WiredWX Hobby Weather ToolsLog in

 


descriptionMalware and Trojan Stuff EmptyMalware and Trojan Stuff

more_horiz
Somehow I've gotten Trojan and Malware stuff on my computer. I ran my anti-virus programs and wasn't able to remove everything and am still having problems. I ran malwarebytes last night and tried to clean it up. Still having issues.

I was finally able to run DDS (I am not able to run OTL). Here's what I got...


DDS (Ver_10-03-17.01) - NTFSx86
Run by mhfonta at 7:57:52.96 on Wed 08/04/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.859 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

============== Running Processes ===============

c:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINNT\system32\svchost -k DcomLaunch
C:\WINNT\system32\svchost -k rpcss
C:\WINNT\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINNT\system32\svchost.exe -k NetworkService
C:\WINNT\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliManager.exe
C:\WINNT\system32\svchost.exe -k LocalService
C:\Program Files\GuardianEdge\GuardianEdge Autologon Client\EAHDCheckSvr.exe
C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EACommunication.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINNT\system32\agrsmsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINNT\system32\NLSSRV32.EXE
C:\Program Files\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
C:\WINNT\system32\Qinst67.exe
C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe
C:\Program Files\Qwest Communications\QSDMServiceSetup\QSDMService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINNT\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\system32\wbem\unsecapp.exe
C:\WINNT\system32\wbem\wmiprvse.exe
C:\WINNT\system32\wbem\wmiprvse.exe
C:\WINNT\System32\alg.exe
C:\WINNT\system32\wbem\wmiprvse.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINNT\system32\wbem\wmiprvse.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\AccelerometerSt.exe
C:\WINNT\system32\igfxsrvc.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\Client Console\EAFRCliStart.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Qwest Communications\Qwest SMS Software Distribution Manager\Vercheck.exe
C:\Program Files\Kontiki\KHost.exe
C:\PROGRA~1\WEBMEE~1\Modules\Launcher\mcLauncher.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINNT\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Citrix\ICA Client\Wfcrun32.exe
C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINNT\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\mhfonta\Desktop\dds.scr
C:\WINNT\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://theq.qwest.net/
uWindow Title = Windows Internet Explorer provided by Qwest Communications
mDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = DENEVJA01;QTDENEVAP06;DENEVMA01;QTDENEVAP01;DENEVMA02;QTDENEVAP02;DENEVMA03;QTDENEVAP03;DENEVMA04;QTDENEVAP04;DENEVMA05;QTDENEVAP05;OMAEVMA01;QTOMAEVAP01;OMAEVMA02;QTOMAEVAP02;OMAEVMA03;QTOMAEVAP03;OMAEVMA04;QTOMAEVAP04;OMAEVMA05;QTOMAEVAP05;OMAEVPFA01;QTOMAEVAP06;
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [MeetingLauncher] "c:\progra~1\webmee~1\modules\launcher\mcLauncher.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [XA5RJ9EADJ] c:\docume~1\mhfonta\locals~1\temp\Bsm.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [Persistence] c:\winnt\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AccelerometerSysTrayApplet] c:\winnt\system32\AccelerometerSt.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [EDFcsn] c:\program files\hewlett-packard\discovery agent\plugins\usage\discfcsn.exe
mRun: [MeetingLauncher] c:\program files\web meeting\Vercheck.exe Start:mcLauncher.exe
mRun: [EAFRCliStart] c:\program files\encryption anywhere\encryption anywhere clients\client console\EAFRCliStart.exe /p
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [QSDM] "c:\program files\qwest communications\qwest sms software distribution manager\Vercheck.exe" /s
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [kdx] c:\program files\kontiki\KHost.exe -all
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: confarchives.com
Trusted Zone: conferencing.com
Trusted Zone: directv.com
Trusted Zone: e-invoice.com\qwest26
Trusted Zone: etalkco1
Trusted Zone: iconf.net
Trusted Zone: prod.com\rio2ui
Trusted Zone: prod.com\rio2ui2
Trusted Zone: qintra.com\eccpo
Trusted Zone: qintra.com\einstein
Trusted Zone: qintra.com\epaycce.ad
Trusted Zone: qintra.com\qgem.ad
Trusted Zone: qintra.com\rms.ad
Trusted Zone: qintra.com\som.ad
Trusted Zone: qintra.com\twist2
Trusted Zone: qshare
Trusted Zone: qtomaacmw01
Trusted Zone: uswest.com\consultingplusordering.uswc
Trusted Zone: uswest.com\consultingplustraining.uswc
Trusted Zone: uswest.com\qbat.uswc
Trusted Zone: uswest.com\qtracker.uswc
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259859791718
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GEWinlogonNotify - GENotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5} - rundll32.exe advpack.dll,LaunchINFSectionEx c:\winnt\inf\wmactedp.inf,PerUserStub,,4

============= SERVICES / DRIVERS ===============

R0 EAFSPROT;EAFSPROT;c:\winnt\system32\drivers\eafsprot.sys [2008-8-26 13440]
R0 EPHDXLAT;PC Guardian Encryption Filter;c:\winnt\system32\drivers\ephdxlat.sys [2008-8-26 86784]
R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [2010-7-29 64288]
R0 PCTCore;PCTools KDS;c:\winnt\system32\drivers\PCTCore.sys [2010-8-3 207280]
R0 TfFsMon;TfFsMon;c:\winnt\system32\drivers\TfFsMon.sys [2010-8-3 51984]
R0 TfSysMon;TfSysMon;c:\winnt\system32\drivers\TfSysMon.sys [2010-8-3 59664]
R0 vmscsi;vmscsi;c:\winnt\system32\drivers\vmscsi.sys [2009-4-21 10880]
R1 pctgntdi;pctgntdi;c:\winnt\system32\drivers\pctgntdi.sys [2010-8-3 233136]
R1 Qinst67_;Qinst67_;c:\winnt\system32\Qinst67_.sys [2009-10-28 25472]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-6-12 1164536]
R2 EAFRCliManager;EAFRCliManager;c:\program files\encryption anywhere\encryption anywhere clients\EAFRCliManager.exe [2009-3-11 221184]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1352832]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-12-16 188736]
R2 nlsX86cc;NLS Service;c:\winnt\system32\NLSSRV32.EXE [2009-12-16 65856]
R2 prgnDiscAgent;HP DDMI Agent;c:\program files\hewlett-packard\discovery agent\bin32\discagnt.exe [2010-3-1 775736]
R2 Qinst67;Qinst67;c:\winnt\system32\Qinst67.exe [2009-10-28 741376]
R2 QSDMMonitor;QSDMMonitor;c:\program files\qwest communications\qsdmservicesetup\QSDMService.exe [2008-4-3 49152]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-8-3 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-8-3 1141712]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\winnt\system32\drivers\ATSwpWDF.sys [2008-6-12 477696]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-10-21 193840]
R3 IFXTPM;IFXTPM;c:\winnt\system32\drivers\ifxtpm.sys [2009-4-21 44800]
R3 pctplsg;pctplsg;c:\winnt\system32\drivers\pctplsg.sys [2010-8-3 70408]
R3 TfNetMon;TfNetMon;c:\winnt\system32\drivers\TfNetMon.sys [2010-8-3 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S3 RemoteCMD;Remote Command Server;c:\winnt\system32\rcmdsvc.exe [2009-4-21 41472]

