.10 -
Sophos 3.04.1 4.50 2010-02-11 3.15 -
Sunbelt 3.9.2398.2 5668 2010-02-09 2.68 -
Symantec 1.3.0.24 20100201.009 2010-02-01 0.00 -
nProtect 20100210.02 7196772 2010-02-10 4.31 -
The Hacker 6.5.1.1 v00187 2010-02-10 0.37 -
VBA32 3.12.12.2 20100209.2126 2010-02-09 2.52 -
VirusBuster 4.5.11.10 10.119.49/2031139 2010-02-11 2.37 -


Last file with something found:

VirSCAN.org Scanned Report :
Scanned time : 2010/01/31 08:50:49 (PST)
Scanner results: 6% Scanner(s) (2/36) found malware!
File Name : jex8c7uf.exe
File Size : 293376 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : f80f6e09e7f4bafe478ca0da6137e1e2
SHA1 : 719082766cf4f60c8bdaa2b2c9f6967ecbcf8722
Online report : http://virscan.org/report/ae654b816f...d13bdfc44.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100130020216 2010-01-30 5.59 -
AhnLab V3 2010.01.31.01 2010.01.31 2010-01-31 1.07 -
AntiVir 8.2.1.154 7.10.3.139 2010-01-29 0.29 -
Antiy 2.0.18 20100126.3756239 2010-01-26 0.12 -
Arcavir 2009 201001300945 2010-01-30 0.24 -
Authentium 5.1.1 201001301405 2010-01-30 3.00 -
AVAST! 4.7.4 100131-0 2010-01-31 0.08 -
AVG 8.5.720 271.1.1/2659 2010-01-31 1.79 -
BitDefender 7.81008.4940941 7.30145 2010-01-31 5.09 -
ClamAV 0.95.3 10344 2010-01-30 0.18 -
Comodo 3.13.579 3409 2010-01-31 0.89 -
CP Secure 1.3.0.5 2010.01.31 2010-01-31 0.18 -
Dr.Web 5.0.1.12222 2010.01.31 2010-01-31 5.26 -
F-Prot 4.4.4.56 20100130 2010-01-30 3.17 -
F-Secure 7.02.73807 2010.01.31.01 2010-01-31 11.38 -
Fortinet 11.441- 11.441 2010-01-31 0.39 Suspicious
GData 19.10232/19.716 20100131 2010-01-31 6.31 -
ViRobot 20100130 2010.01.30 2010-01-30 0.41 -
Ikarus T3.1.01.80 2010.01.31.75079 2010-01-31 6.75 -
JiangMin 13.0.900 2010.01.27 2010-01-27 5.06 -
Kaspersky 5.5.10 2010.01.31 2010-01-31 0.33 -
KingSoft 2009.2.5.15 2010.1.31.21 2010-01-31 0.69 -
McAfee 5.3.00 5878 2010-01-31 4.21 -
Microsoft 1.5406 2010.01.31 2010-01-31 7.27 -
Norman 6.01.09 6.01.00 2010-01-16 4.01 -
Panda 9.05.01 2010.01.31 2010-01-31 3.51 -
Trend Micro 9.120-1004 6.814.06 2010-01-31 0.10 -
Quick Heal 10.00 2010.01.30 2010-01-30 1.42 -
Rising 20.0 22.32.06.04 2010-01-31 1.64 -
Sophos 3.04.1 4.50 2010-01-31 3.10 -
Sunbelt 3.9.2396.2 5648 2010-01-30 3.94 -
Symantec 1.3.0.24 20100131.003 2010-01-31 0.14 -
nProtect 20100131.01 7067168 2010-01-31 4.85 -
The Hacker 6.5.1.0 v00174 2010-01-31 0.46 -
VBA32 3.12.12.1 20100129.0902 2010-01-29 3.02 Win32 Shadow Driver Install (suspicious)
VirusBuster 4.5.11.10 10.119.30/2017585 2010-01-30 3.70 -
Last edited by slb5; 10-Feb-2010 at 04:16 PM.. Reason: Update
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 4 1 234

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 10:15 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.