Free Malware Removal Forum

[Carolyn]

I should see iexplore.exe in the running processes section of that log, but I do not. Did you have Internet Explorer open when you ran HijackThis?

[mrdahut]

sorry ok now i had it showing

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:23 PM, on 7/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://npr.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6. ... ontrol.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4506 bytes

[Carolyn]

Hi,

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
   
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
   
3. When the downloads have finished, click on Settings.
   
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
   
6. Once the scan is complete, it will display the results. Click on View Scan Report.
   
7. You will see a list of infected items there. Click on Save Report As....
   
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
   
9. Please post this log in your next reply along with a fresh OTL log.

[mrdahut]

ok here are otl and kasper logs

OTL logfile created on: 7/26/2009 1:26:56 PM - Run 6
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Documents and Settings\S\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 119.68 Gb Free Space | 80.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOX1
Current User Name: S
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (Agere Systems)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Documents and Settings\S\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AgereModemAudio [Auto | Running]) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (Agere Systems)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Disabled | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (AmdPPM [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AmdPPM.sys (Advanced Micro Devices)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (P17 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://npr.org/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/13 20:38:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/06 19:59:30 | 00,000,000 | ---D | M]


O1 HOSTS File: (316785 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10870 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.6. ... ontrol.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/28 17:20:33 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{96be4eaa-1cb5-11de-8602-00161757f548}\Shell - "" = AutoRun
O33 - MountPoints2\{96be4eaa-1cb5-11de-8602-00161757f548}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{96be4eaa-1cb5-11de-8602-00161757f548}\Shell\AutoRun\command - "" = H:\Imageviewer.exe -- File not found
O33 - MountPoints2\{de594140-36b7-11de-864b-00161757f548}\Shell\AutoRun\command - "" = J:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/07/26 13:26:31 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\S\Desktop\OTL.exe
[2009/07/25 20:04:32 | 00,099,415 | ---- | C] () -- C:\Documents and Settings\S\Desktop\1248565060595.jpg
[2009/07/25 19:44:28 | 00,020,280 | ---- | C] () -- C:\Documents and Settings\S\Desktop\trip.pdf
[2009/07/25 11:05:45 | 00,618,054 | ---- | C] () -- C:\Documents and Settings\S\Desktop\iho[.bmp
[2009/07/23 15:26:44 | 00,265,972 | ---- | C] () -- C:\Documents and Settings\S\Desktop\1248377109915.jpg
[2009/07/23 15:22:17 | 00,047,420 | ---- | C] () -- C:\Documents and Settings\S\Desktop\1248374271624.jpg
[2009/07/21 00:39:03 | 00,036,636 | ---- | C] () -- C:\Documents and Settings\S\Desktop\becca.jpg
[2009/07/20 19:38:38 | 00,033,419 | ---- | C] () -- C:\Documents and Settings\S\Desktop\n1652565602_68058_663.jpg
[2009/07/20 14:19:40 | 00,111,096 | ---- | C] () -- C:\Documents and Settings\S\Desktop\124641231141.jpg
[2009/07/18 01:17:51 | 00,033,232 | ---- | C] () -- C:\Documents and Settings\S\Desktop\124783187878.jpg
[2009/07/16 01:35:43 | 00,187,772 | ---- | C] () -- C:\Documents and Settings\S\My Documents\4170212262_1.pdf
[2009/07/15 18:40:01 | 00,572,742 | ---- | C] () -- C:\Documents and Settings\S\Desktop\;lp;;;.bmp
[2009/07/15 18:36:59 | 00,724,726 | ---- | C] () -- C:\Documents and Settings\S\Desktop\untitled.bmp
[2009/07/15 00:36:05 | 00,000,265 | ---- | C] () -- C:\Documents and Settings\S\Desktop\PEnnsylvania 6-5000 - Wikipedia, the free encyclopedia.url
[2009/07/14 12:23:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\S\Application Data\Yahoo!
[2009/07/14 11:18:14 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/07/14 10:51:28 | 00,078,767 | ---- | C] () -- C:\Documents and Settings\S\Desktop\1247581431522.jpg
[2009/07/12 02:55:37 | 00,078,054 | ---- | C] () -- C:\Documents and Settings\S\Desktop\124708294188.jpg
[2009/07/11 13:38:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\S\Desktop\tech
[2009/07/11 11:10:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\S\Application Data\Malwarebytes
[2009/07/11 11:09:58 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/11 11:09:57 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/11 11:09:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/11 11:09:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/11 01:31:31 | 62,041,882 | ---- | C] () -- C:\Documents and Settings\S\My Documents\callie.avi
[2009/07/07 22:23:47 | 00,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2009/07/07 10:23:01 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/07/06 19:59:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/07/06 19:58:59 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/07/06 19:58:53 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/07/06 19:58:32 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/07/06 19:58:32 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/07/06 19:58:32 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/07/06 19:58:32 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/07/06 19:58:32 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/07/06 19:58:32 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/07/06 19:58:32 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/07/06 19:58:32 | 00,000,000 | ---D | C] -- C:\6ce2d1c384b94c775c57961c17
