1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Keylogger/Trojan Win32/sinowal.gen!R

Discussion in 'Virus & Other Malware Removal' started by slb5, Feb 7, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. slb5

    slb5 Thread Starter

    Joined:
    Oct 13, 2007
    Messages:
    69
    My PC is running XP with SP3 and I am using Firefox. My browser has been hacked.

    I have a keylogger trojan named:

    Win32/sinowal.gen!R
    and
    Win32/sinowal.gen!S

    I found out I had something on my computer when I tried to log onto my bank's website (Chase dot com) and was redirected to a page for me to put in all my account details. I didn't give them any details but I know there is something on my computer from running Widows Live Care One safety scan. It found what it called a keylogger trojan and said it cleaned it, but it didn't.

    I ran Superantispyware and Trend Micro Housecall and they didn't find anything.
    Also, when I tried to search for Kaspersky anti-virus program I am redirected to a fake page.

    Any help with this will be greatly appreciated.
    Thank you.
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    34,315
    Hiya

    Firstly, I would change your bank log in details as soon as you can, on another computer that is not connected to this one.

    Then, can you do the following:

    Download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    ---

    Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
    • Click on this link to see a list of programs that should be disabled.
    • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
    • Allow the driver to load if asked.
    • You may be prompted to scan immediately if it detects rootkit activity.
    • If you are prompted to scan your system click "No", save the log and post back the results.
    • If not prompted, click the "Rootkit/Malware" tab.
    • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
    • Select all drives that are connected to your system to be scanned.
    • Click the Scan button to begin. (Please be patient as it can take some time to complete)
    • When the scan is finished, click Save to save the scan results to your Desktop.
    • Save the file as Results.log and copy/paste the contents in your next reply.
    • Exit the program and re-enable all active protection when done.

    ---

    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

    -----
    Please include the MBAM log, SAS log, Results.log and a fresh HijackThis log in your next reply

    Regards

    eddie
     
  3. slb5

    slb5 Thread Starter

    Joined:
    Oct 13, 2007
    Messages:
    69
    Ok, thanks for you help. I am going to start now but wanted to mention that before I got your reply tried to install ESET nod32 and it didn't install properly and won't update or scan. Now I can't remove that as the uninstall isn't working. Can you help with the unistall of this and should I wait to do that before the other download and logs?
    Thanks.
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    34,315
    The malware that you have installed may be blocking the use of anti-spyware programs, such as eset. Leave it for now, it won't cause any problems.

    In the meantime, can you do the above still, but if any of the programs won't install/run, let me know and we'll do something else :)
     
  5. slb5

    slb5 Thread Starter

    Joined:
    Oct 13, 2007
    Messages:
    69
    Downloaded and ran TFC and cleaned all temp files.

    Downloaded and ran Malwarebytes...... it didn't find anything. I am posting the log and continuing with GMER to download and post log.


    Malwarebytes' Anti-Malware 1.44
    Database version: 3709
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2/8/2010 11:31:21 AM
    mbam-log-2010-02-08 (11-31-21).txt

    Scan type: Quick Scan
    Objects scanned: 133908
    Time elapsed: 7 minute(s), 5 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  6. slb5

    slb5 Thread Starter

    Joined:
    Oct 13, 2007
    Messages:
    69
    Had to run GMER twice as it had stopped the first time for some reason..... it takes a very long time to scan complete.
    Here is the log from GMER and HJT to follow.


    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-02-08 15:24:55
    Windows 5.1.2600 Service Pack 3
    Running: o8kt6t2b.exe; Driver: C:\DOCUME~1\TERRIG~1\LOCALS~1\Temp\fxtyapow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 86D0D8A0 ZwAssignProcessToJobObject
    SSDT 86D0CCB0 ZwOpenProcess
    SSDT 86D0D0D0 ZwOpenThread
    SSDT 86D0D6D0 ZwSuspendProcess
    SSDT 86D0D4F0 ZwSuspendThread
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF51DA0B0]
    SSDT 86D0D310 ZwTerminateThread

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_abnormal_termination + 451 804E2AAD 7 Bytes [A0, 1D, F5, 10, D3, D0, 86]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[124] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 015A28F5
    .text C:\WINDOWS\Explorer.EXE[124] WS2_32.dll!send 71AB4C27 5 Bytes JMP 015A2781
    .text C:\WINDOWS\Explorer.EXE[124] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 015A2873
    .text C:\WINDOWS\Explorer.EXE[124] WS2_32.dll!recv 71AB676F 5 Bytes JMP 015A27B9
    .text C:\WINDOWS\Explorer.EXE[124] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 015A27F1
    .text c:\progra~1\Support.com\client\bin\tgcmd.exe[192] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E828F5
    .text c:\progra~1\Support.com\client\bin\tgcmd.exe[192] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E82781
    .text c:\progra~1\Support.com\client\bin\tgcmd.exe[192] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E82873
    .text c:\progra~1\Support.com\client\bin\tgcmd.exe[192] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E827B9
    .text c:\progra~1\Support.com\client\bin\tgcmd.exe[192] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E827F1
    .text C:\Program Files\Bonjour\mDNSResponder.exe[316] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 007D28F5
    .text C:\Program Files\Bonjour\mDNSResponder.exe[316] WS2_32.dll!send 71AB4C27 5 Bytes JMP 007D2781
    .text C:\Program Files\Bonjour\mDNSResponder.exe[316] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 007D2873
    .text C:\Program Files\Bonjour\mDNSResponder.exe[316] WS2_32.dll!recv 71AB676F 5 Bytes JMP 007D27B9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[316] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 007D27F1
    .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[400] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
    .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[400] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 04F028F5
    .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[400] WS2_32.dll!send 71AB4C27 5 Bytes JMP 04F02781
    .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[400] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 04F02873
    .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[400] WS2_32.dll!recv 71AB676F 5 Bytes JMP 04F027B9
    .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[400] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 04F027F1
    .text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe[508] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 078528F5
    .text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe[508] WS2_32.dll!send 71AB4C27 5 Bytes JMP 07852781
    .text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe[508] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 07852873
    .text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe[508] WS2_32.dll!recv 71AB676F 5 Bytes JMP 078527B9
    .text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe[508] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 078527F1
    .text C:\WINDOWS\system32\wdfmgr.exe[1356] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 008A28F5
    .text C:\WINDOWS\system32\wdfmgr.exe[1356] WS2_32.dll!send 71AB4C27 5 Bytes JMP 008A2781
    .text C:\WINDOWS\system32\wdfmgr.exe[1356] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 008A2873
    .text C:\WINDOWS\system32\wdfmgr.exe[1356] WS2_32.dll!recv 71AB676F 5 Bytes JMP 008A27B9
    .text C:\WINDOWS\system32\wdfmgr.exe[1356] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 008A27F1
    .text C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe[2120] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 040328F5
    .text C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe[2120] ws2_32.dll!send 71AB4C27 5 Bytes JMP 04032781
    .text C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe[2120] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 04032873
    .text C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe[2120] ws2_32.dll!recv 71AB676F 5 Bytes JMP 040327B9
    .text C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe[2120] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 040327F1
    .text C:\Program Files\iTunes\iTunesHelper.exe[2256] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E528F5
    .text C:\Program Files\iTunes\iTunesHelper.exe[2256] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E52781
    .text C:\Program Files\iTunes\iTunesHelper.exe[2256] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E52873
    .text C:\Program Files\iTunes\iTunesHelper.exe[2256] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E527B9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2256] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E527F1
    .text C:\Program Files\iPod\bin\iPodService.exe[2868] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B228F5
    .text C:\Program Files\iPod\bin\iPodService.exe[2868] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B22781
    .text C:\Program Files\iPod\bin\iPodService.exe[2868] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B22873
    .text C:\Program Files\iPod\bin\iPodService.exe[2868] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B227B9
    .text C:\Program Files\iPod\bin\iPodService.exe[2868] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B227F1
    .text C:\WINDOWS\System32\alg.exe[3320] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B228F5
    .text C:\WINDOWS\System32\alg.exe[3320] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B22781
    .text C:\WINDOWS\System32\alg.exe[3320] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B22873
    .text C:\WINDOWS\System32\alg.exe[3320] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B227B9
    .text C:\WINDOWS\System32\alg.exe[3320] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B227F1