=============== Created Last 30 ================

2010-08-04 11:33:15 16384 ----atw- c:\temp\Perflib_Perfdata_528.dat
2010-08-04 11:32:58 16384 ----atw- c:\temp\Perflib_Perfdata_6f0.dat
2010-08-04 10:14:36 95024 ----a-w- c:\winnt\system32\drivers\SBREDrv.sys
2010-08-04 02:15:11 16384 ----atw- c:\temp\Perflib_Perfdata_6fc.dat
2010-08-04 00:40:52 0 d-----w- c:\docume~1\mhfonta\applic~1\SUPERAntiSpyware.com
2010-08-04 00:40:52 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-04 00:40:16 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-04 00:39:36 0 d-----w- c:\docume~1\mhfonta\applic~1\Malwarebytes
2010-08-04 00:21:06 0 d-----w- c:\temp\tfxz
2010-08-04 00:20:45 59664 --s---w- c:\winnt\system32\drivers\TfSysMon.sys
2010-08-04 00:20:45 51984 --s---w- c:\winnt\system32\drivers\TfFsMon.sys
2010-08-04 00:20:45 33552 --s---w- c:\winnt\system32\drivers\TfNetMon.sys
2010-08-04 00:20:41 16384 ----atw- c:\temp\Perflib_Perfdata_14b8.dat
2010-08-04 00:20:22 7387 ----a-w- c:\winnt\system32\drivers\pctgntdi.cat
2010-08-04 00:20:22 233136 ----a-w- c:\winnt\system32\drivers\pctgntdi.sys
2010-08-04 00:20:17 87784 ----a-w- c:\winnt\system32\drivers\PCTAppEvent.sys
2010-08-04 00:20:17 7412 ----a-w- c:\winnt\system32\drivers\PCTAppEvent.cat
2010-08-04 00:20:17 7383 ----a-w- c:\winnt\system32\drivers\pctcore.cat
2010-08-04 00:20:17 207280 ----a-w- c:\winnt\system32\drivers\PCTCore.sys
2010-08-04 00:20:12 7383 ----a-w- c:\winnt\system32\drivers\pctplsg.cat
2010-08-04 00:20:12 70408 ----a-w- c:\winnt\system32\drivers\pctplsg.sys
2010-08-04 00:20:05 0 d-----w- c:\program files\Spyware Doctor
2010-08-04 00:20:05 0 d-----w- c:\program files\common files\PC Tools
2010-08-04 00:20:05 0 d-----w- c:\docume~1\mhfonta\applic~1\PC Tools
2010-08-04 00:20:05 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-08-03 23:11:00 16384 ----atw- c:\temp\Perflib_Perfdata_1c8.dat
2010-08-03 23:06:40 0 d-----w- c:\program files\TrendMicro
2010-08-03 23:02:47 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-08-03 22:59:52 16384 ----atw- c:\temp\Perflib_Perfdata_37c.dat
2010-08-03 22:27:18 16384 ----atw- c:\temp\Perflib_Perfdata_254.dat
2010-08-03 22:15:31 16384 ----atw- c:\temp\Perflib_Perfdata_798.dat
2010-07-29 07:31:36 15880 ----a-w- c:\winnt\system32\lsdelete.exe
2010-07-29 05:45:51 64288 ----a-w- c:\winnt\system32\drivers\Lbd.sys
2010-07-29 04:53:38 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-29 04:53:19 0 d-----w- c:\program files\Lavasoft
2010-07-28 02:00:12 16384 ----atw- c:\temp\Perflib_Perfdata_238.dat
2010-07-28 00:55:37 16384 ----atw- c:\temp\Perflib_Perfdata_240.dat
2010-07-28 00:37:32 16384 ----atw- c:\temp\Perflib_Perfdata_168.dat
2010-07-24 18:08:07 195072 ----a-w- c:\winnt\Blavob.exe
2010-07-24 17:49:59 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-07-24 17:49:58 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys
2010-07-24 17:49:58 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-24 17:49:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-24 17:18:04 0 d-----w- c:\docume~1\mhfonta\applic~1\GoldWaveCDDB
2010-07-24 17:18:04 0 d-----w- c:\docume~1\alluse~1\applic~1\GoldWaveCDDB
2010-07-24 17:03:28 195072 ----a-w- c:\winnt\Blavoa.exe
2010-07-12 21:26:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Kontiki
2010-07-12 21:24:57 0 d-----w- c:\program files\Kontiki
2010-07-08 10:28:28 0 d-----w- c:\temp\BDIJWSFL
2010-07-06 11:09:17 0 d-----w- c:\temp\JUJYBVKL

==================== Find3M ====================

2010-07-24 17:03:21 46592 ----a-w- c:\docume~1\mhfonta\applic~1\6c5a2965.exe
2010-06-27 17:49:53 58860 ----a-w- c:\winnt\fonts\LINOSCRI.TTF
2010-06-27 17:49:37 45192 ----a-w- c:\winnt\fonts\LINCOLNN.TTF
2010-06-27 17:49:23 50992 ----a-w- c:\winnt\fonts\LINOTEXT.TTF
2010-06-27 17:38:20 52984 ----a-w- c:\winnt\fonts\Diploma Regular.ttf
2010-06-27 17:37:54 44820 ----a-w- c:\winnt\fonts\Diploma (Sec).ttf

============= FINISH: 8:00:23.75 ===============

descriptionMalware and Trojan Stuff EmptyRe: Malware and Trojan Stuff

more_horiz
and the 2nd log...


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/21/2009 3:45:19 PM
System Uptime: 8/4/2010 7:31:51 AM (1 hours ago)

Motherboard: Hewlett-Packard | | 30C0
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | U10 | 1995/200mhz
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | U10 | 1995/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 51.396 GiB free.
D: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP206: 7/6/2010 7:20:28 AM - Software Distribution Service 3.0
RP207: 7/6/2010 7:20:52 AM - Software Distribution Service 3.0
RP208: 7/7/2010 8:23:34 AM - System Checkpoint
RP209: 7/8/2010 9:20:42 AM - System Checkpoint
RP210: 7/12/2010 5:25:37 PM - Installed Kontiki Media Manager
RP211: 7/13/2010 6:08:45 PM - System Checkpoint
RP212: 7/14/2010 8:42:29 PM - System Checkpoint
RP213: 7/16/2010 9:23:05 AM - System Checkpoint
RP214: 7/19/2010 8:30:37 AM - System Checkpoint
RP215: 7/19/2010 7:18:45 PM - System Checkpoint
RP216: 7/20/2010 7:44:30 PM - System Checkpoint
RP217: 7/21/2010 8:00:05 PM - Installed Adobe Flash Player 10 ActiveX.
RP218: 7/22/2010 10:13:48 PM - System Checkpoint
RP219: 7/23/2010 11:37:49 PM - System Checkpoint
RP220: 7/26/2010 10:07:09 AM - System Checkpoint
RP221: 7/27/2010 11:37:31 AM - System Checkpoint
RP222: 7/28/2010 10:11:31 AM - System Checkpoint
RP223: 7/29/2010 8:35:40 AM - System Checkpoint
RP224: 7/29/2010 7:35:40 PM - System Checkpoint
RP225: 7/31/2010 10:48:38 AM - System Checkpoint
RP226: 8/3/2010 9:44:01 AM - System Checkpoint
RP227: 8/3/2010 7:06:39 PM - Installed HiJackThis