[2009/07/06 19:58:03 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/07/06 19:57:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/07/05 20:52:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\S\Application Data\GARMIN
[2009/07/05 20:05:54 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/07/05 19:52:52 | 00,000,214 | ---- | C] () -- C:\Documents and Settings\S\Desktop\FlightAware - Free Flight Tracker - IFR Flight Status, Tracking, History, Maps.url
[2009/07/05 19:22:06 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/05 19:06:22 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared HiJackFree
[2009/05/04 21:06:23 | 00,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/03 12:18:04 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/02/28 19:51:07 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/18 00:55:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/18 00:55:00 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/09/18 00:55:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/18 00:55:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/18 00:55:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/28 08:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/05/03 12:38:42 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2003/10/02 11:48:18 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2002/04/11 02:41:06 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/07/26 13:26:33 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S\Desktop\OTL.exe
[2009/07/26 13:24:24 | 00,207,933 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/07/26 13:24:20 | 00,013,702 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/26 13:24:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/26 13:24:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/26 11:53:03 | 00,000,433 | ---- | M] () -- C:\Documents and Settings\S\Desktop\Evony-Free forever.url
[2009/07/25 20:01:04 | 00,099,415 | ---- | M] () -- C:\Documents and Settings\S\Desktop\1248565060595.jpg
[2009/07/25 19:44:29 | 00,020,280 | ---- | M] () -- C:\Documents and Settings\S\Desktop\trip.pdf
[2009/07/25 11:05:45 | 00,618,054 | ---- | M] () -- C:\Documents and Settings\S\Desktop\iho[.bmp
[2009/07/23 15:25:44 | 00,265,972 | ---- | M] () -- C:\Documents and Settings\S\Desktop\1248377109915.jpg
[2009/07/23 15:21:32 | 00,047,420 | ---- | M] () -- C:\Documents and Settings\S\Desktop\1248374271624.jpg
[2009/07/21 00:38:50 | 00,036,636 | ---- | M] () -- C:\Documents and Settings\S\Desktop\becca.jpg
[2009/07/20 19:38:29 | 00,033,419 | ---- | M] () -- C:\Documents and Settings\S\Desktop\n1652565602_68058_663.jpg
[2009/07/20 14:19:31 | 00,111,096 | ---- | M] () -- C:\Documents and Settings\S\Desktop\124641231141.jpg
[2009/07/18 01:17:09 | 00,033,232 | ---- | M] () -- C:\Documents and Settings\S\Desktop\124783187878.jpg
[2009/07/17 04:12:08 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\S\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/16 01:35:43 | 00,187,772 | ---- | M] () -- C:\Documents and Settings\S\My Documents\4170212262_1.pdf
[2009/07/15 18:40:01 | 00,572,742 | ---- | M] () -- C:\Documents and Settings\S\Desktop\;lp;;;.bmp
[2009/07/15 18:36:59 | 00,724,726 | ---- | M] () -- C:\Documents and Settings\S\Desktop\untitled.bmp
[2009/07/15 00:36:05 | 00,000,265 | ---- | M] () -- C:\Documents and Settings\S\Desktop\PEnnsylvania 6-5000 - Wikipedia, the free encyclopedia.url
[2009/07/14 10:50:18 | 00,078,767 | ---- | M] () -- C:\Documents and Settings\S\Desktop\1247581431522.jpg
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/12 02:55:14 | 00,078,054 | ---- | M] () -- C:\Documents and Settings\S\Desktop\124708294188.jpg
[2009/07/11 16:54:45 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/07/11 13:46:02 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/11 13:46:02 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/11 13:46:02 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/07/11 01:50:22 | 06,380,392 | -H-- | M] () -- C:\Documents and Settings\S\Local Settings\Application Data\IconCache.db
[2009/07/11 01:31:34 | 62,041,882 | ---- | M] () -- C:\Documents and Settings\S\My Documents\callie.avi
[2009/07/10 18:28:07 | 00,088,760 | ---- | M] () -- C:\Documents and Settings\S\My Documents\0312092343-00.3gp
[2009/07/07 22:24:18 | 00,001,394 | -H-- | M] () -- C:\IPH.PH
[2009/07/07 22:23:46 | 00,001,634 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2009/07/07 11:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/06 22:45:18 | 00,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/06 20:01:12 | 00,488,794 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/06 20:01:12 | 00,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/06 20:01:12 | 00,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/05 20:32:38 | 00,000,214 | ---- | M] () -- C:\Documents and Settings\S\Desktop\FlightAware - Free Flight Tracker - IFR Flight Status, Tracking, History, Maps.url
[2009/07/05 20:10:28 | 00,316,785 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
< End of report >
********************************************************************************************************************************************

OTL Extras logfile created on: 7/26/2009 1:26:57 PM - Run 6
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Documents and Settings\S\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 119.68 Gb Free Space | 80.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOX1
Current User Name: S
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AIM_6" = AIM 6
"a-squared HiJackFree_is1" = a-squared HiJackFree 3.1
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"CurseClient" = Curse Client
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"Windows XP Service Pack" = Windows XP Service Pack 3
"World of Warcraft" = World of Warcraft

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 7/26/2009 12:01:42 AM | Computer Name = BOX1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 7/26/2009 12:01:43 AM | Computer Name = BOX1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 7/26/2009 12:01:48 AM | Computer Name = BOX1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 7/26/2009 12:04:37 AM | Computer Name = BOX1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 7/26/2009 12:04:46 AM | Computer Name = BOX1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 7/26/2009 12:04:55 AM | Computer Name = BOX1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 7/26/2009 12:05:07 AM | Computer Name = BOX1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 7/26/2009 11:13:59 AM | Computer Name = BOX1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 7/26/2009 11:14:00 AM | Computer Name = BOX1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 7/26/2009 11:26:20 AM | Computer Name = BOX1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

[ Application Events ]
Error - 5/10/2009 11:15:21 PM | Computer Name = BOX1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10b.ocx, version 10.0.22.87, fault address 0x0005b398.

Error - 5/18/2009 2:25:27 AM | Computer Name = BOX1 | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.8.1, faulting module libavcodec_plugin.dll,
version 0.0.0.0, fault address 0x00021464.

Error - 5/28/2009 2:53:44 AM | Computer Name = BOX1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/30/2009 5:51:39 PM | Computer Name = BOX1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/11/2009 10:31:59 AM | Computer Name = BOX1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/11/2009 10:32:50 AM | Computer Name = BOX1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/13/2009 8:21:31 PM | Computer Name = BOX1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module acrord32.dll, version 9.1.2.82, fault address 0x0000945b.

Error - 6/30/2009 7:12:04 PM | Computer Name = BOX1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/9/2009 2:11:41 PM | Computer Name = BOX1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/9/2009 2:11:42 PM | Computer Name = BOX1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/8/2009 9:59:54 PM | Computer Name = BOX1 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 7/8/2009 9:59:58 PM | Computer Name = BOX1 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 7/8/2009 10:00:05 PM | Computer Name = BOX1 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 7/11/2009 1:45:23 PM | Computer Name = BOX1 | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 7/11/2009 4:26:16 PM | Computer Name = BOX1 | Source = Service Control Manager | ID = 7034
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/11/2009 5:01:00 PM | Computer Name = BOX1 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 7/11/2009 5:01:07 PM | Computer Name = BOX1 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 7/11/2009 5:01:09 PM | Computer Name = BOX1 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 7/14/2009 5:24:25 PM | Computer Name = BOX1 | Source = Service Control Manager | ID = 7034
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/25/2009 6:16:37 PM | Computer Name = BOX1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.


< End of report >

********************************************************************************************************************************************

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, July 26, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, July 26, 2009 18:42:37
Records in database: 2550825
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 40900
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:29:54

No malware has been detected. The scan area is clean.

The selected area was scanned.

[Carolyn]

Hi,

Your logs show no signs of malware. The computer is clean.

I decided to run HijackThis on my own computer with IE8 running, it too shows two iexplore.exe processes running. So I have to say that the second process is not an issue.


This is my general post for when your logs show no signs of malware - Please let me know if you still are having problems with your computer and what these problems are

CleanUp! with OTL

• Double click OTL.exe to launch the programme.
  
• Click on the CleanUp! button.
• OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• When finished exit out of OTL
• The tool will delete itself once it finishes, if not delete it by yourself.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.


• Clear Infected System Restore Points
  
  • Turn System Restore off
    
  • On the Desktop, right click on the My Computer icon.
    
  • Click Properties.
    
  • Click the System Restore tab.
    
  • Check Turn off System Restore.
    
  • Click Apply, and then click OK.
    Restart your computer
    
    
  • Turn System Restore on
    
  • On the Desktop, right click on the My Computer icon.
    
  • Click Properties.
    
  • Click the System Restore tab.
    
  • Uncheck *Turn off System Restore*.
    
  • Click Apply, and then click OK.
  Note: only do this once,and not on a regular basis
  
  
  
• Set correct settings for files
  
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    
  • Under Hidden files and folders if necessary select Do not show hidden files and folders.
    
  • If unchecked please check Hide protected operating system files (Recommended)
    
  • If necessary check Display content of system folders
    
  • If necessary Uncheck Hide file extensions for known file types.
    
  • Click OK
  
  
  
• Make sure that you keep your antivirus updated
  New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
  Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  
  
• Install and use a firewall with outbound protection
  The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
  Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
  
  
• Security Updates for Windows, Internet Explorer & Microsoft Office
  Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
  Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  
  
• Update Non-Microsoft Programs
  Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
  
  Recommended Programs
  
  I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.
  
  
  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
    
    
  • SpywareBlaster
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
    
    
  • Malwarebytes' Anti-Malware or SuperAntiSpyware
    These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
    You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
    You can download SuperAntiSpyware from HERE.
    
    
  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox
    Opera

Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

[mrdahut]

Thank you greatly . from now on i will assume a second iexplore.exe is normal for ie 8

[Carolyn]

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.