Answers to your tech questions
Computer forums for help with removing malicious software (malware) and improving computer security

Welcome ( Log In | Register )
Easy as 1,2,3!

11 Pages V  < 1 2 3 4 5 > »   
 Reply to this topicStart new topic
>  Malwarebytes not working Plus More, Malwarebytes disabled as well as AVG
oldman960
post Mar 13 2009, 12:38 PM
Post #31


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 3,910
Joined: 27-April 08
Member No.: 78,707
Operating System: win98se, XP pro
Hi Topband,

You may have a conflict between Prevx and Avast. Both are scanning. If you have the free version of Prevx, I suggest you uninstall it. The free version will not remove anything.

Let's try this scanner

(Note: You must use Internet Explorer for this scan.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. We will need this later.
Please post back with the ESET log and a new HJT log.

Thanks
Go to the top of the page
 
+Quote Post
topband
post Mar 13 2009, 01:07 PM
Post #32


Authentic Member
**

Group: Authentic Member
Posts: 80
Joined: 17-August 08
Member No.: 81,037
Operating System: xp pro
Hi OM

As far as the scanner did you mean AVAST ..cuz there was no link after your statment "lets try this scanner"

Thnx

jh
Go to the top of the page
 
+Quote Post
oldman960
post Mar 13 2009, 01:23 PM
Post #33


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 3,910
Joined: 27-April 08
Member No.: 78,707
Operating System: win98se, XP pro
Hi Topband,

My apologies. blush.gif

We'll try this scanner, use the instruction previously posted.

Go here to run an online scannner from ESET:
http://www.eset.eu/online-scanner
Go to the top of the page
 
+Quote Post
oldman960
post Mar 19 2009, 10:28 AM
Post #34


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 3,910
Joined: 27-April 08
Member No.: 78,707
Operating System: win98se, XP pro
Hi Topband,

How are you making out?
Go to the top of the page
 
+Quote Post
topband
post Mar 19 2009, 11:33 AM
Post #35


Authentic Member
**

Group: Authentic Member
Posts: 80
Joined: 17-August 08
Member No.: 81,037
Operating System: xp pro
hi om

i've been busy w/ other things .... sorry for the lapse ... i haven't had time to try the scan ... i have to figure out how to shut off the avast and the firewall and do i shut off the WInows media firewall also ? here is the latest log from HJT and lthnx for continuing your help ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:19 AM, on 3/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Flock\flock.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Picasa3\Picasa3.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop 6.0\Photoshp.exe
C:\Program Files\Common Files\Adobe\Web\AOM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/HP_ADM~1/LOCALS~1/Temp/msohtml1/01/clip_image005.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/HP_ADM~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/HP_ADM~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 6140 bytes
Go to the top of the page
 
+Quote Post
oldman960
post Mar 19 2009, 12:25 PM
Post #36


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 3,910
Joined: 27-April 08
Member No.: 78,707
Operating System: win98se, XP pro
Hi Topband,

You have OnLine Armour for a firewall, so yes turn Windows firewall off.

To pause Avast for the online scan

Right click the "a" icon near the clock
Highlight pause provider and click Standard Shield
Go to the top of the page
 
+Quote Post
oldman960
post Mar 22 2009, 01:31 PM
Post #37


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 3,910
Joined: 27-April 08
Member No.: 78,707
Operating System: win98se, XP pro
Due to inactivity this topic will be closed.
If you need help please start a new thread and post a new HJT log
Go to the top of the page
 
+Quote Post
oldman960
post Apr 3 2009, 06:40 PM
Post #38


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 3,910
Joined: 27-April 08
Member No.: 78,707
Operating System: win98se, XP pro
This topic has been reopened by request of the starter of this topic.

Or it has been moved to the correct forum
Go to the top of the page
 
+Quote Post
topband
post Apr 3 2009, 07:46 PM
Post #39


Authentic Member
**

Group: Authentic Member
Posts: 80
Joined: 17-August 08
Member No.: 81,037
Operating System: xp pro
Hi Om

Thnx for taking this on again ...Here is the Malwarebytes Log:

Malwarebytes' Anti-Malware 1.35
Database version: 1935
Windows 5.1.2600 Service Pack 2

4/3/2009 6:42:27 PM
mbam-log-2009-04-03 (18-42-27).txt

Scan type: Quick Scan
Objects scanned: 65035
Time elapsed: 8 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





AND HERE IS THE HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:00 PM, on 4/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Flock\flock.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181019296906
O20 - AppInit_DLLs: WIKI.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 7437 bytes
Go to the top of the page
 
+Quote Post
oldman960
post Apr 3 2009, 08:15 PM
Post #40


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 3,910
Joined: 27-April 08
Member No.: 78,707
Operating System: win98se, XP pro
Hi Topband,

All I see is a file I can't find much out about.