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

    Device \Driver\ACPI \Device\00000045 86C80478
    Device \Driver\ACPI \Device\00000060 86C80478
    Device \Driver\ACPI \Device\00000048 86C80478
    Device \Driver\ACPI \Device\00000061 86C80478
    Device \Driver\ACPI \Device\00000056 86C80478
    Device \Driver\ACPI \Device\00000064 86C80478
    Device \Driver\ACPI \Device\00000059 86C80478
    Device \Driver\ACPI \Device\00000065 86C80478
    Device \Driver\ACPI \Device\0000004c 86C80478
    Device \Driver\ACPI \Device\0000004d 86C80478
    Device \Driver\ACPI \Device\0000005a 86C80478
    Device \Driver\ACPI \Device\0000004e 86C80478
    Device \Driver\ACPI \Device\0000005b 86C80478
    Device \Driver\ACPI \Device\0000005c 86C80478
    Device \Driver\ACPI \Device\0000005e 86C80478

    AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:456] 86D0B930

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\.application\[email protected] bootstrap.application.1

    ---- EOF - GMER 1.0.15 ----
     
  7. slb5

    slb5 Thread Starter

    Joined:
    Oct 13, 2007
    Messages:
    69
    And here is the HJT log.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:33:40 PM, on 2/8/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe
    C:\WINDOWS\System32\WScript.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\progra~1\Support.com\client\bin\tgcmd.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://email.secureserver.net/login.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Sage Service Host (v1.1) (Sage.LS1.ServiceHost.1.1) - Sage Software, Inc. - C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

    --
    End of file - 6075 bytes
     
  8. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    34,315
    Download Combofix from any of the links below and save it to your Desktop.

    Link 1
    Link 2
    Link 3



    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    eddie
     
  9. slb5

    slb5 Thread Starter

    Joined:
    Oct 13, 2007
    Messages:
    69
    I ran the ComboFix with no problems. Here is the log:



    ComboFix 10-02-08.09 - terri gregson 02/09/2010 8:31.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.616 [GMT -8:00]
    Running from: c:\documents and settings\terri gregson\Desktop\ComboFix.exe
    AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\patch.exe
    c:\windows\system\oeminfo.ini

    .
    original MBR restored successfully !
    .
    ((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
    .

    2010-02-08 19:42 . 2010-02-08 19:42 293376 ----a-w- C:\o8kt6t2b.exe
    2010-02-08 19:22 . 2010-02-08 19:22 -------- d-----w- c:\documents and settings\terri gregson\Application Data\Malwarebytes
    2010-02-08 19:22 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-08 19:22 . 2010-02-08 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-02-08 19:22 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-08 19:22 . 2010-02-08 19:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-07 17:19 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2010-02-07 16:46 . 2010-02-07 16:46 -------- d-----w- c:\documents and settings\terri gregson\Application Data\ESET
    2010-02-07 16:27 . 2010-02-07 16:27 -------- d-----w- c:\program files\ESET
    2010-02-07 16:27 . 2010-02-07 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
    2010-01-13 00:48 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-01-10 17:13 . 2010-01-10 17:13 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
    2010-01-10 17:13 . 2010-01-10 17:13 -------- d-----w- c:\documents and settings\HelpAssistant\SCKB2005
    2010-01-10 17:13 . 2010-01-10 17:13 -------- d-----w- c:\documents and settings\HelpAssistant\SCKB2004
    2010-01-10 17:13 . 2010-01-10 17:13 -------- d-----w- c:\documents and settings\HelpAssistant\SCKB2003
    2010-01-10 17:11 . 2010-02-08 19:12 -------- d-----w- c:\documents and settings\HelpAssistant

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-08 23:32 . 2001-12-19 22:59 -------- d-----w- c:\program files\Trend Micro
    2010-02-07 18:15 . 2007-03-01 22:35 -------- d-----w- c:\program files\Windows Live Safety Center
    2010-02-07 17:17 . 2009-03-27 16:05 117760 ----a-w- c:\documents and settings\terri gregson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-01-27 23:13 . 2008-12-19 16:47 1744 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-01-10 17:29 . 2008-02-28 18:52 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-01-08 16:13 . 2010-01-08 16:13 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
    2010-01-04 16:41 . 2010-01-04 16:41 52224 ----a-w- c:\documents and settings\terri gregson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2009-12-21 19:14 . 2004-01-08 22:23 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-11-21 15:51 . 2001-08-23 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
    2009-11-16 17:03 . 2009-11-16 17:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
    2005-11-10 00:50 . 2005-11-10 00:21 34412848 -c--a-w- c:\program files\iTunesSetup.exe
    2005-07-18 15:12 . 2005-07-18 15:10 20798256 -c--a-w- c:\program files\AdbeRdr70_enu_full.exe
    2005-07-18 15:10 . 2005-07-18 15:08 6811904 -c--a-w- c:\program files\psa2011se_us.exe
    2005-07-18 15:08 . 2005-07-18 15:08 494704 -c--a-w- c:\program files\ytb01_efgsip.exe
    2005-03-11 16:25 . 2005-03-11 16:25 534104 -c--a-w- c:\program files\psa2011_ytb01_DLM_enu_full.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-10 2002160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="NvQTwk" [X]
    "ZTgServerSwitch"="c:\program files\support.com\client\lserver\server.vbs" [2001-04-26 2220]
    "WD Button Manager"="WDBtnMgr.exe" [2006-03-18 331776]
    "vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 77824]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-29 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-08 16:07 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk
    backup=c:\windows\pss\Forget Me Not.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
    backup=c:\windows\pss\GStartup.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PrecisionTime.lnk
    backup=c:\windows\pss\PrecisionTime.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Real-time Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Real-time Monitor.lnk
    backup=c:\windows\pss\Real-time Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^terri gregson^Start Menu^Programs^Startup^Webshots.lnk]
    path=c:\documents and settings\terri gregson\Start Menu\Programs\Startup\Webshots.lnk
    backup=c:\windows\pss\Webshots.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-06-12 09:38 34672 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-06-05 20:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-05-27 00:18 413696 -c--a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2008-02-22 11:25 144784 -c--a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Trend Micro\\PC-cillin 2000\\WebTrapNT.exe"=
    "c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
    "c:\\MB7\\Programs\\mb7.exe"=
    "c:\\WINDOWS\\system32\\msiexec.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Documents and Settings\\terri gregson\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\Sage\\LS1\\ServiceHost\\1.1\\Sage.LS1.ServiceHost.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    "2479:TCP"= 2479:TCP:Services
    "2467:TCP"= 2467:TCP:Services
    "3389:TCP"= 3389:TCP:Remote Desktop
    "4334:TCP"= 4334:TCP:Services
    "6224:TCP"= 6224:TCP:Services
    "3246:TCP"= 3246:TCP:Services

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11/16/2009 9:03 AM 108792]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/26/2008 5:35 PM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/26/2008 5:35 PM 74480]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11/16/2009 9:04 AM 735960]
    R2 Sage.LS1.ServiceHost.1.1;Sage Service Host (v1.1);c:\program files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe [12/16/2008 8:41 AM 106496]
    R2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\drivers\SonyFKC.sys [12/14/2001 12:53 PM 12032]
    R2 V7;V7;c:\windows\system32\drivers\V7.SYS [2/24/2005 6:10 PM 7196]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
    S2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [5/20/2005 7:54 AM 112835]
    S3 aligp;USB Composite Device;c:\windows\system32\drivers\AliGP.sys [5/20/2005 7:54 AM 8656]
    S3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [5/20/2005 7:54 AM 5325]
    S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [12/14/2001 4:55 PM 54271]
    S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [12/14/2001 11:26 AM 593000]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://email.secureserver.net/login.php
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
    FF - ProfilePath - c:\documents and settings\terri gregson\Application Data\Mozilla\Firefox\Profiles\23tdebwt.default\
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-ControlCenter2 - c:\program files\Brother\ControlCenter2\brctrcen.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-02-09 08:37
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x86E976E8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf7852f28
    \Driver\ACPI -> 0x86e976e8
    \Driver\atapi -> atapi.sys @ 0xf7737852
    IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
    ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
    ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
    NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> 0x86c14690
    PacketIndicateHandler -> NDIS.sys @ 0xf7650a21
    SendHandler -> NDIS.sys @ 0xf7644d44
    Warning: possible MBR rootkit infection !
    copy of MBR has been found in sector 0x0DF937C1
    malicious code @ sector 0x0DF937C4 !
    PE file found in sector at 0x0DF937DA !
    MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
    @DACL=(02 0000)
    @="bootstrap.application.1"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(828)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    Completion time: 2010-02-09 08:39:29
    ComboFix-quarantined-files.txt 2010-02-09 16:39

    Pre-Run: 4,477,718,528 bytes free
    Post-Run: 4,448,034,816 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    - - End Of File - - F3CE8036349A616A9AB3ED4E184711A1
     
  10. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    34,315
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Under the Standard Registry box change it to All.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
     
  11. slb5

    slb5 Thread Starter

    Joined:
    Oct 13, 2007
    Messages:
    69
    OTL.txt Log:



    OTL logfile created on: 2/9/2010 11:19:07 AM - Run 1
    OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\terri gregson\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,024.00 Mb Total Physical Memory | 460.00 Mb Available Physical Memory | 45.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
    Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 14.94 Gb Total Space | 4.16 Gb Free Space | 27.83% Space Free | Partition Type: NTFS
    Drive D: | 96.85 Gb Total Space | 76.08 Gb Free Space | 78.56% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: 7B9600FA
    Current User Name: terri gregson
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\terri gregson\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
    PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    PRC - C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe (Sage Software, Inc.)
    PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
    PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
    PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
    PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    PRC - c:\Program Files\support.com\client\bin\tgcmd.exe (Support.com, Inc.)
    PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\terri gregson\Desktop\OTL.exe (OldTimer Tools)


    ========== Win32 Services (SafeList) ==========

    SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
    SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
    SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    SRV - (Sage.LS1.ServiceHost.1.1) Sage Service Host (v1.1) -- C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe (Sage Software, Inc.)
    SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
    SRV - (Norton AntiVirus Server) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
    SRV - (DefWatch) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
    SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
    SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100205.002\NAVEX15.SYS (Symantec Corporation)
    DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100205.002\NAVENG.SYS (Symantec Corporation)
    DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
    DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
    DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
    DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
    DRV - (ALIEHCD) -- C:\WINDOWS\system32\drivers\AliEhci.sys (ALi Corporation)
    DRV - (aliroothub) -- C:\WINDOWS\system32\drivers\AliRtHub.sys (ALi Corporation)
    DRV - (aligp) -- C:\WINDOWS\system32\drivers\AliGP.sys (ALi Corporation)
    DRV - (NAVAPEL) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys (Symantec Corporation)
    DRV - (NAVAP) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys (Symantec Corporation)
    DRV - (SonyFKC) -- C:\WINDOWS\system32\drivers\SonyFKC.sys (Sony Corporation)
    DRV - (PxHelp20) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (VERITAS Software, Inc.)
    DRV - (SONYWBMS) Sony Memory Stick controller(WB) -- C:\WINDOWS\system32\drivers\SonyWBMS.sys (Sony Corporation)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (SMBE) Sony MPEG2 Encoder Board (WDM) -- C:\WINDOWS\system32\drivers\Smbe.sys (Sony Corporation)
    DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
    DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
    DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
    DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMDM.sys (BCM)
    DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)
    DRV - (nv4) -- C:\WINDOWS\system32\drivers\nv4.sys (NVIDIA Corporation)
    DRV - (BCM42XX) Broadcom iLine10(tm) -- C:\WINDOWS\system32\drivers\bcm42xx5.sys (Broadcom Corporation)
    DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (Windows (R) 2000 DDK provider)
    DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
    DRV - (V7) -- C:\WINDOWS\system32\drivers\V7.SYS (IBM Corporation)
    DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://email.secureserver.net/login.php
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.update: false
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
    FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

    FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:36 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/16 07:32:10 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/16 07:32:10 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/02/07 08:27:28 | 000,000,000 | ---D | M]

    [2009/06/14 07:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terri gregson\Application Data\Mozilla\Extensions
    [2009/06/14 07:28:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\terri gregson\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2009/09/02 08:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terri gregson\Application Data\Mozilla\Firefox\Profiles\23tdebwt.default\extensions
    [2009/09/02 08:34:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\terri gregson\Application Data\Mozilla\Firefox\Profiles\23tdebwt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/08/09 08:37:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2009/06/16 07:30:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2007/05/23 07:12:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
    [2007/07/19 08:23:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    [2007/11/19 09:13:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    [2008/03/19 07:51:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    [2009/06/16 07:30:51 | 000,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
    [2009/06/16 07:30:51 | 000,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
    [2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    [2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
    [2009/06/16 07:30:53 | 000,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
    [2008/06/11 21:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
    [2009/06/26 08:12:23 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    [2009/06/26 08:12:23 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    [2009/06/26 08:12:23 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    [2009/06/26 08:12:23 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    [2009/06/26 08:12:23 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    [2009/06/26 08:12:23 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    [2009/06/26 08:12:23 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    [2009/06/14 07:28:37 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
    [2009/06/14 07:28:37 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
    [2009/06/14 07:28:37 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
    [2009/06/14 07:28:37 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
    [2009/06/14 07:28:37 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
    [2009/06/14 07:28:37 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
    [2009/06/14 07:28:37 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

    O1 HOSTS File: ([2001/08/18 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
    O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
    O4 - HKLM..\Run: [ZTgServerSwitch] c:\Program Files\support.com\client\lserver\Server.vbs ()
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 63.249.95.8 63.249.95.9
     
  12. slb5

    slb5 Thread Starter

    Joined:
    Oct 13, 2007
    Messages:
    69
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
    O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\terri gregson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\terri gregson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/02/14 12:34:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/02/10 14:17:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/02/09 11:14:26 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\terri gregson\Desktop\OTL.exe
    [2010/02/09 08:29:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/02/09 08:29:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/02/09 08:29:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/02/09 08:29:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/02/09 08:29:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/02/09 08:28:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/02/09 08:28:55 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010/02/09 08:28:21 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/02/08 15:32:32 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\terri gregson\Desktop\HijackThisInstaller.exe
    [2010/02/08 11:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\terri gregson\Application Data\Malwarebytes
    [2010/02/08 11:22:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/02/08 11:22:02 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/02/08 11:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/02/08 11:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/02/08 11:20:57 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\terri gregson\Desktop\mbam-setup.exe
    [2010/02/08 11:06:24 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\terri gregson\Desktop\TFC.exe
    [2010/02/08 08:43:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\terri gregson\Recent
    [2010/02/07 09:19:37 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
    [2010/02/07 08:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\terri gregson\Application Data\ESET
    [2010/02/07 08:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/02/07 08:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2010/02/07 08:02:37 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2010/01/12 16:48:18 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
    [2006/02/18 03:00:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2005/11/09 16:21:34 | 034,412,848 | ---- | C] (Apple Computer, Inc. ) -- C:\Program Files\iTunesSetup.exe
    [2005/07/18 07:10:06 | 020,798,256 | ---- | C] (Netopsystems AG ) -- C:\Program Files\AdbeRdr70_enu_full.exe
    [2005/07/18 07:08:35 | 006,811,904 | ---- | C] (Adobe Systems, Inc. ) -- C:\Program Files\psa2011se_us.exe
    [2005/05/11 07:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2005/03/11 08:25:37 | 000,534,104 | ---- | C] (Adobe Systems) -- C:\Program Files\psa2011_ytb01_DLM_enu_full.exe
    [2001/12/14 12:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2001/12/14 12:38:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

    ========== Files - Modified Within 30 Days ==========

    [2010/02/09 11:14:26 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\terri gregson\Desktop\OTL.exe
    [2010/02/09 11:14:12 | 000,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini
    [2010/02/09 08:39:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/02/09 08:37:15 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/02/09 08:30:03 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/02/09 08:24:37 | 003,852,379 | R--- | M] () -- C:\Documents and Settings\terri gregson\Desktop\ComboFix.exe
    [2010/02/09 08:15:03 | 000,013,058 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/02/09 08:14:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/02/09 08:14:33 | 1073,319,936 | -HS- | M] () -- C:\hiberfil.sys
    [2010/02/08 16:23:39 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\terri gregson\NTUSER.DAT
    [2010/02/08 16:23:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\terri gregson\ntuser.ini
    [2010/02/08 16:23:22 | 004,826,290 | -H-- | M] () -- C:\Documents and Settings\terri gregson\Local Settings\Application Data\IconCache.db
    [2010/02/08 15:32:57 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\terri gregson\Desktop\HijackThis.lnk
    [2010/02/08 15:32:32 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\terri gregson\Desktop\HijackThisInstaller.exe
    [2010/02/08 11:42:51 | 000,293,376 | ---- | M] () -- C:\o8kt6t2b.exe
    [2010/02/08 11:41:10 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\terri gregson\Desktop\bsyl195b.exe
    [2010/02/08 11:22:08 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/02/08 11:21:09 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\terri gregson\Desktop\mbam-setup.exe
    [2010/02/08 11:06:24 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\terri gregson\Desktop\TFC.exe
    [2010/02/08 08:01:58 | 000,000,599 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/02/08 08:01:58 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/01/31 11:00:24 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\terri gregson\Desktop\Windows Explorer.lnk
    [2010/01/28 10:53:47 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\terri gregson\Desktop\will definitions.doc
    [2010/01/27 15:13:35 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/01/15 16:09:32 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\terri gregson\Desktop\CCleaner.lnk

    ========== Files Created - No Company Name ==========

    [2010/02/09 08:30:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/02/09 08:30:00 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/02/09 08:29:06 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/02/09 08:29:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/02/09 08:29:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/02/09 08:29:06 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/02/09 08:29:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/02/09 08:24:30 | 003,852,379 | R--- | C] () -- C:\Documents and Settings\terri gregson\Desktop\ComboFix.exe
    [2010/02/08 15:32:57 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\terri gregson\Desktop\HijackThis.lnk
    [2010/02/08 11:42:51 | 000,293,376 | ---- | C] () -- C:\o8kt6t2b.exe
    [2010/02/08 11:41:10 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\terri gregson\Desktop\bsyl195b.exe
    [2010/02/08 11:22:08 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/02/08 08:03:00 | 1073,319,936 | -HS- | C] () -- C:\hiberfil.sys
    [2010/01/28 10:53:47 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\terri gregson\Desktop\will definitions.doc
    [2010/01/10 09:58:39 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\terri gregson\Local Settings\Application Data\housecall.guid.cache
    [2006/04/19 11:55:05 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
    [2006/04/19 11:54:21 | 000,006,145 | ---- | C] () -- C:\WINDOWS\hplj1320.ini
    [2006/04/12 12:43:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2005/11/10 10:13:00 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\mbRegDLL.dll
    [2005/11/10 10:13:00 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\IMBsec.dll
    [2005/11/10 10:13:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\d4dll.dll
    [2005/11/10 10:13:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
    [2005/11/10 10:12:59 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\Bcfont32.dll
    [2005/10/02 15:26:15 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\terri gregson\Local Settings\Application Data\fusioncache.dat
    [2005/07/18 07:08:31 | 000,494,704 | ---- | C] () -- C:\Program Files\ytb01_efgsip.exe
    [2005/06/07 06:50:44 | 000,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
    [2005/06/07 06:50:44 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
    [2005/05/31 14:28:45 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
    [2005/05/31 14:28:45 | 000,000,211 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2005/05/31 14:28:45 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
    [2005/05/31 14:28:45 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2005/05/31 14:28:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
    [2005/03/06 16:07:53 | 000,000,156 | ---- | C] () -- C:\WINDOWS\GetServer.ini
    [2005/02/25 10:29:15 | 000,000,313 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
    [2005/02/25 08:00:46 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\cdintf.dll
    [2005/02/24 18:51:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/02/24 18:10:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
    [2005/02/24 18:10:42 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\macrovsn.dll
    [2005/02/24 18:10:42 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\MMDVDROM.dll
    [2005/02/24 17:59:49 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\terri gregson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2002/07/30 10:33:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
    [2001/12/14 15:02:55 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
    [2001/12/14 14:46:01 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
    [2001/12/14 14:44:06 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
    [2001/12/14 14:44:05 | 000,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2001/12/14 14:35:03 | 000,000,165 | ---- | C] () -- C:\WINDOWS\photoprn.ini
    [2001/12/14 13:14:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2001/12/14 12:45:42 | 000,000,804 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2001/12/14 11:26:24 | 000,000,608 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2001/12/04 20:22:50 | 000,002,101 | ---- | C] () -- C:\WINDOWS\Pcc2KNT.ini
    [1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
    [1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

    ========== LOP Check ==========

    [2010/02/07 08:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2006/10/20 08:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OKR
    [2009/03/17 14:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
    [2009/09/01 08:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
    [2009/06/26 08:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2008/09/30 13:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terri gregson\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/02/07 08:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terri gregson\Application Data\ESET
    [2001/12/14 14:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terri gregson\Application Data\InterTrust
    [2006/08/05 13:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terri gregson\Application Data\Leadertech
    [2009/07/16 07:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terri gregson\Application Data\Opera
    [2008/09/26 13:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terri gregson\Application Data\ScanSoft
    [2007/10/10 07:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\terri gregson\Application Data\Webshots

    ========== Purity Check ==========


    < End of report >
     
  13. slb5

    slb5 Thread Starter

    Joined:
    Oct 13, 2007
    Messages:
    69
    OTL Extras.txt




    OTL Extras logfile created on: 2/9/2010 11:19:08 AM - Run 1
    OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\terri gregson\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,024.00 Mb Total Physical Memory | 460.00 Mb Available Physical Memory | 45.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
    Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 14.94 Gb Total Space | 4.16 Gb Free Space | 27.83% Space Free | Partition Type: NTFS
    Drive D: | 96.85 Gb Total Space | 76.08 Gb Free Space | 78.56% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: 7B9600FA
    Current User Name: terri gregson
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "65533:TCP" = 65533:TCP:*:Enabled:Services
    "52344:TCP" = 52344:TCP:*:Enabled:Services
    "2479:TCP" = 2479:TCP:*:Enabled:Services
    "2467:TCP" = 2467:TCP:*:Enabled:Services
    "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
    "4334:TCP" = 4334:TCP:*:Enabled:Services
    "6224:TCP" = 6224:TCP:*:Enabled:Services
    "3246:TCP" = 3246:TCP:*:Enabled:Services

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "65533:TCP" = 65533:TCP:*:Enabled:Services
    "52344:TCP" = 52344:TCP:*:Enabled:Services
    "2479:TCP" = 2479:TCP:*:Enabled:Services
    "2467:TCP" = 2467:TCP:*:Enabled:Services
    "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
    "4334:TCP" = 4334:TCP:*:Enabled:Services
    "6224:TCP" = 6224:TCP:*:Enabled:Services
    "3246:TCP" = 3246:TCP:*:Enabled:Services

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe" = C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe:*:Disabled:WebTrap -- (Trend Micro Inc.)
    "C:\Program Files\support.com\client\bin\tgcmd.exe" = C:\Program Files\support.com\client\bin\tgcmd.exe:*:Disabled:tgcmd Module -- (Support.com, Inc.)
    "C:\MB7\Programs\mb7.exe" = C:\MB7\Programs\mb7.exe:*:Enabled:mb7 -- (Sage Software, Inc.)
    "C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer -- (Microsoft Corporation)
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Documents and Settings\terri gregson\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\terri gregson\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe" = C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe:*:Enabled:Sage Service Host (v1.1) -- (Sage Software, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
    "{21CF3E6E-1659-433E-B6CE-165D793560DA}" = VAIO Grid Wallpaper
    "{234A85E2-5317-44ED-8FB2-91DBB4BE17BF}" = Sage Master Builder API
    "{2FAF5A9F-7EDE-4F1A-B082-C95A9F420630}" = Media Bar 3.2.12
    "{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
    "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
    "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.2
    "{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}" = VAIO Action Setup
    "{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK
    "{48BE827A-2D06-4804-90C3-4F2F8460F9D4}" = Support Actions Win2K,WinXP
    "{59C72A68-708E-11D6-8123-000102408BEC}" = Sage Master Builder
    "{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
    "{6060E6A1-5342-4D2B-8F66-B6D6E20BBD03}" = VAIO Help & Support
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony DV Shared Library
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6DF804A8-2CC2-4D22-A958-4534F6EC3C76}" = VAIO Registration
    "{70A3C348-D02E-4641-9E74-0BAAA9B7A910}" = Intuit Master Builder Entitlement Client
    "{802EF464-4992-42B3-8434-45151AD3C933}" = VAIO Serenus Wallpaper
    "{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}" = ALi USB2.0 Driver
    "{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
    "{A228A09C-4826-42E0-A3D8-95B2BAAB5049}" = OpenMG Secure Module 3.0.01
    "{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A4356797-C122-4442-83F2-A32DBD7B71AF}" = Sage Master Builder
    "{A839294B-70A9-11D5-9F5A-0050DAD742CD}" = PC-cillin 2000
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{ACEC9C3E-0100-4EBE-B298-35A2145828A0}" = VAIO Brezza Wallpaper
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
    "{E2069DE3-5924-4766-A385-CDA273885A31}" = DigitalPrint 1.1
    "{E535DC62-56D6-11D5-8AE3-00105A7276CD}" = SonicStage 1.1.00
    "{F3CB4DC0-4FC0-11D5-9254-0000F460E7A9}" = SonicStage CD-R Writing Module
    "{F854647B-35E4-40DB-9F6B-D5F2ABCFCAE0}" = Sage Master Builder Licensing 1.1
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "CCleaner" = CCleaner
    "DVD Express A/V Pak" = DVDExpress
    "HijackThis" = HijackThis 2.0.2
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{70A3C348-D02E-4641-9E74-0BAAA9B7A910}" = Intuit Master Builder Entitlement Client
    "LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)
    "Macromedia Shockwave Player" = Macromedia Shockwave Player
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Motion JPEG Software Decoder" = Motion JPEG Software Decoder
    "Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
    "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
    "Quicken 2002 New User Edition" = Quicken 2002 New User Edition
    "VAIO Support" = VAIO Support
    "WebPost" = Microsoft Web Publishing Wizard 1.52
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.0.0.320
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/7/2010 5:14:18 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
    Description = The installation of C:\WINDOWS\Installer\2d2d5e75.msi is not permitted
    due to an error in software restriction policy processing. The object cannot be
    trusted.

    Error - 2/7/2010 5:14:18 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
    Description = The installation of C:\WINDOWS\Installer\2d2d5e75.msi is not permitted
    due to an error in software restriction policy processing. The object cannot be
    trusted.

    Error - 2/7/2010 5:14:18 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
    Description = The installation of C:\WINDOWS\Installer\6615d31e.msi is not permitted
    due to an error in software restriction policy processing. The object cannot be
    trusted.

    Error - 2/7/2010 5:14:18 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
    Description = The installation of C:\WINDOWS\Installer\6615d31e.msi is not permitted
    due to an error in software restriction policy processing. The object cannot be
    trusted.

    Error - 2/7/2010 5:14:18 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
    Description = The installation of C:\WINDOWS\Installer\aec5fc6.msi is not permitted
    due to an error in software restriction policy processing. The object cannot be
    trusted.

    Error - 2/7/2010 5:14:18 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
    Description = The installation of C:\WINDOWS\Installer\aec5fc6.msi is not permitted
    due to an error in software restriction policy processing. The object cannot be
    trusted.

    Error - 2/7/2010 5:14:18 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
    Description = The installation of C:\WINDOWS\Installer\2400fd5c.msi is not permitted
    due to an error in software restriction policy processing. The object cannot be
    trusted.

    Error - 2/7/2010 5:14:18 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
    Description = The installation of C:\WINDOWS\Installer\2400fd5c.msi is not permitted
    due to an error in software restriction policy processing. The object cannot be
    trusted.

    Error - 2/7/2010 5:14:19 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
    Description = The installation of C:\WINDOWS\Installer\2400fd97.msi is not permitted
    due to an error in software restriction policy processing. The object cannot be
    trusted.

    Error - 2/7/2010 5:14:19 PM | Computer Name = 7B9600FA | Source = MsiInstaller | ID = 1008
    Description = The installation of C:\WINDOWS\Installer\2400fd97.msi is not permitted
    due to an error in software restriction policy processing. The object cannot be
    trusted.

    [ System Events ]
    Error - 2/8/2010 3:08:23 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7034
    Description = The Bonjour Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 2/8/2010 3:08:23 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7034
    Description = The DefWatch service terminated unexpectedly. It has done this 1
    time(s).

    Error - 2/8/2010 3:08:23 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7034
    Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 2/8/2010 3:08:23 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7031
    Description = The Sage Service Host (v1.1) service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Restart the service.

    Error - 2/8/2010 3:08:23 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7034
    Description = The iPod Service service terminated unexpectedly. It has done this
    1 time(s).

    Error - 2/9/2010 12:14:55 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7000
    Description = The ALi PCI to USB Enhanced Host Controller service failed to start
    due to the following error: %%1058

    Error - 2/9/2010 12:30:51 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7031
    Description = The Sage Service Host (v1.1) service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Restart the service.

    Error - 2/9/2010 12:32:24 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7031
    Description = The Sage Service Host (v1.1) service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Restart the service.

    Error - 2/9/2010 12:34:07 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7031
    Description = The Sage Service Host (v1.1) service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Restart the service.

    Error - 2/9/2010 12:35:30 PM | Computer Name = 7B9600FA | Source = Service Control Manager | ID = 7031
    Description = The Sage Service Host (v1.1) service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Restart the service.


    < End of report >
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    34,315
    Okay, can you scan these files for me:

    • Please go to VirSCAN.org FREE on-line scan service
    • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
      • C:\WINDOWS\System32\mbRegDLL.dll
    • Click on the Upload button
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.


    Also, do the same for these:

    C:\WINDOWS\System32\macrovsn.dll
    C:\WINDOWS\System32\MMDVDROM.dll



    Plus, do you know what this is:

    C:\Documents and Settings\terri gregson\Desktop\bsyl195b.exe

    if you're not sure, can you scan that one as well :)

    eddie
     
  15. slb5

    slb5 Thread Starter

    Joined:
    Oct 13, 2007
    Messages:
    69
    Update: looking at my desktop I see that the icon for the GMER scanner I downloaded yesterday is labeled bsyl195b


    The last file I scanned found something...the file is C:\Documents and Settings\terri gregson\Desktop\bsyl195b.exe



    The first file C:\WINDOWS\System32\mbRegDLL.dll scan found nothing....

    VirSCAN.org Scanned Report :
    Scanned time : 2010/02/10 11:44:16 (PST)
    Scanner results: Scanners did not find malware!
    File Name : mbRegDLL.dll
    File Size : 753664 byte
    File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
    MD5 : 773cda5166b2495816f21f3892de4b6a
    SHA1 : 0fd614585df99ff74d5c2bf22f198a926e47c018
    Online report : http://virscan.org/report/80a8f46e9c1844e7bf3de084fc231649.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 4.5.0.8 20100210230750 2010-02-10 4.88 -
    AhnLab V3 2010.02.10.00 2010.02.10 2010-02-10 1.09 -
    AntiVir 8.2.1.160 7.10.4.23 2010-02-10 0.29 -
    Antiy 2.0.18 20100201.3785967 2010-02-01 0.12 -
    Arcavir 2009 201002100223 2010-02-10 0.07 -
    Authentium 5.1.1 201002101725 2010-02-10 2.30 -
    AVAST! 4.7.4 100210-0 2010-02-10 0.07 -
    AVG 8.5.720 271.1.1/2660 2010-02-01 5.18 -
    BitDefender 7.81008.5034923 7.30317 2010-02-11 5.16 -
    ClamAV 0.95.3 10374 2010-02-10 0.13 -
    Comodo 3.13.579 3409 2010-02-10 0.97 -
    CP Secure 1.3.0.5 2010.02.10 2010-02-10 0.11 -
    Dr.Web 5.0.1.12222 2010.02.11 2010-02-11 5.24 -
    F-Prot 4.4.4.56 20100209 2010-02-09 2.20 -
    F-Secure 7.02.73807 2010.02.10.14 2010-02-10 9.88 -
    Fortinet 11.481- 11.481 2010-02-10 0.30 -
    GData 19.10428/19.743 20100210 2010-02-10 6.22 -
    ViRobot 20100210 2010.02.10 2010-02-10 0.42 -
    Ikarus T3.1.01.80 2010.02.10.75155 2010-02-10 4.72 -
    JiangMin 13.0.900 2010.02.08 2010-02-08 8.99 -
    Kaspersky 5.5.10 2010.02.10 2010-02-10 0.12 -
    KingSoft 2009.2.5.15 2010.2.10.18 2010-02-10 0.69 -
    McAfee 5.3.00 5888 2010-02-10 3.55 -
    Microsoft 1.5406 2010.02.10 2010-02-10 6.62 -
    Norman 6.01.09 6.01.00 2010-02-10 2.00 -
    Panda 9.05.01 2010.02.09 2010-02-09 2.13 -
    Trend Micro 9.120-1004 6.838.08 2010-02-10 0.04 -
    Quick Heal 10.00 2010.02.10 2010-02-10 1.80 -
    Rising 20.0 22.34.01.02 2010-02-09 1.09 -
    Sophos 3.04.1 4.50 2010-02-11 3.15 -
    Sunbelt 3.9.2398.2 5668 2010-02-09 2.96 -
    Symantec 1.3.0.24 20100201.009 2010-02-01 0.00 -
    nProtect 20100210.02 7196772 2010-02-10 5.18 -
    The Hacker 6.5.1.1 v00187 2010-02-10 0.46 -
    VBA32 3.12.12.2 20100209.2126 2010-02-09 2.63 -
    VirusBuster 4.5.11.10 10.119.49/2031139 2010-02-11 2.57 -


    On to the next file....


    VirSCAN.org Scanned Report :
    Scanned time : 2010/02/10 11:50:53 (PST)
    Scanner results: Scanners did not find malware!
    File Name : macrovsn.dll
    File Size : 67584 byte
    File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
    MD5 : 2ae9e1322d0d85d2f94bf919ac6d58ae
    SHA1 : 0c462d5d78952859df8b6e3246783df39341e3d3
    Online report : http://virscan.org/report/891a2c2b7f70ffb9f2f9cba311fd064a.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 4.5.0.8 20100210230750 2010-02-10 4.23 -
    AhnLab V3 2010.02.10.00 2010.02.10 2010-02-10 1.03 -
    AntiVir 8.2.1.160 7.10.4.23 2010-02-10 0.42 -
    Antiy 2.0.18 20100201.3785967 2010-02-01 0.12 -
    Arcavir 2009 201002100223 2010-02-10 0.04 -
    Authentium 5.1.1 201002101725 2010-02-10 1.34 -
    AVAST! 4.7.4 100210-0 2010-02-10 0.01 -
    AVG 8.5.720 271.1.1/2660 2010-02-01 5.17 -
    BitDefender 7.81008.5034923 7.30317 2010-02-11 5.16 -
    ClamAV 0.95.3 10374 2010-02-10 0.02 -
    Comodo 3.13.579 3409 2010-02-10 2.68 -
    CP Secure 1.3.0.5 2010.02.10 2010-02-10 0.06 -
    Dr.Web 5.0.1.12222 2010.02.11 2010-02-11 5.28 -
    F-Prot 4.4.4.56 20100209 2010-02-09 1.33 -
    F-Secure 7.02.73807 2010.02.10.14 2010-02-10 0.15 -
    Fortinet 11.481- 11.481 2010-02-10 0.34 -
    GData 19.10428/19.743 20100210 2010-02-10 6.02 -
    ViRobot 20100210 2010.02.10 2010-02-10 0.41 -
    Ikarus T3.1.01.80 2010.02.10.75155 2010-02-10 4.53 -
    JiangMin 13.0.900 2010.02.08 2010-02-08 4.69 -
    Kaspersky 5.5.10 2010.02.10 2010-02-10 0.11 -
    KingSoft 2009.2.5.15 2010.2.10.18 2010-02-10 2.89 -
    McAfee 5.3.00 5888 2010-02-10 3.50 -
    Microsoft 1.5406 2010.02.10 2010-02-10 7.58 -
    Norman 6.01.09 6.01.00 2010-02-10 4.01 -
    Panda 9.05.01 2010.02.09 2010-02-09 2.89 -
    Trend Micro 9.120-1004 6.838.08 2010-02-10 0.03 -
    Quick Heal 10.00 2010.02.10 2010-02-10 1.36 -
    Rising 20.0 22.34.01.02 2010-02-09 1.07 -
    Sophos 3.04.1 4.50 2010-02-11 3.15 -
    Sunbelt 3.9.2398.2 5668 2010-02-09 2.80 -
    Symantec 1.3.0.24 20100201.009 2010-02-01 0.00 -
    nProtect 20100210.02 7196772 2010-02-10 4.28 -
    The Hacker 6.5.1.1 v00187 2010-02-10 0.37 -
    VBA32 3.12.12.2 20100209.2126 2010-02-09 2.51 -
    VirusBuster 4.5.11.10 10.119.49/2031139 2010-02-11 2.37 -


    Next file:

    VirSCAN.org Scanned Report :
    Scanned time : 2010/02/10 11:55:04 (PST)
    Scanner results: Scanners did not find malware!
    File Name : MMDVDROM.dll
    File Size : 17920 byte
    File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
    MD5 : 855d1380bb7509f1728d183e442f05cd
    SHA1 : fdb364381d69ec942ce488c7dfd0b1dfe024ca76
    Online report : http://virscan.org/report/6b70b785d14271e626d3cebde6c889a8.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 4.5.0.8 20100210230750 2010-02-10 4.28 -
    AhnLab V3 2010.02.10.00 2010.02.10 2010-02-10 1.01 -
    AntiVir 8.2.1.160 7.10.4.23 2010-02-10 0.41 -
    Antiy 2.0.18 20100201.3785967 2010-02-01 0.12 -
    Arcavir 2009 201002100223 2010-02-10 0.03 -
    Authentium 5.1.1 201002101725 2010-02-10 1.35 -
    AVAST! 4.7.4 100210-0 2010-02-10 0.01 -
    AVG 8.5.720 271.1.1/2660 2010-02-01 5.18 -
    BitDefender 7.81008.5034923 7.30317 2010-02-11 5.14 -
    ClamAV 0.95.3 10374 2010-02-10 0.01 -
    Comodo 3.13.579 3409 2010-02-10 0.95 -
    CP Secure 1.3.0.5 2010.02.10 2010-02-10 0.04 -
    Dr.Web 5.0.1.12222 2010.02.11 2010-02-11 5.19 -
    F-Prot 4.4.4.56 20100209 2010-02-09 1.28 -
    F-Secure 7.02.73807 2010.02.10.14 2010-02-10 0.15 -
    Fortinet 11.481- 11.481 2010-02-10 0.20 -
    GData 19.10428/19.743 20100210 2010-02-10 6.20 -
    ViRobot 20100210 2010.02.10 2010-02-10 0.43 -
    Ikarus T3.1.01.80 2010.02.10.75155 2010-02-10 4.47 -
    JiangMin 13.0.900 2010.02.08 2010-02-08 4.67 -
    Kaspersky 5.5.10 2010.02.10 2010-02-10 0.11 -
    KingSoft 2009.2.5.15 2010.2.10.18 2010-02-10 0.56 -
    McAfee 5.3.00 5888 2010-02-10 3.53 -
    Microsoft 1.5406 2010.02.10 2010-02-10 6.63 -
    Norman 6.01.09 6.01.00 2010-02-10 4.00 -
    Panda 9.05.01 2010.02.09 2010-02-09 1.99 -
    Trend Micro 9.120-1004 6.838.08 2010-02-10 0.03 -
    Quick Heal 10.00 2010.02.10 2010-02-10 1.33 -
    Rising 20.0 22.34.01.02 2010-02-09 1.10 -
    Sophos 3.04.1 4.50 2010-02-11 3.15 -
    Sunbelt 3.9.2398.2 5668 2010-02-09 2.68 -
    Symantec 1.3.0.24 20100201.009 2010-02-01 0.00 -
    nProtect 20100210.02 7196772 2010-02-10 4.31 -
    The Hacker 6.5.1.1 v00187 2010-02-10 0.37 -
    VBA32 3.12.12.2 20100209.2126 2010-02-09 2.52 -
    VirusBuster 4.5.11.10 10.119.49/2031139 2010-02-11 2.37 -


    Last file with something found:

    VirSCAN.org Scanned Report :
    Scanned time : 2010/01/31 08:50:49 (PST)
    Scanner results: 6% Scanner(s) (2/36) found malware!
    File Name : jex8c7uf.exe
    File Size : 293376 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : f80f6e09e7f4bafe478ca0da6137e1e2
    SHA1 : 719082766cf4f60c8bdaa2b2c9f6967ecbcf8722
    Online report : http://virscan.org/report/ae654b816fb40e098259577d13bdfc44.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 4.5.0.8 20100130020216 2010-01-30 5.59 -
    AhnLab V3 2010.01.31.01 2010.01.31 2010-01-31 1.07 -
    AntiVir 8.2.1.154 7.10.3.139 2010-01-29 0.29 -
    Antiy 2.0.18 20100126.3756239 2010-01-26 0.12 -
    Arcavir 2009 201001300945 2010-01-30 0.24 -
    Authentium 5.1.1 201001301405 2010-01-30 3.00 -
    AVAST! 4.7.4 100131-0 2010-01-31 0.08 -
    AVG 8.5.720 271.1.1/2659 2010-01-31 1.79 -
    BitDefender 7.81008.4940941 7.30145 2010-01-31 5.09 -
    ClamAV 0.95.3 10344 2010-01-30 0.18 -
    Comodo 3.13.579 3409 2010-01-31 0.89 -
    CP Secure 1.3.0.5 2010.01.31 2010-01-31 0.18 -
    Dr.Web 5.0.1.12222 2010.01.31 2010-01-31 5.26 -
    F-Prot 4.4.4.56 20100130 2010-01-30 3.17 -
    F-Secure 7.02.73807 2010.01.31.01 2010-01-31 11.38 -
    Fortinet 11.441- 11.441 2010-01-31 0.39 Suspicious
    GData 19.10232/19.716 20100131 2010-01-31 6.31 -
    ViRobot 20100130 2010.01.30 2010-01-30 0.41 -
    Ikarus T3.1.01.80 2010.01.31.75079 2010-01-31 6.75 -
    JiangMin 13.0.900 2010.01.27 2010-01-27 5.06 -
    Kaspersky 5.5.10 2010.01.31 2010-01-31 0.33 -
    KingSoft 2009.2.5.15 2010.1.31.21 2010-01-31 0.69 -
    McAfee 5.3.00 5878 2010-01-31 4.21 -
    Microsoft 1.5406 2010.01.31 2010-01-31 7.27 -
    Norman 6.01.09 6.01.00 2010-01-16 4.01 -
    Panda 9.05.01 2010.01.31 2010-01-31 3.51 -
    Trend Micro 9.120-1004 6.814.06 2010-01-31 0.10 -
    Quick Heal 10.00 2010.01.30 2010-01-30 1.42 -
    Rising 20.0 22.32.06.04 2010-01-31 1.64 -
    Sophos 3.04.1 4.50 2010-01-31 3.10 -
    Sunbelt 3.9.2396.2 5648 2010-01-30 3.94 -
    Symantec 1.3.0.24 20100131.003 2010-01-31 0.14 -
    nProtect 20100131.01 7067168 2010-01-31 4.85 -
    The Hacker 6.5.1.0 v00174 2010-01-31 0.46 -
    VBA32 3.12.12.1 20100129.0902 2010-01-29 3.02 Win32 Shadow Driver Install (suspicious)
    VirusBuster 4.5.11.10 10.119.30/2017585 2010-01-30 3.70 -
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/901104

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice