Windows 7 Support
Become a Fan of PCHF on Facebook!
 User Reviews - Add Yours!
The PCHF Lounge
Go Back   PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs
Reload this Page Spyware Protect 2009
Register for a Free Account

[Fixed] Hijackthis! Logs - Spyware Protect 2009 posted in the Security & Safety forums; Hey guys, I think I had the Spyware Protect 2009 package along with a few other issues. Some links get redirected, sometimes IE and FF won't startup, and MBAM and ...

Advertisement
Advertisement

Reply
Free PC Performance Scan
Page 1 of 3 1 23
Old 05-17-2009   #1
Bronze Member
 
Join Date: Jan 2009
Posts: 49
PC Experience: Some Experience
Default Spyware Protect 2009
Hey guys, I think I had the Spyware Protect 2009 package along with a few other issues. Some links get redirected, sometimes IE and FF won't startup, and MBAM and CF definitely do not start at all. Thanks in advance for any help.

My HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:03 AM, on 5/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\OEM04Mon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
X:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.law.miami.edu/exchange
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 browser-security.microsoft.com
O1 - Hosts: 94.232.248.66 antivirprotection.com
O1 - Hosts: 94.232.248.66 Index of /
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: BHO - {BBD4551A-9B23-41cd-9BCD-818AA2DA7B63} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - X:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM04Mon.exe] C:\WINDOWS\OEM04Mon.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Append to existing PDF - res://X:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://X:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://X:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://X:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://X:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://X:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://X:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://X:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1239821979953
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} (TeamOn Import Object) - https://bis.na.blackberry.com/html/w...s/TOImport.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO. EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID. EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8353 bytes
gordian is offline   Reply With Quote
Old 05-17-2009   #2
Senior Security Analyst
 
Pancake's Avatar
 
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 8,310
PC Experience: Elite PC Guru
Default Re: Spyware Protect 2009
Download the program HostsXpert
Unzip HostsXpert.zip
It will create a folder named HostsXpert in whatever folder you extract it to.
Run HostsXpert.exe by double clicking on it.
Click the Make Writeable? button.
Click Restore Microsoft's Hosts File and then click OK.
Click the X to exit the program


=======================================

I need a more detailed look at your files.

Download OTListIt by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTListIt2.exe

Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
It will produce two logs for you, one will pop up called OTListIt.txt, the other will be saved on your desktop and called Extras.txt.
Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
Exit OTListIt2 by clicking the X at top right.
=
Reply back with copy of the Report.txt from above,
OTListIt.txt,
Extras.txt,
Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You'll likely have to do more than 1 reply.
__________________
  • An Australian Member of
My real name is Eddy
Last edited by Pancake; 05-17-2009 at 05:57 AM.
Pancake is offline   Reply With Quote
Old 05-17-2009   #3
Bronze Member
 
Join Date: Jan 2009
Posts: 49
PC Experience: Some Experience
Default Re: Spyware Protect 2009
Thanks a ton for the help.

OTListIt:
OTListIt logfile created on: 5/17/2009 2:02:18 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 15.64 Gb Free Space | 62.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 182.88 Gb Total Space | 5.14 Gb Free Space | 2.81% Space Free | Partition Type: NTFS

Computer Name: SILB3R
Current User Name: Michael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/07/25 17:29:38 | 00,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/07/25 17:41:42 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2008/11/10 06:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007/05/22 16:35:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/02/15 14:45:36 | 00,707,344 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
PRC - [2007/02/22 16:33:06 | 00,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe
PRC - [2007/07/25 17:22:44 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/05/06 18:11:36 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\STacSV.exe
PRC - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2007/07/25 17:32:34 | 00,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/07/25 17:32:50 | 00,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2007/07/25 17:30:36 | 00,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2007/04/27 17:10:10 | 00,851,968 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/06/11 02:01:00 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM04Mon.exe
PRC - [2007/05/06 18:10:52 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/04/16 23:55:00 | 00,053,776 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\psqltray.exe
PRC - [2007/02/13 14:29:00 | 00,035,328 | ---- | M] () -- X:\Winamp 5.33\winampa.exe
PRC - [2008/11/10 06:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2004/08/12 15:55:00 | 00,192,512 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
PRC - [2006/10/23 00:24:02 | 00,620,152 | ---- | M] (Adobe Systems Inc.) -- X:\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/07/25 17:26:14 | 00,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2008/01/03 19:28:08 | 01,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe
PRC - [2008/11/09 01:27:56 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/11/10 06:43:54 | 00,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/05/17 02:00:45 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/07/25 17:41:42 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/11/09 01:27:56 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/11/12 13:49:48 | 00,077,824 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO. EXE -- (HP Port Resolver [On_Demand | Stopped])
SRV - [2008/11/12 13:49:48 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID. EXE -- (HP Status Server [On_Demand | Stopped])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/11/10 06:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2007/05/22 16:35:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/02/15 14:45:36 | 00,707,344 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/02/22 16:33:06 | 00,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster [Auto | Running])
SRV - [2007/07/25 17:22:44 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2007/07/25 17:29:38 | 00,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2007/05/06 18:11:36 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2007/07/25 17:32:34 | 00,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/11/02 03:03:49 | 00,021,393 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2007/02/27 11:21:00 | 00,160,256 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2006/05/24 19:01:22 | 00,030,285 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btwmodem.sys -- (btwmodem [On_Demand | Stopped])
DRV - [2009/01/14 19:45:56 | 00,002,204 | ---- | M] () -- C:\WINDOWS\cfyzonzq -- (cfyzonzq [Boot | Stopped])
DRV - [2008/04/13 22:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/02/12 13:36:54 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2007/08/08 09:17:54 | 02,211,456 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\NETw4x32.sys -- (NETw4x32 [On_Demand | Stopped])
DRV - [2008/08/29 00:34:30 | 03,632,384 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\NETw5x32.sys -- (NETw5x32 [On_Demand | Running])
DRV - [2007/05/22 16:35:00 | 06,346,688 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2007/06/08 02:00:00 | 00,141,376 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\Drivers\OEM04Afx.sys -- (OEM04Afx [On_Demand | Stopped])
DRV - [2007/03/05 19:45:00 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\system32\DRIVERS\OEM04Vfx.sys -- (OEM04Vfx [On_Demand | Running])
DRV - [2007/05/07 02:00:00 | 00,234,560 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\OEM04Vid.sys -- (OEM04Vid [On_Demand | Running])
DRV - [2008/11/16 16:04:26 | 00,016,694 | ---- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/11/15 01:16:24 | 00,032,256 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])
DRV - [2006/11/14 20:42:46 | 00,043,520 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys -- (rimsptsk [Auto | Running])
DRV - [2007/01/18 11:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Stopped])
DRV - [2006/11/14 18:35:20 | 00,037,376 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys -- (rismxdp [Auto | Running])
DRV - [2004/08/04 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2007/05/29 16:29:30 | 00,012,416 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2008/04/13 22:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/05/06 18:12:00 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2007/04/27 16:37:24 | 00,202,912 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2007/04/16 23:44:34 | 00,046,992 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\System32\Drivers\tcusb.sys -- (TcUsb [On_Demand | Running])
DRV - [2009/01/04 04:11:13 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Live Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webmail.law.miami.edu/exchange
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun. com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/11/09 02:09:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/17 01:14:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/02 22:16:52 | 00,000,000 | ---D | M]

[2008/11/02 03:02:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\mozilla\Firefox\Profiles\2z1383qk.default\ext ensions
[2009/05/17 01:14:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/12/20 22:43:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/09 02:09:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/04 00:34:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2008/11/02 03:02:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2008/12/20 22:43:22 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/12/20 22:43:22 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/12/20 22:43:22 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2007/04/17 00:10:32 | 00,539,136 | ---- | M] (UPEK Inc.) -- C:\Program Files\mozilla firefox\components\pbgk1_8.dll
[2008/12/20 22:43:22 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/12/20 22:43:22 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2008/08/29 13:37:52 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/08/29 13:37:52 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/08/29 13:37:52 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/08/29 13:37:52 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/08/29 13:37:52 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/08/29 13:37:52 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (698 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (CitiUSBrowserHelper Class) - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (BHO) - {BBD4551A-9B23-41cd-9BCD-818AA2DA7B63} - C:\WINDOWS\system32\iehelper.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - X:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - X:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "X:\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent File not found
O4 - HKLM..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit File not found
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [OEM04Mon.exe] C:\WINDOWS\OEM04Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup (UPEK Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinampAgent] "X:\Winamp 5.33\winampa.exe" ()
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = X:\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\Michael\Start Menu\Programs\Startup\palmOne Registration.lnk = C:\Program Files\palmOne\register.exe (palmOne/Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - res://X:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - res://X:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - res://X:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://X:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - res://X:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - res://X:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - res://X:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://X:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1239821979953 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.na.blackberry.com/html/w...s/TOImport.cab (TeamOn Import Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe [FILE handle not seen by OS]
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/02 02:26:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{baf9f96b-b76a-11dd-b7b4-001c26f54ed6}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{baf9f96b-b76a-11dd-b7b4-001c26f54ed6}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/17 02:02:07 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\yalarabu
[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\vezovafe
[2009/05/17 02:00:42 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTListIt2.exe
[2009/05/17 01:59:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\HostsXpert
[2009/05/17 01:59:33 | 00,353,485 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\HostsXpert.zip
[2009/05/17 01:55:16 | 00,002,069 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/05/17 01:55:16 | 00,001,556 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
[2009/05/17 01:55:16 | 00,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2009/05/17 01:55:16 | 00,001,496 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2009/05/17 01:55:16 | 00,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2009/05/17 01:55:16 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\Michael\Start Menu\Programs\Startup\palmOne Registration.lnk
[2009/05/17 01:40:36 | 06,367,264 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\SUPERAntiSpyware.exe
[2009/05/17 01:19:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/05/17 01:03:53 | 02,967,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael\Desktop\mbam-setup.exe
[2009/05/17 00:47:59 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\iehelper.dll
[2009/05/13 14:21:15 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/05/09 00:20:29 | 00,431,711 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\pizza.jpg
[2009/05/09 00:19:35 | 01,070,018 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\IMG_0229.JPG
[2009/05/08 14:38:38 | 25,662,2592 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\condom.avi
[2009/05/07 10:04:16 | 00,381,952 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\~FINAL SUBCRIM OUTLINE.doc
[2009/05/05 11:39:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\InstAviTricksPro
[2009/05/05 11:35:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\VirtualDub-1.8.8
[2009/05/05 11:17:00 | 10,172,416 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\bttf2.avi
[2009/05/05 08:22:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\Lists
[2009/05/03 21:36:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\WinRAR
[2009/05/01 23:18:09 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/01 22:57:16 | 00,137,954 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\qw1189.pdf
[2009/04/30 15:00:17 | 00,075,773 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\pullsforcombat.pdf
[2009/04/29 23:09:18 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Samoset.doc
[2009/04/29 16:52:07 | 15,308,2880 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\One down.avi
[2009/04/29 10:57:28 | 13,500,0064 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Post Call.avi
[2009/04/28 17:03:14 | 00,051,750 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\AMAZON.pdf
[2009/04/27 20:57:31 | 00,594,190 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Yeeeeaaaahh.wmv
[2009/04/27 01:40:54 | 05,241,344 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Video004.avi
[2009/04/26 15:00:08 | 00,001,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SofTest.lnk
[2009/04/25 00:24:49 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/25 00:24:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\skypePM
[2009/04/25 00:23:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Skype
[2009/04/25 00:23:12 | 00,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/04/25 00:23:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/04/25 00:23:10 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/04/25 00:23:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/04/24 19:02:16 | 00,243,511 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\IMG_0228.JPG
[2009/04/23 10:39:20 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\hypo.doc
[2009/04/21 22:01:27 | 00,000,934 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1482476501-1417001333-1003.job
[2009/04/20 21:17:42 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\FlaApp_outline1.doc
[2009/04/20 19:58:37 | 00,069,632 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\traffic.doc
[2009/04/20 19:30:02 | 00,600,974 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Traffic.pdf
[2009/04/19 02:22:41 | 00,123,238 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Borat-movie-08.jpg
[2009/04/18 12:09:28 | 00,040,248 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\largecap_10_2007.pdf
[2009/04/18 12:09:24 | 00,127,342 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Approved%20Firearms%20Ros ter%2004-2009.pdf
[2009/04/17 12:12:32 | 00,014,640 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Criminal_Justice_Proceedi ng_Observation.pdf
[2009/04/17 12:00:50 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Criminal_Justice_Proceedi ng_Observation.doc
[2009/02/13 17:15:53 | 00,544,256 | ---- | C] () -- C:\WINDOWS\System32\janGraphics.dll
[2009/01/05 15:18:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/11/12 13:44:25 | 00,000,187 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/11/02 03:50:29 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/02 02:52:31 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/02 02:35:35 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/11/02 02:21:51 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/11/02 02:21:51 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/11/02 02:21:50 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/11/02 02:21:49 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/08/10 11:56:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ESxUtil.dll
[2004/08/04 08:00:00 | 00,000,700 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/11/18 01:00:00 | 00,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[1996/11/18 01:00:00 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2sodbc.dll
[1996/11/18 01:00:00 | 00,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[1996/11/18 01:00:00 | 00,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[1996/11/18 01:00:00 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2bbnd.dll
[1996/11/18 01:00:00 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[1996/05/25 17:00:00 | 00,107,008 | ---- | C] () -- C:\WINDOWS\System32\fxtls432.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/17 02:01:01 | 00,471,326 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/17 02:01:01 | 00,401,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/17 02:01:01 | 00,062,746 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/17 02:00:45 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTListIt2.exe
[2009/05/17 01:59:30 | 00,353,485 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\HostsXpert.zip
[2009/05/17 01:56:46 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\Michael\Start Menu\Programs\Startup\palmOne Registration.lnk
[2009/05/17 01:56:34 | 00,002,069 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/05/17 01:56:30 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/17 01:56:23 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Michael\Local Settings\desktop.ini
[2009/05/17 01:56:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/17 01:56:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/17 01:56:09 | 00,080,025 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2009/05/17 01:55:21 | 00,000,700 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/17 01:55:21 | 00,000,281 | -HS- | M] () -- C:\boot.ini
[2009/05/17 01:55:21 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/17 01:41:47 | 06,367,264 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\SUPERAntiSpyware.exe
[2009/05/17 01:32:17 | 02,988,937 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2009/05/17 01:03:59 | 02,967,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael\Desktop\mbam-setup.exe
[2009/05/17 00:59:11 | 00,010,752 | ---- | M] () -- C:\WINDOWS\System32\iehelper.dll
[2009/05/17 00:47:24 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/17 00:00:14 | 00,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1482476501-1417001333-1003.job
[2009/05/16 18:49:05 | 00,000,187 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/05/13 14:25:03 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/05/09 18:23:03 | 00,116,736 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\training.xls
[2009/05/09 00:20:31 | 00,431,711 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\pizza.jpg
[2009/05/08 23:19:36 | 01,070,018 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\IMG_0229.JPG
[2009/05/08 14:40:40 | 25,662,2592 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\condom.avi
[2009/05/08 11:39:43 | 00,104,616 | ---- | M] () -- C:\WINDOWS\jgzr.dat
[2009/05/07 10:04:14 | 00,381,952 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\~FINAL SUBCRIM OUTLINE.doc
[2009/05/06 06:52:52 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Samoset.doc
[2009/05/05 11:17:08 | 10,172,416 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\bttf2.avi
[2009/05/01 22:57:22 | 00,137,954 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\qw1189.pdf
[2009/04/30 15:00:17 | 00,075,773 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\pullsforcombat.pdf
[2009/04/29 17:05:59 | 15,308,2880 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\One down.avi
[2009/04/29 11:11:44 | 13,500,0064 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Post Call.avi
[2009/04/28 17:03:14 | 00,051,750 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\AMAZON.pdf
[2009/04/27 21:36:02 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/04/27 20:57:35 | 00,594,190 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Yeeeeaaaahh.wmv
[2009/04/27 01:41:01 | 05,241,344 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Video004.avi
[2009/04/26 15:00:08 | 00,001,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SofTest.lnk
[2009/04/25 00:24:49 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/24 20:08:20 | 00,243,511 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\IMG_0228.JPG
[2009/04/23 14:53:16 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\hypo.doc
[2009/04/21 09:53:50 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\FlaApp_outline1.doc
[2009/04/20 20:01:55 | 00,069,632 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\traffic.doc
[2009/04/20 19:30:02 | 00,600,974 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Traffic.pdf
[2009/04/19 02:23:20 | 00,123,238 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Borat-movie-08.jpg
[2009/04/18 12:09:28 | 00,040,248 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\largecap_10_2007.pdf
[2009/04/18 12:09:24 | 00,127,342 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Approved%20Firearms%20Ros ter%2004-2009.pdf
[2009/04/17 12:12:32 | 00,014,640 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Criminal_Justice_Proceedi ng_Observation.pdf
[2009/04/17 12:11:20 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Criminal_Justice_Proceedi ng_Observation.doc

========== LOP Check ==========

[2009/04/25 00:23:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/11/09 01:27:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/11/16 23:45:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/11/02 02:29:29 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/05/08 11:40:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Examsoft
[2009/04/09 09:56:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2008/11/09 01:27:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/04/02 13:47:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/11/12 13:43:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2008/11/16 16:05:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2008/11/02 03:03:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/01/04 04:24:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/30 17:21:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/04/25 00:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2008/11/02 02:25:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2008/11/16 15:56:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/05/03 21:36:44 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Michael\Application Data
[2008/11/09 01:28:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Adobe
[2009/01/31 03:17:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Arcsoft
[2009/02/01 20:01:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Canon
[2009/02/02 09:03:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\fhnetwork.com
[2008/11/14 00:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Help
[2008/11/16 16:04:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\HotSync
[2008/11/02 02:30:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Identities
[2008/11/02 03:03:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Intel
[2008/11/16 16:05:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Leadertech
[2008/11/02 04:47:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Macromedia
[2009/01/04 04:25:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Malwarebytes
[2008/11/02 03:22:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Media Player Classic
[2008/11/16 16:04:53 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Michael\Application Data\Microsoft
[2009/04/21 22:01:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla
[2009/02/18 00:44:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Publish Providers
[2009/01/08 00:12:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\RIM Palm&PPC Upgrade Wizard
[2009/04/27 21:37:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Skype
[2009/04/27 21:05:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\skypePM
[2009/02/18 00:41:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Sony
[2009/02/17 09:44:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Sony Setup
[2008/11/09 02:09:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Sun
[2008/11/09 02:10:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\SystemRequirementsLab
[2009/01/25 23:56:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\vlc
[2009/05/03 21:36:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\WinRAR
[2004/08/04 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/05/17 00:00:14 | 00,000,934 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1482476501-1417001333-1003.job
[2009/05/17 01:56:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >
gordian is offline   Reply With Quote
Old 05-17-2009   #4
Bronze Member
 
Join Date: Jan 2009
Posts: 49
PC Experience: Some Experience
Default Re: Spyware Protect 2009
And here's Extras:
OTListIt Extras logfile created on: 5/17/2009 2:02:18 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 15.64 Gb Free Space | 62.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 182.88 Gb Total Space | 5.14 Gb Free Space | 2.81% Space Free | Partition Type: NTFS

Computer Name: SILB3R
Current User Name: Michael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List
"113:TCP" = 113:TCP:*:Enabled:Ident
"113:UDP" = 113:UDP:*:Enabled:Ident
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/02/22 16:33:06 | 00,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabled:Ph aros Com Task Master
[2009/04/09 09:57:33 | 04,038,656 | ---- | M] (IniCom Networks, Inc.) -- C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/03/28 02:02:24 | 01,949,696 | ---- | M] (mIRC Co. Ltd.) -- X:\mIRC\mirc.exe:*:Enabled:mIRC
[2001/02/01 14:53:58 | 00,024,576 | ---- | M] (America Online, Inc.) -- X:\AIM 4.4\aim.exe:*:Enabled:AOL Instant Messenger (SM)
File not found -- C:\Program Files\ExamSoft\SoftLnch.exe:*:Enabled:SofLaunch

File not found -- C:\Program Files\ExamSoft\SofTest.exe:*:Enabled:SofTest

[2007/02/22 16:33:06 | 00,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabled:Ph aros Com Task Master
[2009/01/20 10:29:15 | 00,319,488 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Michael\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\octosh...bled:Octoshape add-in for Adobe Flash Player
[2009/04/09 09:57:33 | 04,038,656 | ---- | M] (IniCom Networks, Inc.) -- C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
[2009/03/24 18:33:40 | 03,985,104 | ---- | M] (Google) -- C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin
[2009/03/24 17:55:30 | 00,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin
[2009/04/16 13:36:36 | 24,264,488 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 11
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{5012BC0C-7E1A-329A-8F02-B6846070C5F8}" = Google Talk Plugin
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8AAE5284-700D-4AB0-B0FB-57B5C8A7D93B}" = SplashMoney
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA51496-49D4-4FBF-9866-A2E2F40FAC7A}" = Sony Sound Forge 9.0
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D9749502-5039-4107-9CBA-968F9816D979}" = SofTest
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AviTricks Pro_is1" = AviTricks Pro version 3.10
"C2B1D8EA078A4E96218930E83D0EAC2D29D31968" = Windows Driver Package - Broadcom Bluetooth (02/24/2004 5.1.2535.0)
"CalorieKing Nutrition and Exercise Manager" = CalorieKing Nutrition and Exercise Manager (remove only)
"Citi Virtual Account Numbers" = Citi Virtual Account Numbers
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"Creative OEM004" = Laptop Integrated Webcam Driver (1.01.01.0612)
"GSpot" = GSpot Codec Information Appliance
"HijackThis" = HijackThis 2.0.2
"hkSFV" = hkSFV (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"mIRC" = mIRC
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NVIDIA Drivers" = NVIDIA Drivers
"Pharos" = Pharos
"ProInst" = Intel(R) PROSet/Wireless Software
"QuickPar" = QuickPar 0.9
"QuicktimeAlt_is1" = QuickTime Alternative 2.8.0
"Sanse Playlister_is1" = Sanse Playlister Ver1.4
"SynTPDeinstKey" = Dell Touchpad
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 0.9.8a
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"WinImage" = WinImage

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 5/17/2009 1:22:43 AM | Computer Name = SILB3R | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/17/2009 1:22:47 AM | Computer Name = SILB3R | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/17/2009 1:22:49 AM | Computer Name = SILB3R | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/17/2009 1:22:53 AM | Computer Name = SILB3R | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/17/2009 1:24:01 AM | Computer Name = SILB3R | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/17/2009 1:26:10 AM | Computer Name = SILB3R | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/17/2009 1:28:14 AM | Computer Name = SILB3R | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cfyzonzq

Error - 5/17/2009 1:28:29 AM | Computer Name = SILB3R | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/17/2009 1:29:30 AM | Computer Name = SILB3R | Source = Service Control Manager | ID = 7034
Description = The Windows User Mode Driver Framework service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/17/2009 1:58:01 AM | Computer Name = SILB3R | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cfyzonzq


< End of report >
gordian is offline   Reply With Quote
Old 05-17-2009   #5
Bronze Member
 
Join Date: Jan 2009
Posts: 49
PC Experience: Some Experience
Default Re: Spyware Protect 2009
Whatever I've acquired is quite aggressive--I now appear to be unable to access My Computer or any folders. When I attempt to access My Computer or any folders my PC appears to freeze, although I'm able to initially move the mouse. After I click the cursor around several times I hear the internal speaker being to beep each time I click and then things freeze entirely and I'm forced to do a hard reboot. Yikes!
gordian is offline   Reply With Quote
Old 05-17-2009   #6
Senior Security Analyst
 
Pancake's Avatar
 
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 8,310
PC Experience: Elite PC Guru
Default Re: Spyware Protect 2009
Download OTMoveIt3 http://oldtimer.geekstogo.com/OTMoveIt3.exe
Go to the location where you saved OTMoveIT2 and double click it. (If you're using Vista, right click on it and choose Run as Administrator).
Copy all the information found below. Highlight all of it, right click it and choose Copy.

Code:
:Processes
explorer.exe

:files
C:\WINDOWS\system32\sdra64.exe 
 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

============================

Ok.We need to download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please download from one of these webpages .
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.
Double-click on ComboFix.exe & follow the prompts.
If it will not run rename Combofix to xxx.exe and run that.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt and a new HJT log in your next reply.
__________________
  • An Australian Member of
My real name is Eddy
Pancake is offline   Reply With Quote
Old 05-17-2009   #7
Bronze Member
 
Join Date: Jan 2009
Posts: 49
PC Experience: Some Experience
Default Re: Spyware Protect 2009
OTMoveIt3 log:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\sdra64.exe not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\2z1383qk.default\Cac he\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\2z1383qk.default\Cac he\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\2z1383qk.default\Cac he\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\2z1383qk.default\Cac he\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\2z1383qk.default\XUL .mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05172009_024142

Files moved on Reboot...
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\2z1383qk.default\Cac he\_CACHE_001_ moved successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\2z1383qk.default\Cac he\_CACHE_002_ moved successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\2z1383qk.default\Cac he\_CACHE_003_ moved successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\2z1383qk.default\Cac he\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\2z1383qk.default\XUL .mfl moved successfully.
gordian is offline   Reply With Quote

Reply
Page 1 of 3 1 23

Bookmarks

Tags
2009, protect, spyware
Similar discussions...
Thread Thread Starter Forum Replies Last Post
Infected with Spyware Protect 2009 FAVEHOUR [Fixed] Hijackthis! Logs 44 04-24-2009 02:04 PM
Pending: Spyware Protect 2009 agradziel [Pending] HJT Logs 3 04-15-2009 02:49 AM
INFECTION: Anti Spyware Master/Antivirus 2009 rustydusty10 [Pending] HJT Logs 8 04-02-2009 11:46 PM
Solved: This all started because of Spyware Protect spfudurich2 [Fixed] Hijackthis! Logs 1 03-04-2009 02:03 AM
Pending: Malware - Spyware Protect 2009 toribum Windows XP/2000 2 02-12-2009 05:56 PM

« Unable to get rid of Win32.Virut Virus | Open Internet Explorer 7, computer freezes »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On


Site Map - Top

All times are GMT. The time now is 08:22 AM.
Powered by vBulletin
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2