Open windows explorer (right click the Start button and click Explore)

At the top of windows explorer, click tools, folder options, click the
view tab
  • check Display the contents of system folders
  • check Show hidden files and folders
  • uncheck "Hide extensions for known file types" box
  • uncheck "Hide protecting operating system files" box
Click apply, click ok

At the top of Windows Explorer, click Search

After windows has loaded, please click the start button, highlight search, click For Files and Folders

Click on
  • More advanced options
  • In the top box, copy and paste this filename
    WIKI.DLL
  • Set the Look in: box to Local Hard Drives(x) (x denotes your hard drives)
  • Make sure the Type of file is set to (All Files and folders)
  • Check Search System Files
  • Check Search Hidden Files and Folders
  • Check Search Subfolders
  • Click Search


Please note the location(s) of the file and submit the entire filepath to Virus Scan.

For example c:\windows\system32\WIKI.DLL


We need some file informantion
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Use the browse button to navigate to the file you located during the search
  • click open, the file should now be in the "Suspicious files to scan" box on the top of the page:
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


Please post back with
  • Virus Scan results


Are you experiencing any problems with this machine?

Thanks
Go to the top of the page
 
+Quote Post
topband
post Apr 3 2009, 09:06 PM
Post #41


Authentic Member
**

Group: Authentic Member
Posts: 80
Joined: 17-August 08
Member No.: 81,037
Operating System: xp pro
hi OM

OK i did that procedure twice and rechecked my work and there was NO file that appeared ....

Regarding how the Computer B is running ...there is something on this unit...as i said i did not use it for about a year and then set it up and sometimes it will get a Numerous 'ghost' boxes on internet stuff ...for ex. a internet prompt or window will replicate many times ... but itt's EZ to get rid of w/ task manageer .... also it appears to be a little slow ...and the start up today was unusual and slow .... maybe it was programming the avast and on line armour firewall that i had installed yesterday and it was loading the protocols on restar for those programs ...thats what i can find out now --and remember now) essentially ...somethings here ...but don't know what...and i am assuming it's probably basic cuz it represents the web a year or so ago

thnx john hancock
Go to the top of the page
 
+Quote Post
oldman960
post Apr 3 2009, 11:13 PM
Post #42


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 3,910
Joined: 27-April 08
Member No.: 78,707
Operating System: win98se, XP pro
Hi Topband,

I believe you. I've seen it before where that file shows in an HJT log, but the file itself can't be found.

I'm not sure how much this scan tool will show as the computer hasn't been used in a year, but let's have a look.

Open hijackthis, do a system scan only and checkmark these lines, if present

O20 - AppInit_DLLs: WIKI.DLL

Close ALL other windows/browsers and click Fix Checked. Answer Yes if prompted. Close HJT.





Download OTListIt2 to your desktop.
  • Double click on OTList2.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

No need for a Hijackthis log this time.

Thanks
Go to the top of the page
 
+Quote Post
topband
post Apr 6 2009, 01:11 PM
Post #43


Authentic Member
**

Group: Authentic Member
Posts: 80
Joined: 17-August 08
Member No.: 81,037
Operating System: xp pro
Here is the FIRST OF TWO NOTEPADS that appeared with the OTListit : ( I have sent a Second EMAIL with the Extras.txt )

OTListIt logfile created on: 4/6/2009 12:05:45 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.0 Folder = C:\Documents and Settings\John Hancock\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 135.68 Mb Available Physical Memory | 30.39% Memory free
1.03 Gb Paging File | 0.59 Gb Available in Paging File | 57.12% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.75 Gb Total Space | 6.04 Gb Free Space | 6.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHARITO
Current User Name: John Hancock
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Belkin\F5D9050\Belkinwcui.exe (Belkin)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Tall Emu\Online Armor\oacat.exe (Tall Emu)
PRC - C:\Program Files\Piolet\Piolet.exe (MP2P Technologies.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
PRC - C:\Program Files\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Tall Emu\Online Armor\oahlp.exe (Tall Emu)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Documents and Settings\John Hancock\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (ForcewareWebInterface [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (nSvcIp [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA)
SRV - (nSvcLog [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (OAcat [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe (Tall Emu)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (SvcOnlineArmor [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (GTNDIS5 [On_Demand | Stopped]) -- C:\Program Files\Belkin\F5D9050\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (irsir [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\irsir.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (OADevice [System | Running]) -- C:\WINDOWS\system32\drivers\OADriver.sys (Tall Emu Pty Ltd)
DRV - (OAmon [System | Running]) -- C:\WINDOWS\system32\drivers\OAmon.sys (Tall Emu Pty Ltd)
DRV - (OAnet [System | Running]) -- C:\WINDOWS\system32\drivers\OAnet.sys (Tall Emu Pty Ltd)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RT73 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rt73.sys (Ralink Technology, Corp.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()
DRV - (StreamSurge [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ss.sys (WikiTek Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MOZILLA\FIREFOX EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C} [2007/09/15 12:09:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Components: C:\PROGRAM FILES\FLOCK\COMPONENTS [2009/04/03 10:27:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\PROGRAM FILES\FLOCK\PLUGINS [2009/04/03 10:26:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/03 10:14:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/03 10:27:05 | 00,000,000 | ---D | M]

[2009/04/03 10:27:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\mozilla\Extensions
[2009/04/03 10:27:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2009/04/02 19:48:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\mozilla\Firefox\Profiles\n4xju13y.default\extensions
[2009/04/02 19:39:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\mozilla\Firefox\Profiles\n4xju13y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/02 19:48:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/03 10:14:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/09/15 12:10:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\divx@partners.mozilla.com
[2009/04/03 10:14:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009/04/03 10:13:25 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009/04/03 10:13:26 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009/04/03 10:13:26 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2009/04/03 10:13:34 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2009/04/03 10:13:36 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/04/03 10:14:12 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/03 10:14:12 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/03 10:14:12 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/03 10:14:12 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/03 10:14:12 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/03 10:14:12 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" (Tall Emu)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT (MP2P Technologies.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1181019296906 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\Documents and Settings\John Hancock\Desktop\*.tmp files]
[2009/04/06 11:52:31 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Hancock\Desktop\OTListIt2.exe
[2009/04/04 12:37:16 | 01,335,720 | ---- | C] () -- C:\Documents and Settings\John Hancock\Desktop\Gina's DJ Info from TOP BAND.pdf
[2009/04/04 12:03:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Desktop\New Folder (2)
[2009/04/04 12:02:40 | 02,332,261 | ---- | C] () -- C:\Documents and Settings\John Hancock\Desktop\TOP BAND PLANNING GUIDE 3.JPG
[2009/04/04 12:01:00 | 24,411,712 | ---- | C] () -- C:\Documents and Settings\John Hancock\Desktop\TOP BAND PLANNING GUIDE 3.tif
[2009/04/04 11:54:23 | 01,602,054 | ---- | C] () -- C:\Documents and Settings\John Hancock\Desktop\Gina's DJ Info from TOP BAND.wpd
[2009/04/04 11:51:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\My Documents\HTML
[2009/04/04 11:42:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Desktop\Promo Las Vegas 2008
[2009/04/03 20:18:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Local Settings\Application Data\WMTools Downloaded Files
[2009/04/03 19:31:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Local Settings\Application Data\Identities
[2009/04/03 12:53:26 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\John Hancock\Desktop\HijackThis.lnk
[2009/04/03 12:53:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/03 12:52:48 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\John Hancock\Desktop\HJTInstall.exe
[2009/04/03 12:37:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2009/04/03 12:34:20 | 00,000,000 | ---D | C] -- C:\Program Files\HP
[2009/04/03 12:31:20 | 00,068,300 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2009/04/03 12:31:20 | 00,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2009/04/03 12:29:11 | 00,000,000 | ---D | C] -- C:\Temp
[2009/04/03 10:27:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/03 10:27:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Local Settings\Application Data\Flock
[2009/04/03 10:27:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Application Data\Flock
[2009/04/03 10:27:04 | 00,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Flock.lnk
[2009/04/03 10:26:48 | 00,000,000 | ---D | C] -- C:\Program Files\Flock
[2009/04/02 20:08:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Desktop\Crack Jack
[2009/04/02 19:49:50 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthport.sys
[2009/04/02 19:49:50 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/04/02 19:48:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Application Data\OnlineArmor
[2009/04/02 19:48:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/04/02 19:47:30 | 00,178,376 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2009/04/02 19:47:30 | 00,030,920 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2009/04/02 19:47:30 | 00,028,872 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2009/04/02 19:47:27 | 00,000,000 | ---D | C] -- C:\Program Files\Tall Emu
[2009/04/02 19:45:21 | 13,229,544 | ---- | C] (Tall Emu Pty Ltd ) -- C:\Documents and Settings\John Hancock\Desktop\OA190Free(2).exe
[2009/04/02 19:44:34 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/04/02 19:40:23 | 00,001,172 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2009/04/02 19:27:05 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2009/04/02 19:27:05 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2009/04/02 19:27:01 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/04/02 19:27:01 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2009/04/02 18:44:29 | 13,229,544 | ---- | C] (Tall Emu Pty Ltd ) -- C:\Documents and Settings\John Hancock\Desktop\OA190Free.exe
[2009/04/02 18:37:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Application Data\Malwarebytes
[2009/04/02 18:37:24 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/02 18:37:23 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/02 18:37:19 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/02 18:37:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/02 18:37:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/02 18:36:39 | 02,906,216 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\John Hancock\Desktop\mbam-setup.exe
[2009/04/02 18:34:55 | 00,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/02 18:34:51 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/04/02 18:34:50 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/04/02 18:34:48 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/04/02 18:34:43 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/04/02 18:34:41 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/04/02 18:34:41 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/04/02 18:34:40 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/04/02 18:34:40 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/04/02 18:34:12 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/04/02 18:34:12 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2009/04/02 18:34:12 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/04/02 18:34:03 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/04/02 18:30:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/04/02 18:27:27 | 32,793,088 | ---- | C] () -- C:\Documents and Settings\John Hancock\Desktop\setupeng.exe
[2007/06/04 19:14:03 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\F5D9050.dll
[2007/03/14 16:56:34 | 00,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/03/06 16:00:13 | 00,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007/03/06 15:40:23 | 00,000,908 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2007/03/06 15:39:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AutoRun.INI
[2007/03/06 15:34:27 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/02 19:02:05 | 00,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/03/02 19:01:57 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2005/10/10 06:49:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/10/10 06:49:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/10/10 06:49:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/10/10 06:49:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/10/10 06:49:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/10/10 06:49:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/10/10 06:49:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/04 05:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 05:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\John Hancock\Desktop\*.tmp files]
[2009/04/06 12:02:46 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/06 12:00:45 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/06 12:00:25 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2009/04/06 12:00:04 | 00,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/06 11:59:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/06 11:59:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/06 11:52:35 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Hancock\Desktop\OTListIt2.exe
[2009/04/04 12:37:44 | 01,335,720 | ---- | M] () -- C:\Documents and Settings\John Hancock\Desktop\Gina's DJ Info from TOP BAND.pdf
[2009/04/04 12:37:02 | 01,602,054 | ---- | M] () -- C:\Documents and Settings\John Hancock\Desktop\Gina's DJ Info from TOP BAND.wpd
[2009/04/04 12:02:41 | 02,332,261 | ---- | M] () -- C:\Documents and Settings\John Hancock\Desktop\TOP BAND PLANNING GUIDE 3.JPG
[2009/04/04 12:01:39 | 24,411,712 | ---- | M] () -- C:\Documents and Settings\John Hancock\Desktop\TOP BAND PLANNING GUIDE 3.tif
[2009/04/03 18:43:30 | 00,000,908 | ---- | M] () -- C:\WINDOWS\lrun32.ini
[2009/04/03 16:41:11 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\John Hancock\Desktop\Welcome mercedes.doc
[2009/04/03 12:53:26 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\John Hancock\Desktop\HijackThis.lnk
[2009/04/03 12:52:56 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\John Hancock\Desktop\HJTInstall.exe
[2009/04/03 12:38:58 | 00,068,300 | ---- | M] () -- C:\WINDOWS\hpoins05.dat
[2009/04/03 10:38:17 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/03 10:27:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/04/03 10:27:04 | 00,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Flock.lnk
[2009/04/03 10:06:17 | 00,238,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/03 01:56:08 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/03 01:52:57 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/02 21:03:20 | 00,000,204 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[2009/04/02 19:48:07 | 00,000,044 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx
[2009/04/02 19:45:42 | 13,229,544 | ---- | M] (Tall Emu Pty Ltd ) -- C:\Documents and Settings\John Hancock\Desktop\OA190Free(2).exe
[2009/04/02 19:40:27 | 00,001,172 | ---- | M] () -- C:\WINDOWS\mozver.dat
[2009/04/02 18:44:48 | 13,229,544 | ---- | M] (Tall Emu Pty Ltd ) -- C:\Documents and Settings\John Hancock\Desktop\OA190Free.exe
[2009/04/02 18:37:24 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/02 18:36:41 | 02,906,216 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\John Hancock\Desktop\mbam-setup.exe
[2009/04/02 18:34:55 | 00,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/02 18:34:41 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/02 18:32:19 | 32,793,088 | ---- | M] () -- C:\Documents and Settings\John Hancock\Desktop\setupeng.exe
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== LOP Check ==========

[2009/04/03 12:31:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2007/06/04 18:52:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/03/14 16:31:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2007/09/07 13:23:20 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/04/02 19:26:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/04/02 18:37:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2007/06/05 00:29:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/09/15 12:09:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2009/04/02 19:48:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2007/06/04 21:59:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/03 10:27:23 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\John Hancock\Application Data
[2009/04/02 19:40:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\Adobe
[2007/06/04 18:53:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\AdobeUM
[2007/06/04 15:34:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\Ahead
[2009/04/04 11:51:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\Corel
[2009/04/03 10:27:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\Flock
[2007/06/04 20:52:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\Google
[2007/03/02 18:52:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\Identities
[2007/09/25 13:42:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\Lightscape
[2007/06/04 20:48:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\Macromedia
[2009/04/02 18:37:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\Malwarebytes
[2009/04/03 19:31:27 | 00,000,000 | --SD | M] -- C:\Documents and Settings\John Hancock\Application Data\Microsoft
[2009/04/03 10:27:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\Mozilla
[2009/04/06 12:00:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\OnlineArmor
[2007/06/04 15:32:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\Snapfish
[2007/09/15 12:11:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\Talkback
[2007/06/24 16:19:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\U3
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/06 12:02:46 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/04/06 11:59:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >
Go to the top of the page
 
+Quote Post
topband
post Apr 6 2009, 01:13 PM
Post #44


Authentic Member
**

Group: Authentic Member
Posts: 80
Joined: 17-August 08
Member No.: 81,037
Operating System: xp pro
HERE IS THE EXTRAS SCAN


OTListIt Extras logfile created on: 4/6/2009 12:05:45 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.0 Folder = C:\Documents and Settings\John Hancock\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 135.68 Mb Available Physical Memory | 30.39% Memory free
1.03 Gb Paging File | 0.59 Gb Available in Paging File | 57.12% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.75 Gb Total Space | 6.04 Gb Free Space | 6.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHARITO
Current User Name: John Hancock
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FlockHTML] -- C:\Program Files\Flock\flock.exe (Flock, Inc.)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server (Apache Software Foundation)
C:\Program Files\Piolet\Piolet.exe:*:Enabled:Piolet (MP2P Technologies.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{9922FE96-6803-498D-A6AD-4EB5A3B956A5}" = Belkin Wireless G Plus MIMO USB Network Adapter
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0B295C3-FD3C-11D4-A811-0090279106C3}" = WordPerfect Office 2002
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Illustrator 9.0" = Adobe Illustrator 9.0
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"avast!" = avast! Antivirus
"Flock (2.0.3)" = Flock (2.0.3)
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Press Interactive Training" = Microsoft Interactive Training
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMIX!UninstallKey" = NeroMIX
"NVIDIA Drivers" = NVIDIA Drivers
"OnlineArmor_is1" = Online Armor 3.0
"Piolet" = Piolet 1.9.9
"Piolet Toolbar" = Piolet Toolbar
"TeleKast" = TeleKast 1.0.0.14
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/2/2009 10:04:47 PM | Computer Name = CHARITO | Source = MsiInstaller | ID = 11719
Description = Product: Microsoft Office XP Standard for Students and Teachers --
Error 1719. The Windows Installer Service could not be accessed. This can occur
if you are running Windows in safe mode, or if the Windows Installer is not correctly
installed. Contact your support personnel for assistance.

Error - 4/2/2009 10:04:47 PM | Computer Name = CHARITO | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office XP Standard for Students and Teachers -
Update 'Security Update for Excel 2002 (KB958372): EXCEL' could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 4/3/2009 3:38:46 PM | Computer Name = CHARITO | Source = Application Error | ID = 1000
Description = Faulting application piolet.exe, version 1.9.0.9, faulting module
softwrap.dll, version 0.0.0.0, fault address 0x00064e20.

Error - 4/3/2009 10:17:38 PM | Computer Name = CHARITO | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 10.0.6838.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/3/2009 10:17:39 PM | Computer Name = CHARITO | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 10.0.6838.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/3/2009 10:18:38 PM | Computer Name = CHARITO | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 10.0.6838.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/3/2009 10:18:38 PM | Computer Name = CHARITO | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 10.0.6838.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/4/2009 2:48:03 PM | Computer Name = CHARITO | Source = Application Hang | ID = 1002
Description = Hanging application wpwin10.exe, version 10.0.0.663, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/4/2009 3:31:03 PM | Computer Name = CHARITO | Source = Application Hang | ID = 1002
Description = Hanging application wpwin10.exe, version 10.0.0.663, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/4/2009 4:03:47 PM | Computer Name = CHARITO | Source = Application Hang | ID = 1002
Description = Hanging application Illustrator.exe, version 9.0.128.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/3/2009 1:11:02 PM | Computer Name = CHARITO | Source = Service Control Manager | ID = 7000
Description = The Windows Service Pack Installer update service service failed to
start due to the following error: %%5

Error - 4/3/2009 1:11:02 PM | Computer Name = CHARITO | Source = Service Control Manager | ID = 7000
Description = The Windows Image Acquisition (WIA) service failed to start due to
the following error: %%5

Error - 4/3/2009 1:11:04 PM | Computer Name = CHARITO | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%5

Error - 4/3/2009 1:12:04 PM | Computer Name = CHARITO | Source = Service Control Manager | ID = 7000
Description = The avast! Mail Scanner service failed to start due to the following
error: %%5

Error - 4/3/2009 1:12:04 PM | Computer Name = CHARITO | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 4/3/2009 1:12:07 PM | Computer Name = CHARITO | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%5

Error - 4/3/2009 1:12:08 PM | Computer Name = CHARITO | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 4/3/2009 1:12:10 PM | Computer Name = CHARITO | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%5

Error - 4/3/2009 1:12:13 PM | Computer Name = CHARITO | Source = Service Control Manager | ID = 7000
Description = The avast! Mail Scanner service failed to start due to the following
error: %%5

Error - 4/4/2009 1:46:37 PM | Computer Name = CHARITO | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
Go to the top of the page
 
+Quote Post
oldman960
post Apr 7 2009, 12:35 AM
Post #45


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 3,910
Joined: 27-April 08
Member No.: 78,707
Operating System: win98se, XP pro
Hi Topband,

The OTLisIt2 log doesn't show anything unusal. Since this computer hasn't been used in awhile, our best bet would be an online scan.


Go here to run an online scannner from ESET:
http://www.eset.eu/online-scanner

(Note: You must use Internet Explorer for this scan.)


  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock (see steps below)
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. We will need this later.




Pause Avast during the scan and re-enable after the scan.

To pause AVAST
  • Right click the "a" icon, near the clock
  • Highlight Pause Provider
  • Click Standard Shield
To resume Avast
  • Right click the "a" icon, near the clock
  • Highlight Resume Provider
  • Click Standard Shield




Please post back with the ESET log and a new HJT log.


Thanks
Go to the top of the page
 
+Quote Post
« Next Oldest · Infections Removal · Next Newest »
 

11 Pages V  < 1 2 3 4 5 > » 
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 20th November 2009 - 09:56 PM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
Powered By IP.Board © 2009  IPS, Inc.