==== Installed Programs ======================

.NET Certficate Authority Browser Patch - Pkg #1054
Ad-Aware
Adobe Flash 10.1.53.64
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
Adobe Reader 9.3.2.163
Adobe Shockwave 11.5.7.609
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
AuthenTec Fingerprint System
CCScore
Citrix METAFRAMECLIENT 10.2
Citrix Presentation Server Client
Compatibility Pack for the 2007 Office system
Configuration Manager Client
Critical Update for Windows Media Player 11 (KB959772)
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
fflink
Genesys Qwest Conferencing 4.4.0.45
GoldWave v5.55
GoldWave v5.56
GuardianEdge 9.2.2
GuardianEdge Autologon Client
GuardianEdge Framework Client
GuardianEdge Hard Disk Client
Hewlett-Packard DDMI 7.61
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB892559-v3)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB909667)
Hotfix for Windows XP (KB912436)
Hotfix for Windows XP (KB915326)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB918005)
Hotfix for Windows XP (KB918334)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB932597)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970413)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP 3D DriveGuard
HP DDM Inventory Agent (x86) 7.61.000.9328
HP Quick Launch Buttons 6.40 H2
HP Wireless Assistant
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Kontiki Media Manager
Kontiki Media Manager 6.5.3
LiveUpdate 3.1 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Access 2002
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Live Meeting 2007
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Communicator 2007 R2
Microsoft Office Live Meeting 2007
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Office Visio Viewer 2003 (English)
Microsoft PolicyCSE 1.0
Microsoft Project 2003 with Service Pack 3
Microsoft Security Patch KB970413
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visio 2003 with Service Pack 3
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
netbrdg
Nitro PDF Professional
OfotoXMI
QSDMServiceSetup
QuickTime
Qwest Administrative Update 2010.2
Qwest SMS Software Distribution Manager
Qwest Software Distribution Manager 1.2.2993
RDC
Remove Hidden Data Tool
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
SFR
SHASTA
skin0001
SKINXSDK
Smart PDF Converter 5.0.1.335
Spyware Doctor 7.0
staticcr
SUPERAntiSpyware
Symantec Enterprise Vault 8.0.0.1405
Symantec Enterprise Vault HTTP-only Outlook Add-In
Symantec Protection Agent 5.1
Synaptics Pointing Device Driver
TVUNetworks ActiveX 2.4.0.1
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB923845)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB943729)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
Web Meeting
WebFldrs XP
WIMGAPI
Windows Communication Foundation
Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Enterprise Deployment
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887816
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip 14.5
WIRELESS
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

8/3/2010 8:41:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
8/3/2010 8:39:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/3/2010 8:38:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/3/2010 8:32:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm TfFsMon TfSysMon
8/3/2010 8:32:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EAFRCliManager with arguments "" in order to run the server: {A1C294A9-AA96-4363-8851-DEA366E2FB47}
8/3/2010 8:17:25 AM, error: NETLOGON [5721] - The session setup to the Windows NT or Windows 2000 Domain Controller \\ENTTULI104 for the domain AD failed because the Domain Controller does not have an account for the computer VA1030GMHFONTAI.
8/3/2010 7:37:41 PM, error: Service Control Manager [7034] - The Com4QLBEx service terminated unexpectedly. It has done this 1 time(s).
8/3/2010 7:24:18 PM, error: Service Control Manager [7034] - The EAFRCliManager service terminated unexpectedly. It has done this 1 time(s).
8/3/2010 7:24:14 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/3/2010 6:45:46 PM, error: Service Control Manager [7034] - The NLS Service service terminated unexpectedly. It has done this 1 time(s).
8/3/2010 6:45:46 PM, error: Service Control Manager [7031] - The Qinst67 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
8/3/2010 6:44:05 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
8/3/2010 10:29:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EAFRCliManager with arguments "" in order to run the server: {378B7F3E-639C-48E5-B9FB-AC31B66487A6}
8/3/2010 10:24:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL TfFsMon TfSysMon
7/31/2010 10:24:00 AM, error: Service Control Manager [7022] - The Windows Time service hung on starting.
7/31/2010 10:21:20 AM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 001F29ABC76B has been denied by the DHCP server 10.13.130.254 (The DHCP Server sent a DHCPNACK message).
7/28/2010 9:52:34 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
7/28/2010 9:51:59 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
7/28/2010 9:50:42 PM, error: NETLOGON [5719] - No Domain Controller is available for domain AD due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
7/28/2010 9:48:47 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
7/28/2010 9:48:41 PM, error: PlugPlayManager [12] - The device 'Communications Port (COM1)' (ACPI\PNP0501\5&19f65854&0) disappeared from the system without first being prepared for removal.
7/28/2010 9:44:03 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer FAX2K3FIL003 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{64B706C2-EB68-4. The master browser is stopping or an election is being forced.
7/28/2010 11:56:54 PM, error: Service Control Manager [7034] - The NitroPDFDriverCreatorReadSpool service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

descriptionMalware and Trojan Stuff EmptyRe: Malware and Trojan Stuff

more_horiz
Until last night, I wasn't able to download any anti-virus programs. My work computer only had symantec on it which seems to have been disabled. I was able to get several things here on my work computer that I wasn't able to do before. I was not able to run OTL (I get an error on it), so I ran DDS and posted it above.

descriptionMalware and Trojan Stuff EmptyRe: Malware and Trojan Stuff

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionMalware and Trojan Stuff EmptyRe: Malware and Trojan Stuff

more_horiz
I had trouble before, but I will try it again.

descriptionMalware and Trojan Stuff EmptyRe: Malware and Trojan Stuff

more_horiz
Okay here is the first one....

OTL logfile created on: 8/4/2010 11:59:49 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\mhfonta\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 3058 3058 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 51.26 Gb Free Space | 45.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 7.20 Gb Free Space | 96.59% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VA1030GMHFONTAI
Current User Name: mhfonta
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/04 11:57:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mhfonta\Desktop\OTL.exe
PRC - [2010/07/19 13:50:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/07/12 04:55:38 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/07/12 04:55:38 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/04/11 01:30:58 | 005,116,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2010/04/05 14:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010/04/02 16:17:16 | 000,140,442 | ---- | M] () -- C:\Program Files\Qwest Communications\Qwest SMS Software Distribution Manager\Vercheck.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/01 13:08:40 | 000,775,736 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
PRC - [2010/03/01 13:08:40 | 000,525,880 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe
PRC - [2010/03/01 13:08:40 | 000,177,720 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
PRC - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2010/01/18 14:14:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/01/05 15:33:18 | 001,461,800 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2010/01/05 15:31:30 | 004,719,144 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2009/12/16 11:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINNT\system32\NLSSRV32.EXE
PRC - [2009/12/16 11:09:04 | 000,188,736 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/10/28 12:50:33 | 000,741,376 | ---- | M] () -- C:\WINNT\system32\Qinst67.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\CCM\CcmExec.exe
PRC - [2009/06/25 15:26:20 | 000,455,992 | ---- | M] (A Better Conference Inc.) -- C:\Program Files\Web Meeting\Modules\Launcher\mcLauncher.exe
PRC - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/05/21 13:54:58 | 000,348,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2009/05/21 13:49:36 | 001,372,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/05/21 13:23:04 | 000,909,312 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/05/21 13:06:22 | 001,202,448 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/03/11 14:14:14 | 000,561,152 | ---- | M] (GuardianEdge Technologies, Inc.) -- C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\Client Console\EAFRCliStart.exe
PRC - [2009/03/11 14:12:52 | 000,025,088 | ---- | M] (GuardianEdge Technologies, Inc.) -- C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EACommunication.exe
PRC - [2009/03/11 14:10:40 | 000,221,184 | ---- | M] (GuardianEdge Technologies, Inc.) -- C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliManager.exe
PRC - [2009/03/06 13:31:12 | 000,069,632 | ---- | M] (GuardianEdge Technologies, Inc.) -- C:\Program Files\GuardianEdge\GuardianEdge Autologon Client\EAHDCheckSvr.exe
PRC - [2008/06/12 12:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) -- c:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/04/03 13:16:30 | 000,049,152 | ---- | M] () -- C:\Program Files\Qwest Communications\QSDMServiceSetup\QSDMService.exe
PRC - [2008/03/18 14:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINNT\system32\agrsmsvc.exe
PRC - [2008/02/07 21:48:32 | 000,312,640 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2008/02/07 21:48:28 | 001,086,784 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfica32.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2007/01/24 14:28:58 | 000,124,928 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINNT\system32\accelerometerST.exe
PRC - [2007/01/05 17:36:48 | 000,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/08/04 11:57:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mhfonta\Desktop\OTL.exe
MOD - [2010/02/02 10:13:54 | 000,451,856 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/09/09 22:54:58 | 000,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2006/08/25 09:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/02/28 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/07/12 04:55:38 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/01 13:08:40 | 000,775,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe -- (prgnDiscAgent)
SRV - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/01/05 15:31:30 | 004,719,144 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2009/12/16 11:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINNT\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2009/12/16 11:09:04 | 000,188,736 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/28 12:50:33 | 000,741,376 | ---- | M] () [Auto | Running] -- C:\WINNT\system32\Qinst67.exe -- (Qinst67)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/05/21 13:54:58 | 000,348,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2009/05/21 13:23:04 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/03/11 14:10:40 | 000,221,184 | ---- | M] (GuardianEdge Technologies, Inc.) [Auto | Running] -- C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliManager.exe -- (EAFRCliManager)
SRV - [2008/06/12 12:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- c:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/04/03 13:16:30 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Qwest Communications\QSDMServiceSetup\QSDMService.exe -- (QSDMMonitor)
SRV - [2008/03/18 14:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINNT\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/11/20 04:42:45 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\snmp.exe -- (SNMP)
SRV - [2006/09/02 17:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [1999/12/02 16:54:02 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\rcmdsvc.exe -- (RemoteCMD)
SRV - [1999/10/07 17:48:40 | 000,200,704 | ---- | M] (AT&T Research Labs Cambridge) [On_Demand | Stopped] -- c:\Program Files\orl\Vnc\Winvnc.exe -- (winvnc)


========== Driver Services (SafeList) ==========

DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINNT\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINNT\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 10:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 10:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 10:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/10/28 12:50:36 | 000,025,472 | ---- | M] (Guidance Software Inc.) [Kernel | System | Running] -- C:\WINNT\system32\Qinst67_.sys -- (Qinst67_)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/06/18 15:38:34 | 004,203,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/11/26 18:37:42 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM)
DRV - [2008/09/11 12:52:48 | 006,047,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/08/26 08:51:08 | 000,086,784 | R--- | M] (GuardianEdge Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\ephdxlat.sys -- (EPHDXLAT)
DRV - [2008/08/26 08:51:06 | 000,013,440 | R--- | M] (GuardianEdge Technologies, Inc.) [File_System | Boot | Running] -- C:\WINNT\System32\drivers\eafsprot.sys -- (EAFSPROT)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/23 13:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008/06/20 18:04:34 | 000,225,696 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/06/12 14:40:50 | 000,477,696 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/05/07 18:40:02 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/28 15:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/08 18:27:04 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2008/03/21 14:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/05 14:38:22 | 000,281,600 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/07/24 00:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/07/24 00:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2005/11/30 20:30:14 | 000,010,880 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\vmscsi.sys -- (vmscsi)
DRV - [2005/06/13 17:51:24 | 000,086,528 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://theq.qwest.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = DENEVJA01;QTDENEVAP06;DENEVMA01;QTDENEVAP01;DENEVMA02;QTDENEVAP02;DENEVMA03;QTDENEVAP03;DENEVMA04;QTDENEVAP04;DENEVMA05;QTDENEVAP05;OMAEVMA01;QTOMAEVAP01;OMAEVMA02;QTOMAEVAP02;OMAEVMA03;QTOMAEVAP03;OMAEVMA04;QTOMAEVAP04;OMAEVMA05;QTOMAEVAP05;OMAEVPFA01;QTOMAEVAP06;



O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINNT\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EAFRCliStart] C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\Client Console\EAFRCliStart.exe (GuardianEdge Technologies, Inc.)
O4 - HKLM..\Run: [EDFcsn] C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [MeetingLauncher] C:\Program Files\Web Meeting\Vercheck.exe ()
O4 - HKLM..\Run: [QSDM] C:\Program Files\Qwest Communications\Qwest SMS Software Distribution Manager\Vercheck.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [MeetingLauncher] C:\Program Files\Web Meeting\Modules\Launcher\mcLauncher.exe (A Better Conference Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [XA5RJ9EADJ] C:\Documents and Settings\mhfonta\Local Settings\Temp\Bsm.exe (ConeXware, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: confarchives.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: conferencing.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: denevja01 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: denevma01 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: denevma02 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: denevma03 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: denevma04 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: denevma05 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: denevpfa01 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: directv.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: e-invoice.com ([qwest26] https in Trusted sites)
O15 - HKCU\..Trusted Domains: etalkco1 ([]HTTP in Trusted sites)
O15 - HKCU\..Trusted Domains: evsite ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: iconf.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: omaevma01 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: omaevma02 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: omaevma03 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: omaevma04 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: omaevma05 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: omaevpfa01 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: prod.com ([rio2ui] http in Trusted sites)
O15 - HKCU\..Trusted Domains: prod.com ([rio2ui2] * in Trusted sites)
O15 - HKCU\..Trusted Domains: qintra.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: qintra.com ([eccpo] https in Trusted sites)
O15 - HKCU\..Trusted Domains: qintra.com ([einstein] http in Trusted sites)
O15 - HKCU\..Trusted Domains: qintra.com ([epaycce.ad] https in Trusted sites)
O15 - HKCU\..Trusted Domains: qintra.com ([qgem.ad] https in Trusted sites)
O15 - HKCU\..Trusted Domains: qintra.com ([rms.ad] https in Trusted sites)
O15 - HKCU\..Trusted Domains: qintra.com ([som.ad] https in Trusted sites)
O15 - HKCU\..Trusted Domains: qintra.com ([twist2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: qshare ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: QTDENEVAP01 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: QTDENEVAP02 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: QTDENEVAP03 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: QTDENEVAP04 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: QTDENEVAP05 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: QTDENEVAP06 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: qtomaacmw01 ([]HTTP in Trusted sites)
O15 - HKCU\..Trusted Domains: QTOMAEVAP01 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: QTOMAEVAP02 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: QTOMAEVAP03 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: QTOMAEVAP04 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: QTOMAEVAP05 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: QTOMAEVAP06 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: qwest.com ([ddc.qaccess] https in Local intranet)
O15 - HKCU\..Trusted Domains: qwest.com ([odc.qaccess] https in Local intranet)
O15 - HKCU\..Trusted Domains: qwest.com ([qaccess] https in Local intranet)
O15 - HKCU\..Trusted Domains: qwest.net ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: uswest.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: uswest.com ([consultingplusordering.uswc] http in Trusted sites)
O15 - HKCU\..Trusted Domains: uswest.com ([consultingplustraining.uswc] http in Trusted sites)
O15 - HKCU\..Trusted Domains: uswest.com ([qbat.uswc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: uswest.com ([qtracker.uswc] http in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259859791718 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.63.255.1 10.63.255.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AD.QINTRA.COM
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (EAFRCliGina) - C:\WINNT\System32\EAFRCliGina.dll (GuardianEdge Technologies, Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GEWinlogonNotify: DllName - GENotify.dll - C:\WINNT\System32\GENotify.dll (GuardianEdge Technologies, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINNT\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\mhfonta\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mhfonta\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/21 16:40:03 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINNT\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/04 11:57:40 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mhfonta\Desktop\OTL.exe
[2010/08/04 06:14:36 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINNT\System32\drivers\SBREDrv.sys
[2010/08/03 20:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mhfonta\Application Data\SUPERAntiSpyware.com
[2010/08/03 20:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/03 20:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/03 20:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mhfonta\Application Data\Malwarebytes
[2010/08/03 20:20:45 | 000,059,664 | --S- | C] (PC Tools) -- C:\WINNT\System32\drivers\TfSysMon.sys
[2010/08/03 20:20:45 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINNT\System32\drivers\TfFsMon.sys
[2010/08/03 20:20:45 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINNT\System32\drivers\TfNetMon.sys
[2010/08/03 20:20:22 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINNT\System32\drivers\pctgntdi.sys
[2010/08/03 20:20:17 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINNT\System32\drivers\PCTCore.sys
[2010/08/03 20:20:17 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINNT\System32\drivers\PCTAppEvent.sys
[2010/08/03 20:20:12 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINNT\System32\drivers\pctplsg.sys
[2010/08/03 20:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/08/03 20:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/08/03 20:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mhfonta\Application Data\PC Tools
[2010/08/03 20:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/08/03 19:31:00 | 002,133,536 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\mhfonta\Desktop\avg_free_stb_all_9_115_cnet.exe
[2010/08/03 19:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/08/03 19:02:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2010/07/30 11:50:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mhfonta\Desktop\Mom and Dad Stuff
[2010/07/29 01:45:51 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINNT\System32\drivers\Lbd.sys
[2010/07/29 00:53:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/07/29 00:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/07/29 00:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/07/29 00:36:11 | 128,750,008 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\mhfonta\Desktop\Ad-AwareInstall.exe
[2010/07/25 14:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/24 14:08:07 | 000,195,072 | ---- | C] (ApexDC++ Development Team) -- C:\WINNT\Blavob.exe
[2010/07/24 13:49:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/07/24 13:49:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/07/24 13:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/24 13:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/24 13:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mhfonta\Application Data\GoldWaveCDDB
[2010/07/24 13:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB
[2010/07/24 13:03:28 | 000,195,072 | ---- | C] (ApexDC++ Development Team) -- C:\WINNT\Blavoa.exe
[2010/07/16 10:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mhfonta\Desktop\New Misc
[2010/07/15 18:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mhfonta\Desktop\Bldg new pics view
[2010/07/12 21:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Deliveries
[2010/07/12 17:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2010/07/12 17:24:57 | 000,000,000 | ---D | C] -- C:\Program Files\Kontiki
[3 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[2 C:\Documents and Settings\mhfonta\Desktop\*.tmp files -> C:\Documents and Settings\mhfonta\Desktop\*.tmp -> ]
[1 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/04 11:57:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mhfonta\Desktop\OTL.exe
[2010/08/04 08:37:24 | 003,265,536 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Status Update 08-03-2010.xls
[2010/08/04 08:09:20 | 005,295,104 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\VA Ad-Hoc Inventory Report 08-04-2010.xls
[2010/08/04 07:57:27 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\dds.scr
[2010/08/04 07:55:11 | 000,004,996 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 08-04-2010.csv
[2010/08/04 07:42:54 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\mhfonta\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/08/04 07:35:34 | 000,000,284 | -H-- | M] () -- C:\WINNT\tasks\6c5a2965.job
[2010/08/04 07:35:05 | 000,000,475 | ---- | M] () -- C:\WINNT\SMSCFG.ini
[2010/08/04 07:35:02 | 000,000,472 | ---- | M] () -- C:\WINNT\tasks\Ad-Aware Update (Weekly).job
[2010/08/04 07:32:25 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/08/04 07:32:10 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/08/04 06:16:57 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\mhfonta\NTUSER.DAT
[2010/08/04 06:16:57 | 000,001,132 | -HS- | M] () -- C:\Documents and Settings\mhfonta\ntuser.ini
[2010/08/04 06:16:55 | 003,712,656 | -H-- | M] () -- C:\Documents and Settings\mhfonta\Local Settings\Application Data\IconCache.db
[2010/08/04 06:14:36 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINNT\System32\drivers\SBREDrv.sys
[2010/08/03 21:30:52 | 000,027,028 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Screenshot with viruses.PNG
[2010/08/03 20:40:19 | 000,001,683 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/03 20:20:15 | 000,001,642 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/08/03 19:31:03 | 002,133,536 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\mhfonta\Desktop\avg_free_stb_all_9_115_cnet.exe
[2010/08/03 19:24:26 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\HiJackThis.lnk
[2010/08/03 19:14:34 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/03 16:37:44 | 000,232,448 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Dedicated ckts 07-30-2010 jar.xls
[2010/08/03 14:18:07 | 000,081,408 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Sprint existing circuits and phone number ranges for Wichita KS.xls
[2010/08/03 14:13:56 | 000,998,400 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\VA_Dedicated_Voice_CPE.xls
[2010/08/03 08:51:19 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Olga Bauckman Fontaine.doc
[2010/08/03 08:36:35 | 000,005,047 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 08-03-2010.csv
[2010/08/02 18:11:14 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Roland E. Fontaine service.doc
[2010/08/02 17:58:32 | 003,258,368 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Status Update 08-02-2010.xls
[2010/08/02 17:24:49 | 000,003,949 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 08-02-2010.csv
[2010/08/02 16:26:43 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/07/31 20:40:56 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Outlook 2003.lnk
[2010/07/30 10:07:59 | 000,004,964 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 07-30-2010.csv
[2010/07/29 21:08:34 | 003,250,688 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Status Update 07-29-2010.xls
[2010/07/29 16:49:42 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\PLS orders with equipment 07-29-2010.xls
[2010/07/29 12:25:33 | 011,788,288 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\default.xls
[2010/07/29 10:05:27 | 000,004,998 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 07-28-2010.csv
[2010/07/29 00:53:35 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\mhfonta\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/29 00:53:35 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/29 00:36:12 | 128,750,008 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\mhfonta\Desktop\Ad-AwareInstall.exe
[2010/07/28 19:43:30 | 000,000,664 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2010/07/28 19:28:22 | 000,195,072 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Qwest minutes 072810 agenda 080410.doc
[2010/07/27 14:53:19 | 000,004,972 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 07-27-2010.csv
[2010/07/27 14:11:39 | 000,189,440 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Money and King - What to Do....doc
[2010/07/24 13:03:28 | 000,195,072 | ---- | M] (ApexDC++ Development Team) -- C:\WINNT\Blavob.exe
[2010/07/24 13:03:21 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\mhfonta\Application Data\6c5a2965.exe
[2010/07/24 13:03:18 | 000,195,072 | ---- | M] (ApexDC++ Development Team) -- C:\WINNT\Blavoa.exe
[2010/07/22 13:44:53 | 000,998,400 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\VA_Dedicated_Voice_CPE_wr.xls
[2010/07/20 21:09:06 | 003,219,968 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Status Update 07-20-2010.xls
[2010/07/20 18:22:34 | 001,111,608 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\printVersion.pdf
[2010/07/20 18:12:44 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Cutover Scheduling Request ASRN #10-005082 White River Junction Ckt #3.doc
[2010/07/20 18:12:31 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Cutover Scheduling Request ASRN #10-005080P_OPS White River Junction Ckt #2.doc
[2010/07/20 18:12:15 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Cutover Scheduling Request ASRN #10-005078 White River Junction Ckt #1.doc
[2010/07/20 18:12:00 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Cutover Scheduling Request ASRN #10-005118P_OPS White River Junction Ckt #4.doc
[2010/07/20 14:28:16 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Cutover Scheduling Request ASRN #10-007745P_OPS - 4500 S. Lancaster Dallas, TX 75216 (Dallas).doc
[2010/07/20 13:41:54 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Cutover Scheduling Request ASRN #10-007479P_OPS - 130 W KINGSBRIDGE RD, BRONX, NY, 10468.doc
[2010/07/20 13:15:58 | 004,604,928 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Fontaine updated PIC Freeze Consolidated Report 07-19-2010.xls
[2010/07/20 11:56:54 | 268,247,040 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\nxAudit20100720.xls
[2010/07/20 09:30:28 | 003,570,688 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\PIC Freeze Report 07-20-2010.xls
[2010/07/20 08:13:46 | 007,346,688 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\piece1RF Complete Master 07-20-2010.xls
[2010/07/19 18:21:13 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Bay Pines circuits Update 07-19-2010.xls
[2010/07/19 18:21:06 | 003,219,968 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Status Update 07-19-2010.xls
[2010/07/19 08:11:46 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 07-19-.csv
[2010/07/16 19:17:06 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\mhfonta\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk
[2010/07/16 19:16:58 | 004,604,928 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Fontaine updated PIC Freeze Consolidated Report 07-20-2010.xls
[2010/07/16 18:44:15 | 008,522,752 | ---- | M] () -- C:\Documents and Settings\mhfonta\My Documents\Ghost pirates attack charity.doc
[2010/07/15 13:15:30 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Weekly Transition Reporting Dashboard 07-15-2010.ppt
[2010/07/15 11:45:53 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Cutover Scheduling Request ASRN #10-006895P_OPS - 113 HOLLAND AVE, ALBANY, NY, 12208.doc
[2010/07/14 11:08:12 | 000,063,562 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\129883-1 screenshot.PNG
[2010/07/14 11:00:14 | 000,005,127 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 07-14-2010.csv
[2010/07/14 10:58:08 | 000,200,704 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Qwest minutes 070710 agenda 071410.doc
[2010/07/13 22:05:40 | 266,157,056 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\nxAudit20100713.xls
[2010/07/13 20:50:42 | 003,209,728 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Status Update 07-12-2010.xls
[2010/07/13 20:49:14 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Fontaine availabilty week of 07-12 and 07-19.xls
[2010/07/13 14:33:44 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Madison VA R2 607 CSDS Switched Enhanced Order 7-7-10 (2).xls
[2010/07/13 10:19:34 | 002,404,864 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\MTIPS_Networx Product Playbook_v4.doc
[2010/07/13 09:13:59 | 000,005,039 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 07-13-2010.csv
[2010/07/12 18:04:42 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Cutover Scheduling Request ASRN #10-006914P_OPS 1111 E END BLVD, WILKES-BARRE, PA, 18702 Reschedule v2.doc
[2010/07/12 17:52:27 | 266,001,920 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\nxAudit20100712.xls
[2010/07/12 17:52:21 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Cutover Scheduling Request ASRN #10-006913P_OPS 1111 E END BLVD, WILKES-BARRE, PA, 18702 Reschedule v2.doc
[2010/07/12 17:25:13 | 000,005,049 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 07-12-2010.csv
[2010/07/12 12:29:43 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\ST Paul 10T20S177 Dedicated Voice Pre-Order St Paul DMC_06-24-10 (3).xls
[2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINNT\System32\drivers\Lbd.sys
[2010/07/12 04:55:38 | 000,015,880 | ---- | M] () -- C:\WINNT\System32\lsdelete.exe
[2010/07/11 21:44:15 | 000,014,351 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Catalyst.PNG
[2010/07/09 17:45:04 | 003,202,560 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Status Update 07-09-2010.xls
[2010/07/08 09:54:55 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\Joaquin A. Gutierrez Resume.doc
[2010/07/06 15:52:05 | 000,147,968 | ---- | M] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Transition Project Meeting Minutes 07-06-2010.doc
[2010/07/06 07:14:11 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\mhfonta\My Documents\Bandwidth chart.doc
[3 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[2 C:\Documents and Settings\mhfonta\Desktop\*.tmp files -> C:\Documents and Settings\mhfonta\Desktop\*.tmp -> ]
[1 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/04 10:25:26 | 000,195,072 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Qwest minutes 072810 agenda 080410.doc
[2010/08/04 07:58:38 | 005,295,104 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\VA Ad-Hoc Inventory Report 08-04-2010.xls
[2010/08/04 07:57:27 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\dds.scr
[2010/08/04 07:55:11 | 000,004,996 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 08-04-2010.csv
[2010/08/03 21:30:52 | 000,027,028 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Screenshot with viruses.PNG
[2010/08/03 20:40:19 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/03 20:20:22 | 000,007,387 | ---- | C] () -- C:\WINNT\System32\drivers\pctgntdi.cat
[2010/08/03 20:20:17 | 000,007,412 | ---- | C] () -- C:\WINNT\System32\drivers\PCTAppEvent.cat
[2010/08/03 20:20:17 | 000,007,383 | ---- | C] () -- C:\WINNT\System32\drivers\pctcore.cat
[2010/08/03 20:20:15 | 000,001,642 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/08/03 20:20:12 | 000,007,383 | ---- | C] () -- C:\WINNT\System32\drivers\pctplsg.cat
[2010/08/03 19:14:34 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\mhfonta\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/08/03 19:14:34 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/03 19:06:40 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\HiJackThis.lnk
[2010/08/03 16:37:41 | 000,232,448 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Dedicated ckts 07-30-2010 jar.xls
[2010/08/03 14:16:29 | 000,081,408 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Sprint existing circuits and phone number ranges for Wichita KS.xls
[2010/08/03 14:13:56 | 000,998,400 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\VA_Dedicated_Voice_CPE.xls
[2010/08/03 08:51:19 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Olga Bauckman Fontaine.doc
[2010/08/03 08:36:35 | 000,005,047 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 08-03-2010.csv
[2010/08/03 08:31:39 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Roland E. Fontaine service.doc
[2010/08/02 17:37:10 | 003,265,536 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Status Update 08-03-2010.xls
[2010/08/02 16:36:52 | 000,003,949 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 08-02-2010.csv
[2010/08/02 16:29:00 | 003,258,368 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Status Update 08-02-2010.xls
[2010/07/30 10:07:59 | 000,004,964 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 07-30-2010.csv
[2010/07/29 16:33:32 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\PLS orders with equipment 07-29-2010.xls
[2010/07/29 12:31:20 | 003,250,688 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Status Update 07-29-2010.xls
[2010/07/29 12:25:33 | 011,788,288 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\default.xls
[2010/07/29 10:05:26 | 000,004,998 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 07-28-2010.csv
[2010/07/29 03:31:36 | 000,015,880 | ---- | C] () -- C:\WINNT\System32\lsdelete.exe
[2010/07/29 01:47:55 | 000,000,472 | ---- | C] () -- C:\WINNT\tasks\Ad-Aware Update (Weekly).job
[2010/07/29 00:53:35 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\mhfonta\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/29 00:53:35 | 000,000,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/27 14:53:19 | 000,004,972 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 07-27-2010.csv
[2010/07/27 14:11:38 | 000,189,440 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Money and King - What to Do....doc
[2010/07/24 13:03:11 | 000,000,284 | -H-- | C] () -- C:\WINNT\tasks\6c5a2965.job
[2010/07/22 13:44:53 | 000,998,400 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\VA_Dedicated_Voice_CPE_wr.xls
[2010/07/20 18:22:31 | 001,111,608 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\printVersion.pdf
[2010/07/20 18:10:36 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Cutover Scheduling Request ASRN #10-005118P_OPS White River Junction Ckt #4.doc
[2010/07/20 18:08:00 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Cutover Scheduling Request ASRN #10-005082 White River Junction Ckt #3.doc
[2010/07/20 18:05:50 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Cutover Scheduling Request ASRN #10-005080P_OPS White River Junction Ckt #2.doc
[2010/07/20 17:56:04 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Cutover Scheduling Request ASRN #10-005078 White River Junction Ckt #1.doc
[2010/07/20 14:28:16 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Cutover Scheduling Request ASRN #10-007745P_OPS - 4500 S. Lancaster Dallas, TX 75216 (Dallas).doc
[2010/07/20 13:46:32 | 003,219,968 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Status Update 07-20-2010.xls
[2010/07/20 13:41:54 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Cutover Scheduling Request ASRN #10-007479P_OPS - 130 W KINGSBRIDGE RD, BRONX, NY, 10468.doc
[2010/07/20 11:56:45 | 268,247,040 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\nxAudit20100720.xls
[2010/07/20 08:16:27 | 003,570,688 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\PIC Freeze Report 07-20-2010.xls
[2010/07/20 08:13:45 | 007,346,688 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\piece1RF Complete Master 07-20-2010.xls
[2010/07/19 18:11:54 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Bay Pines circuits Update 07-19-2010.xls
[2010/07/19 09:47:21 | 003,219,968 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Status Update 07-19-2010.xls
[2010/07/19 08:11:46 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 07-19-.csv
[2010/07/16 18:44:11 | 008,522,752 | ---- | C] () -- C:\Documents and Settings\mhfonta\My Documents\Ghost pirates attack charity.doc
[2010/07/16 18:23:30 | 004,604,928 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Fontaine updated PIC Freeze Consolidated Report 07-20-2010.xls
[2010/07/16 15:36:00 | 004,604,928 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Fontaine updated PIC Freeze Consolidated Report 07-19-2010.xls
[2010/07/15 12:54:43 | 000,225,280 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Weekly Transition Reporting Dashboard 07-15-2010.ppt
[2010/07/14 15:37:59 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Cutover Scheduling Request ASRN #10-006895P_OPS - 113 HOLLAND AVE, ALBANY, NY, 12208.doc
[2010/07/14 13:06:26 | 000,200,704 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Qwest minutes 070710 agenda 071410.doc
[2010/07/14 11:07:43 | 000,063,562 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\129883-1 screenshot.PNG
[2010/07/14 11:00:13 | 000,005,127 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 07-14-2010.csv
[2010/07/13 22:05:39 | 266,157,056 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\nxAudit20100713.xls
[2010/07/13 20:49:14 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Fontaine availabilty week of 07-12 and 07-19.xls
[2010/07/13 17:28:06 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Madison VA R2 607 CSDS Switched Enhanced Order 7-7-10 (2).xls
[2010/07/13 11:51:30 | 002,404,864 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\MTIPS_Networx Product Playbook_v4.doc
[2010/07/13 09:13:59 | 000,005,039 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 07-13-2010.csv
[2010/07/12 19:39:54 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\ST Paul 10T20S177 Dedicated Voice Pre-Order St Paul DMC_06-24-10 (3).xls
[2010/07/12 18:31:17 | 003,209,728 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Status Update 07-12-2010.xls
[2010/07/12 17:55:11 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Cutover Scheduling Request ASRN #10-006914P_OPS 1111 E END BLVD, WILKES-BARRE, PA, 18702 Reschedule v2.doc
[2010/07/12 17:52:27 | 266,001,920 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\nxAudit20100712.xls
[2010/07/12 17:52:20 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Cutover Scheduling Request ASRN #10-006913P_OPS 1111 E END BLVD, WILKES-BARRE, PA, 18702 Reschedule v2.doc
[2010/07/12 17:25:23 | 000,005,049 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\NtwxOrderStatusSummary 07-12-2010.csv
[2010/07/11 21:44:15 | 000,014,351 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Catalyst.PNG
[2010/07/09 17:45:04 | 003,202,560 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Status Update 07-09-2010.xls
[2010/07/08 08:10:35 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\Joaquin A. Gutierrez Resume.doc
[2010/07/08 06:21:41 | 002,198,016 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\POM-Request-Form-v411.xls
[2010/07/06 15:52:05 | 000,147,968 | ---- | C] () -- C:\Documents and Settings\mhfonta\Desktop\VA Voice Transition Project Meeting Minutes 07-06-2010.doc
[2010/07/06 07:14:11 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\mhfonta\My Documents\Bandwidth chart.doc
[2010/06/07 06:28:59 | 000,004,764 | ---- | C] () -- C:\WINNT\System32\CcmFramework.ini
[2009/11/09 13:01:54 | 000,000,176 | ---- | C] () -- C:\WINNT\hpbafd.ini
[2009/10/29 14:40:04 | 000,012,288 | ---- | C] () -- C:\WINNT\System32\HLINKPRX.DLL
[2009/10/29 14:40:01 | 000,022,016 | ---- | C] () -- C:\WINNT\System32\DOCOBJ.DLL
[2009/10/29 14:39:45 | 000,024,576 | ---- | C] () -- C:\WINNT\System32\ODBCMON.DLL
[2009/10/29 14:39:43 | 000,022,016 | ---- | C] () -- C:\WINNT\System32\ODBCSTF.DLL
[2009/10/28 13:51:58 | 000,059,904 | ---- | C] () -- C:\WINNT\System32\zlib1.dll
[2009/06/17 12:13:30 | 000,508,224 | ---- | C] () -- C:\WINNT\System32\ICCProfiles.dll
[2009/04/21 12:37:32 | 000,000,475 | ---- | C] () -- C:\WINNT\SMSCFG.ini
[2009/04/21 12:08:10 | 000,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI
[2009/04/21 11:43:33 | 000,147,456 | ---- | C] () -- C:\WINNT\System32\igfxCoIn_v4990.dll
[2009/04/21 11:41:46 | 000,000,308 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

descriptionMalware and Trojan Stuff EmptyRe: Malware and Trojan Stuff

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O4 - HKCU..\Run: [XA5RJ9EADJ] C:\Documents and Settings\mhfonta\Local Settings\Temp\Bsm.exe (ConeXware, Inc.)
    [2010/08/04 07:35:34 | 000,000,284 | -H-- | M] () -- C:\WINNT\tasks\6c5a2965.job
    [2010/07/24 13:03:28 | 000,195,072 | ---- | M] (ApexDC++ Development Team) -- C:\WINNT\Blavob.exe
    [2010/07/24 13:03:21 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\mhfonta\Application Data\6c5a2965.exe
    [2010/07/24 13:03:18 | 000,195,072 | ---- | M] (ApexDC++ Development Team) -- C:\WINNT\Blavoa.exe

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionMalware and Trojan Stuff EmptyRe: Malware and Trojan Stuff

more_horiz
Yaaaaaaaaaaaaaaah!

I did that and rebooted. After it gets through Guardian Edge, it goes to my desktop but nothing appears. It's like my desktop is hung. It just sits there.

No Fix log appeared either.

Yikes

When I use the task manager, Explore.exe is not showing up there.

Last edited by Misteretc on 4th August 2010, 5:54 pm; edited 1 time in total (Reason for editing : Additional info)

descriptionMalware and Trojan Stuff EmptyRe: Malware and Trojan Stuff

more_horiz
When I checked taskmanager, I noticed that explorer.exe is not in the listing. Heeeeeeeelp!!!

Can't Believe It

descriptionMalware and Trojan Stuff EmptyHELP!

more_horiz
I hit shift alt, delete, to get my taskmanager. I checked the list and explorer.exe is not there. Heeeeeeelp!

Can't Believe It

descriptionMalware and Trojan Stuff EmptyRe: Malware and Trojan Stuff

more_horiz
Okay the Panic attack is over. It took 3 reboots, but it finally came back up and posted the Fix Log. It is...

All processes killed
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret <[2010/08/04 07:35:34 | 000,000,284 | -H-- | M] () -- C:\WINNT\tasks\6c5a2965.job> in the current context!
Error: Unable to interpret <[2010/07/24 13:03:28 | 000,195,072 | ---- | M] (ApexDC++ Development Team) -- C:\WINNT\Blavob.exe> in the current context!
Error: Unable to interpret <[2010/07/24 13:03:21 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\mhfonta\Application Data\6c5a2965.exe> in the current context!
Error: Unable to interpret <[2010/07/24 13:03:18 | 000,195,072 | ---- | M] (ApexDC++ Development Team) -- C:\WINNT\Blavoa.exe> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: AAI_FID1MACHACC2
->Temp folder emptied: 85542601 bytes
->Temporary Internet Files folder emptied: 74123 bytes

User: Administrator
->Temp folder emptied: 12542826 bytes
->Temporary Internet Files folder emptied: 2053366 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 22165701 bytes

User: mhfonta
->Temp folder emptied: 546334601 bytes
->Temporary Internet Files folder emptied: 253908955 bytes
->Flash cache emptied: 28435 bytes

User: mlugo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 1570 bytes
%systemroot% .tmp files removed: 385622 bytes
%systemroot%\System32 .tmp files removed: 2314385 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 100081 bytes
Session Manager Temp folder emptied: 15245381 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 47589 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 897.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08042010_131652

Files\Folders moved on Reboot...
C:\Documents and Settings\mhfonta\Local Settings\Temp\F1.tmp moved successfully.
File\Folder C:\Documents and Settings\mhfonta\Local Settings\Temp\~DF56.tmp not found!
File\Folder C:\Documents and Settings\mhfonta\Local Settings\Temp\~DFAEFE.tmp not found!
File\Folder C:\Documents and Settings\mhfonta\Local Settings\Temp\~DFB1FF.tmp not found!
File\Folder C:\Documents and Settings\mhfonta\Local Settings\Temp\~DFE248.tmp not found!
C:\Documents and Settings\mhfonta\Local Settings\Temporary Internet Files\Content.IE5\C9A3S5AF\malware-and-trojan-stuff-t23107[1].htm moved successfully.
C:\Documents and Settings\mhfonta\Local Settings\Temporary Internet Files\Content.IE5\C9A3S5AF\menuitem[6].htm moved successfully.
C:\Documents and Settings\mhfonta\Local Settings\Temporary Internet Files\Content.IE5\45QZK5M7\dt[1].htm moved successfully.

Registry entries deleted on Reboot...

descriptionMalware and Trojan Stuff EmptyRe: Malware and Trojan Stuff

more_horiz
Thanks again, it seems to be working. Did you notice any issues in the logs?

descriptionMalware and Trojan Stuff EmptyRe: Malware and Trojan Stuff

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Malware and Trojan Stuff CF_download_FF

    Malware and Trojan Stuff CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Malware and Trojan Stuff Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Malware and Trojan Stuff Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionMalware and Trojan Stuff EmptyRe: Malware and Trojan Stuff

more_horiz
Okay did that, now what?

descriptionMalware and Trojan Stuff EmptyRe: Malware and Trojan Stuff

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum