Got a window re "cmd.exe" (Solved)

Mara · Nov 15, 2009

Combined with the other poor computer woes, it was running so, so slow plus leaving 'half pages (semi-transparent) on the screen ...

Have run all the security programs over and over ... but each time I re-boot today (can't shut off or it won't re-start), having been getting the following window as screen/computer is loading/restarting ...

C:\Windows\System.32\cmd.exe

What is this, please?

BeeCeeBee · Nov 15, 2009

Re: Got a window re "cmd.exe"

Is this a black window, Mara?

Mara · Nov 15, 2009

Re: Got a window re "cmd.exe"

Yes, it is ... a rectangle on top left corner of screen - completely black other than the writing.

BSchwarz · Nov 15, 2009

Re: Got a window re "cmd.exe"

Check msconfig. Some program you have installed is starting cmd.exe.
To check msconfig click start > run and type in msconfig. Look at startup variables and post what's in there.

Mara · Nov 15, 2009

Re: Got a window re "cmd.exe"

Same as 'Startup' tab?

Under the above, it's showing tons of stuff ... will take screen shot of each visible area ... brb.

DSTM (Dougie) · Nov 15, 2009

Re: Got a window re "cmd.exe"

This is what Bleeping says.

Mara · Nov 15, 2009

Re: Got a window re "cmd.exe"

Here it is ...

Mara · Nov 15, 2009

Re: Got a window re "cmd.exe"

We both must have been hitting 'post' at the same time, Dougie!

Well, I'll be darned!!! If Bob finds it showing in the images I just posted, maybe I can just get rid of it from the 'misconfig' section itself ... have run all the Anti-Spyware, Anti-Virus and Anti-Malware over and over and over - and nothing is showing - groan.

BeeCeeBee · Nov 15, 2009

Re: Got a window re "cmd.exe"

Hi Mara,

What you really have to do is expand that second line by dragging the subject box to the right so the actual program can be seen.

That being said, the explorer.exe in a command box (like the old DOS box) means malware to me. Bob is quite right (as he should be ) in that you may remove the symptoms if it is showing up in msconfig but that may not remove the virus or trojan itself.

This may have to go to the malware removal forum for starbuck to have a look at.

Mara · Nov 15, 2009

Re: Got a window re "cmd.exe"

These things are so dreadful - and while I could be wrong, the only thing I can think of is while looking at gardening sites this afternoon, one page didn't exist - it had been taken over by something else. No warning from my security programs came up, but who knows.

Anyway, BeeCeeBee - it was a bug ... and because I was concerned it may spread, managed to find a freebie program to 'remove Trojans' ... the below is what it found and place in 'quarantine':

(Quote) Name: Backdoor.Win32.Hupigon!IK

Description:

The term Backdoor describes a specific group of Trojan Horses. As Trojans, they are not able to spread itself to other computers. Backdoors allow attackers full control over the victim's PC. Mostly they are split into 3 parts:

1. Server
The part which is put on the victim's PC and takes control over the PC.

2. Client
A little program used by the attacker to connect to the server and control the computer.

3. Editor
An additional tool to create the server program. It allows the attacker to create an unique server and allows him to set all options and rules for the server.

Backdoors are wide spread today. They are one of the most dangerous software programs for users surfing the web beside Worms, Dialers, Spyware and Trojans. (Unquote)

However... am baffled and wondering if the above is the same thing as "cmd.exe", just under another name?

allheart55 (Cindy E) · Nov 16, 2009

Re: Got a window re "cmd.exe"

Hi Mara,

Please, please, please, go directly to our malware removal and have Pete take care of you!

I can't stress it strongly enough.... You need expert help, your computer has been

severely compromised and that little program you used is not helping anything at this point.

It's apparent that there is more than one lil ole trojan at work. The backdoor trojans

are of the worst type. They are (sic) opening "backdoors" and welcoming all manner of malware in....

If you have been using this pc for banking, credit card bills, etc. you need to notify them that

your computer has been compromised and also have them check all recent transactions. Change

log-ins and passwords from a clean machine and please let Pete have a look-see. If this

was not a typo....C:\Windows\System.32\cmd.exe and I don't believe it is....there is never

a dot after System and before 32. This is one of the devious ways malware attempts to hide

from you. It will make an effort to look as if it belongs and it is a valid Windows file....It isn't....

Don't be fooled.... There is not one single program that will take care of this, if it can be disinfected

at all, Pete will be able to tell you. This is not something you want to attempt. (Nor should you)

Mara · Nov 16, 2009

Re: Got a window re "cmd.exe"

Hi and thanks so much for your advice, allheart!! I moved the thread over here to our Malware section when I realized it was a 'bug' and not a 'glitch' that computers sometimes have - and nope, it wasn't a typo re the 'dot'.

It would be terrific if Pete could take a look and let me know about the disinfection process (hope there is one!!).

Off to follow your advice and change security stuff - thanks again!

(These must be truly sneaky things to arrive without setting of a single alarm or, for that matter, showing up in any of the security scans later too - drat!).

starbuck · Nov 16, 2009

Re: Got a window re "cmd.exe"

Hi Mara,

It's always worth looking into these things.
Let's get a better look at your system and see if anything obvious is showing, then we'll have a better idea of where to go afterwards.

Please let me have the reports from the following programs:

Step 1
Download Security Check from here or here.

Save it to your Desktop.

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please copy and paste the contents of that document in your next reply.

Step 2

Download OTL to your desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

When the window appears, underneath Output at the top change it to Minimal Output.

Check the boxes beside LOP Check and Purity Check.

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

In your next reply, please submit:
checkup.txt
and both reports from Otl

Thanks.

Mara · Nov 16, 2009

Re: Got a window re "cmd.exe"

Hi Starbuck and thanks so much for providing both the links for necessary downloads and for the actual image to follow!

Here's the first scan results:

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Antivirus
ESET Online Scanner
SonicStage Mastering Studio Audio Filter Custom Preset
Sygate Personal Firewall
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
WinPatrol 2009
SUPERAntiSpyware Free Edition
McAfee SiteAdvisor
Java(TM) 6 Update 16
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
WinPatrol winpatrol.exe
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
SYGATE 5.6 FIREWALL, 19 August 2008 smc.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Mara · Nov 16, 2009

Re: Got a window re "cmd.exe"

And here's the results of the second scan:

OTL logfile created on: 11/16/2009 10:34:57 AM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Glen\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.16 Mb Total Physical Memory | 191.32 Mb Available Physical Memory | 18.86% Memory free
2.38 Gb Paging File | 1.78 Gb Available in Paging File | 74.51% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.88 Gb Total Space | 194.44 Gb Free Space | 86.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-FD36E9B8
Current User Name: Glen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Glen\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\FIREFOX 3.0.1, 16 August 2008\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files - Security\WIN PATROL, 19 August 2008\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files - Security\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files - Security\AVAST 4 Home Edition antivirus scanner, 16 Aug 2008\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files - Security\AVAST 4 Home Edition antivirus scanner, 16 Aug 2008\ashServ.exe (ALWIL Software)
PRC - C:\Program Files - Security\AVAST 4 Home Edition antivirus scanner, 16 Aug 2008\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files - Security\AVAST 4 Home Edition antivirus scanner, 16 Aug 2008\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files - Security\AVAST 4 Home Edition antivirus scanner, 16 Aug 2008\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\THUNDERBIRD Email\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files - for Glen and children PLUS misc\CD BURNER XP - recommended by Kim Komando\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files - Security\SYGATE 5.6 FIREWALL, 19 August 2008\Smc.exe (Sygate Technologies, Inc.)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe (Sony Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Glen\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\Program Files - Security\WIN PATROL, 19 August 2008\WinPatrol\patrolpro.dll (BillP Studios)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SSSensor.dll (Sygate Technologies, Inc.)
MOD - C:\WINDOWS\system32\serwvdrv.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\umdmxfrm.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files - Security\AVAST 4 Home Edition antivirus scanner, 16 Aug 2008\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files - Security\AVAST 4 Home Edition antivirus scanner, 16 Aug 2008\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files - Security\AVAST 4 Home Edition antivirus scanner, 16 Aug 2008\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files - Security\AVAST 4 Home Edition antivirus scanner, 16 Aug 2008\aswUpdSv.exe (ALWIL Software)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (getPlus(R) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (NMSAccessU) -- C:\Program Files - for Glen and children PLUS misc\CD BURNER XP - recommended by Kim Komando\CDBurnerXP\NMSAccessU.exe ()
SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ehRecvr) -- C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (ehSched) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
SRV - (McrdSvc) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (SonicStageMonitoring) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe (Sony Corporation)
SRV - (SmcService) -- C:\Program Files - Security\SYGATE 5.6 FIREWALL, 19 August 2008\Smc.exe (Sygate Technologies, Inc.)
SRV - (Sony TVTA Manager) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe (Sony Corporation)
SRV - (Sony TV Tuner Controller) -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe (Sony Corporation)
SRV - (Sony TV Tuner Manager) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe (Sony Corporation)
SRV - (MSSQL$VAIO_VEDB) -- C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$VAIO_VEDB) -- C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (C-DillaSrv) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)
SRV - (OOD2000) -- C:\WINDOWS\System32\OOD2000.exe (O&O Software GmbH)

========== Driver Services (SafeList) ==========

DRV - (is-PT13Cdrv) -- File not found
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (SASENUM) -- C:\Program Files - Security\SUPERAntiSpyWare - Anti Spyware program\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files - Security\SUPERAntiSpyWare - Anti Spyware program\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files - Security\SUPERAntiSpyWare - Anti Spyware program\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (TVICHW32) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS (EnTech Taiwan)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (e1express) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (usbaudio) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (wg6n) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.)
DRV - (wg5n) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.)
DRV - (wg4n) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.)
DRV - (wg3n) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.)
DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)
DRV - (Teefer) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (smrt) -- C:\WINDOWS\system32\drivers\smrt.sys (Sony Corporation)
DRV - (UdfReadr) -- C:\WINDOWS\system32\drivers\udfreadr.sys (Roxio)
DRV - (C-Dilla) -- C:\WINDOWS\system32\drivers\CDANT.SYS (Macrovision)
DRV - (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (USBIO) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.mytelus.com ew_homepage/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: FirefoxAddon@similarWeb.com:1.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/27 11:15:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/09/14 02:42:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/30 19:46:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\FIREFOX 3.0.1, 16 August 2008\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\FIREFOX 3.0.1, 16 August 2008\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\THUNDERBIRD Email\components [2009/09/09 17:46:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\THUNDERBIRD Email\plugins [2009/10/21 10:28:06 | 00,000,000 | ---D | M]

[2008/08/16 21:45:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Mozilla\Extensions
[2008/08/16 21:45:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/15 12:36:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Mozilla\Firefox\Profiles\5hagcr85.default\extensions
[2009/07/27 13:36:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Mozilla\Firefox\Profiles\5hagcr85.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/21 22:27:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Mozilla\Firefox\Profiles\5hagcr85.default\extensions\FirefoxAddon@similarWeb.com

O1 HOSTS File: (963 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 Registration
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files - Security\AVAST 4 Home Edition antivirus scanner, 16 Aug 2008\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [PartSeal] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SmcService] C:\Program Files - Security\SYGATE 5.6 FIREWALL, 19 August 2008\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files - Security\WIN PATROL, 19 August 2008\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files - Security\SUPERAntiSpyWare - Anti Spyware program\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Glen\Start Menu\Programs\Startup\is-EE9LB.lnk
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE File not found
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.154.133.68 75.154.133.100
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files - Security\SUPERAntiSpyWare - Anti Spyware program\SASWINLO.dll - C:\Program Files - Security\SUPERAntiSpyWare - Anti Spyware program\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files - Security\SUPERAntiSpyWare - Anti Spyware program\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/18 12:33:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (OODBS) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/15 18:50:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/11/15 17:54:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/11/15 17:45:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Glen\My Documents\HOME - House Photos
[2009/11/10 12:47:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Glen\My Documents\SANDRA Diagnostic Scan
[2009/11/10 11:55:08 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2009/11/10 11:55:07 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2009/11/10 11:55:05 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2009/11/10 11:55:04 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2009/11/10 11:55:04 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2009/11/10 11:55:03 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2009/11/10 11:55:02 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2009/11/10 11:55:01 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2009/11/10 11:55:01 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2009/11/10 11:55:00 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2009/11/10 11:54:59 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2009/11/10 11:54:59 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2009/11/10 11:54:59 | 00,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2009/11/10 11:54:58 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2009/11/10 11:54:57 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2009/11/10 11:54:57 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2009/11/10 11:54:56 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2009/11/10 11:54:56 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2009/11/10 11:54:55 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2009/11/10 11:54:55 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2009/11/10 11:54:54 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2009/11/10 11:54:53 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2009/11/10 11:54:53 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2009/11/10 11:54:52 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2009/11/10 11:54:52 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2009/11/10 11:54:51 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2009/11/10 11:54:51 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2009/11/10 11:54:50 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2009/11/10 11:54:50 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2009/11/10 11:54:49 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2009/11/10 11:54:48 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2009/11/10 11:54:48 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2009/11/10 11:54:47 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2009/11/10 11:54:47 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2009/11/10 11:54:46 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2009/11/10 11:54:45 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2009/11/10 11:54:44 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2009/11/10 11:54:44 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2009/11/10 11:54:44 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2009/11/10 11:54:43 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2009/11/10 11:54:42 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2009/11/10 11:54:41 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2009/11/10 11:54:40 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2009/11/10 11:54:40 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2009/11/10 11:54:39 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2009/11/10 11:54:38 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2009/11/10 11:54:38 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2009/11/10 11:54:37 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2009/11/10 11:54:36 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2009/11/10 11:54:36 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2009/11/10 11:54:35 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2009/11/10 11:54:35 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2009/11/10 11:54:35 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2009/11/10 11:54:34 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2009/11/10 11:54:33 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2009/11/10 11:54:31 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2009/11/10 11:54:31 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2009/11/10 11:54:30 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2009/11/10 11:54:29 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2009/11/10 11:54:28 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/11/10 11:54:28 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2009/11/10 11:54:27 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2009/11/10 11:54:27 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2009/11/10 11:54:27 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2009/11/10 11:54:26 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2009/11/10 11:54:25 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2009/11/10 11:54:25 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2009/11/10 11:54:25 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2009/11/10 11:54:24 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2009/11/10 11:54:20 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/11/10 11:54:19 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2009/11/10 11:54:19 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2009/11/10 11:54:19 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2009/11/10 11:54:18 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/11/10 11:54:18 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2009/11/10 11:54:17 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2009/11/10 11:54:16 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2009/11/10 11:54:16 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2009/11/10 11:54:14 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2009/11/10 11:50:38 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/11/10 11:49:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/11/09 13:51:41 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/11/09 13:51:30 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/11/09 13:32:07 | 00,000,000 | ---D | C] -- C:\Program Files\Open OFFICE V 3.1.1
[2009/10/27 13:27:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Glen\My Documents\FONTS
[2008/08/16 22:07:36 | 00,318,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmpfirefoxplugin WindowsMediaPlay PLUG IN for FIREFOX.exe
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/16 10:37:08 | 71,053,9296 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/11/16 10:37:06 | 00,001,639 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\TROJAN INFORMATION RE OTL SCAN if needed.rtf
[2009/11/16 10:23:02 | 00,001,639 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\OTL SCAN if needed.rtf
[2009/11/15 22:33:36 | 00,000,546 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/11/15 21:21:27 | 00,012,912 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\Document.rtf TROJAN.odt
[2009/11/15 20:47:38 | 00,001,087 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\Document.rtf TROJAN.rtf
[2009/11/15 18:53:58 | 00,000,551 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/15 18:53:58 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/15 18:53:58 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2009/11/15 18:53:53 | 00,086,778 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\02 misconfig.JPG
[2009/11/15 18:53:30 | 00,089,978 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\01 misconfig.JPG
[2009/11/15 17:54:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/15 17:53:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/15 17:53:08 | 08,275,028 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/11/15 17:52:26 | 11,272,192 | ---- | M] () -- C:\Documents and Settings\Glen\ntuser.dat
[2009/11/15 17:52:26 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Glen\ntuser.ini
[2009/11/15 17:51:48 | 17,135,884 | -H-- | M] () -- C:\Documents and Settings\Glen\Local Settings\Application Data\IconCache.db
[2009/11/15 00:36:26 | 00,002,619 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/11/12 19:26:45 | 01,661,164 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\gas.tif
[2009/11/12 14:06:14 | 01,516,811 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\computer woes don't loose right now - november.rtf
[2009/11/12 12:46:32 | 00,000,307 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\Document.rtf
[2009/11/11 11:21:24 | 00,002,391 | ---- | M] () -- C:\Documents and Settings\Glen\Desktop\Microsoft Office PowerPoint Viewer 2007.lnk
[2009/11/10 18:26:35 | 00,348,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/10 18:21:33 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/10 17:54:18 | 00,001,006 | ---- | M] () -- C:\Documents and Settings\Glen\Desktop\tintii.lnk
[2009/11/10 17:54:18 | 00,000,832 | ---- | M] () -- C:\tintii.8bf.lnk
[2009/11/09 14:05:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\MSDraw.ini
[2009/11/07 01:07:47 | 00,167,936 | ---- | M] () -- C:\Documents and Settings\Glen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/06 01:55:01 | 00,000,788 | ---- | M] () -- C:\Documents and Settings\Glen\Desktop\Windows Media Player.lnk
[2009/11/05 09:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/01 12:59:40 | 00,547,896 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 12:59:40 | 00,458,954 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 12:59:40 | 00,078,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/22 16:21:42 | 00,001,475 | ---- | M] () -- C:\Documents and Settings\Glen\Desktop\Windows Explorer.lnk
[2009/10/22 01:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 01:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/17 20:08:09 | 00,000,819 | ---- | M] () -- C:\WINDOWS\orun32.ini
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/16 10:37:06 | 00,001,639 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\TROJAN INFORMATION RE OTL SCAN if needed.rtf
[2009/11/16 10:12:48 | 00,001,639 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\OTL SCAN if needed.rtf
[2009/11/15 21:21:26 | 00,012,912 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\Document.rtf TROJAN.odt
[2009/11/15 20:47:38 | 00,001,087 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\Document.rtf TROJAN.rtf
[2009/11/15 18:53:53 | 00,086,778 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\02 misconfig.JPG
[2009/11/15 18:53:30 | 00,089,978 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\01 misconfig.JPG
[2009/11/12 19:41:49 | 00,021,650 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\PASSWORDS - NOVEMBER 2009.odt
[2009/11/12 19:26:45 | 01,661,164 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\gas.tif
[2009/11/12 13:46:15 | 01,516,811 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\computer woes don't loose right now - november.rtf
[2009/11/12 12:46:32 | 00,000,307 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\Document.rtf
[2009/11/11 23:23:19 | 00,001,126 | ---- | C] () -- C:\Documents and Settings\Glen\Application Data\photocleaner.log
[2009/11/11 11:21:24 | 00,002,391 | ---- | C] () -- C:\Documents and Settings\Glen\Desktop\Microsoft Office PowerPoint Viewer 2007.lnk
[2009/11/10 17:54:18 | 00,001,006 | ---- | C] () -- C:\Documents and Settings\Glen\Desktop\tintii.lnk
[2009/11/10 17:54:18 | 00,000,832 | ---- | C] () -- C:\tintii.8bf.lnk
[2009/11/09 14:05:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2009/10/22 16:21:23 | 00,001,475 | ---- | C] () -- C:\Documents and Settings\Glen\Desktop\Windows Explorer.lnk
[2009/09/01 11:08:30 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/08/28 18:45:33 | 00,001,014 | ---- | C] () -- C:\WINDOWS\System32\Dswfx.dll
[2009/06/28 18:45:38 | 00,000,477 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2009/01/25 17:01:18 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\Glen\Application Data\usb.dat.bin
[2009/01/24 12:20:35 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/01/08 23:13:17 | 00,000,080 | RHS- | C] () -- C:\WINDOWS\System32\EE25177F65.dll
[2009/01/08 21:17:03 | 00,020,520 | ---- | C] () -- C:\Program Files\init.dat
[2008/12/29 18:40:14 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini
[2008/10/30 22:40:24 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\ood2kmsg.dll
[2008/10/30 22:40:23 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\OODCSPRO.dll
[2008/10/02 16:50:17 | 00,167,936 | ---- | C] () -- C:\Documents and Settings\Glen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/08 13:34:14 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/08/30 09:38:04 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Glen\Application Data\wklnhst.dat
[2008/08/26 12:51:41 | 00,001,487 | ---- | C] () -- C:\Program Files\Windows Explorer.lnk
[2008/08/21 22:35:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OODCNT.INI
[2008/08/17 14:45:24 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2008/08/17 13:21:07 | 00,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2008/08/17 13:19:16 | 00,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/08/17 12:52:42 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7K.DLL
[2008/08/16 18:14:32 | 17,135,884 | -H-- | C] () -- C:\Documents and Settings\Glen\Local Settings\Application Data\IconCache.db
[2008/08/16 18:14:32 | 00,013,888 | ---- | C] () -- C:\Documents and Settings\Glen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/08/16 18:14:32 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Glen\Local Settings\Application Data\fusioncache.dat
[2008/08/16 18:14:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Glen\Application Data\desktop.ini
[2008/08/16 18:02:59 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/08/16 17:57:11 | 00,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2008/08/16 17:55:34 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2008/08/16 17:53:56 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/08/16 17:53:56 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/08/16 17:53:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/08/16 17:53:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/08/16 17:53:56 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/08/16 17:53:56 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/08/16 17:52:54 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/11 09:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008/02/05 13:28:20 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\Glen\Local Settings\Application Data\setup.txt
[2008/01/12 10:11:14 | 00,002,045 | -H-- | C] () -- C:\WINDOWS\System32\whla32dd.dll
[2007/07/27 14:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2006/10/11 16:50:42 | 00,122,880 | ---- | C] () -- C:\WINDOWS\mk4vc60.dll
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/12/05 19:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/08/19 15:59:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/19 14:00:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/08/18 13:02:39 | 00,000,819 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/18 12:21:13 | 00,000,762 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/18 12:20:45 | 00,000,551 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/18 12:20:43 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/18 05:26:50 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/05 13:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/10/15 17:31:56 | 00,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2003/07/17 08:46:42 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/03/21 15:39:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL

========== LOP Check ==========

[2009/09/18 20:36:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2008/08/17 12:52:48 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/01/13 11:02:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\License
[2008/08/20 10:53:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2009/02/11 22:31:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/01/16 20:59:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2009/09/08 19:07:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/06 12:39:22 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
[2009/05/24 11:52:24 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\Glen\Application Data\.#
[2008/08/19 06:18:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\123 Free Solitaire
[2009/01/02 13:22:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\ACD Systems
[2009/02/03 17:46:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\AKVIS LLC
[2008/08/20 22:30:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Anthropics
[2009/06/14 09:12:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Canneverbe_Limited
[2008/08/17 21:41:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Canon
[2009/09/18 21:00:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\CBS Interactive
[2009/09/24 18:15:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\com.zipeg
[2009/04/24 08:45:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\DeepBurner
[2009/05/16 22:12:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\gtk-2.0
[2008/08/16 18:15:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\InterMute
[2009/06/05 13:12:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\IObit
[2009/06/28 18:45:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\iScreensaver
[2008/08/26 13:23:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Leadertech
[2009/09/09 17:38:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\LEGO Company
[2009/01/31 14:18:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\NeatImage SL
[2008/12/22 16:28:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\OpenOffice.org
[2009/07/19 15:58:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\PetEyePilot
[2009/11/11 23:50:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\PhotoCleaner
[2009/07/19 16:06:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\RetouchPilot
[2009/05/24 11:44:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Serif
[2009/07/17 10:56:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\SiteHound
[2009/07/13 07:55:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\SystemRequirementsLab
[2009/02/01 12:30:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\TeamViewer
[2008/08/30 09:38:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Template
[2008/08/16 21:50:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Thunderbird
[2008/12/06 11:03:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\uniblue
[2009/06/09 18:27:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Unity
[2008/08/19 09:15:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\WinPatrol
[2009/11/09 14:16:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Zipeg
[2004/08/10 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/15 17:54:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/15 22:33:36 | 00,000,546 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1957F8A9
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:810B9F0D
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DAF83BD
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FB286BF
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >

starbuck · Feb 2, 2014

Re: Got a window re "cmd.exe"

Hi Mara,

Ok, a couple of things:

You are running the Windows Firewall and the Sygate Personal Firewall.
This is not recommended, it will cause your system to slow down and may effect your internet connection.

Please turn off the Windows Firewall.

How to turn off Windows Firewall:
Start ... Control Panel ...click on 'Classic View'.
now select Windows Firewall.
When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok

Recommendation.
SuperAntiSpyware doesn't need to start when Windows starts.
You can start it manually when you need to do a scan.

To change this:
Restart SuperAntiSpyware...
Then from the main page, Click on the Preferences button....then untick... 'Start SuperAntiSpyware when Windows starts'.
Then click Close. and then Close on the next screen to exit the program.

You forgot to post the Extras.txt from Otl.

Now let's get some cleaning up done:

Step 1
Double click on OTL.exe to run it.
Copy the lines in the codebox below. (make sure you include the first lot of : )
Code:
:Otl
DRV - (is-PT13Cdrv) -- File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\Glen\Start Menu\Programs\Startup\is-EE9LB.lnk 
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
[2009/11/07 01:07:47 | 00,167,936 | ---- | M] () -- C:\Documents and Settings\Glen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:Files
@C:\Documents and Settings\All Users\Application Data\TEMP:1957F8A9
@C:\Documents and Settings\All Users\Application Data\TEMP:810B9F0D
@C:\Documents and Settings\All Users\Application Data\TEMP:8DAF83BD
@C:\Documents and Settings\All Users\Application Data\TEMP:9FB286BF
@C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29

:commands
[emptytemp]
[purity]
[start explorer]
Return to OTL,

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

.

Click the red Run Fix button.

If OTListIt prompts for permission to reboot the computer, allow it to do so.

After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log in your next reply.

Step 2
There's a couple of files on your system that i'd like you to check out for me please:

Make sure that you can see hidden files.

Click Start.

Click My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Uncheck the Hide file extensions for known file types.

Click OK.

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following files in bold and click Submit.(one at a time)

C:\WINDOWS\System32\EE25177F65.dll
C:\WINDOWS\System32\whla32dd.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: VirusTotal - Free Online Virus and Malware Scan

Step 3
Please download Malwarebytes Anti-Malware and save it to your desktop.

Make sure you are connected to the Internet.

Double-click on Download_mbam-setup.exe to install the application.

When the installation begins, follow the prompts and do not make any changes to default settings.

When installation has finished, make sure you leave both of these checked:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Full Scan" option is selected.

Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

Make sure that everything is checked, and click Remove Selected.

When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

In your next reply, please submit:
Report from OTL that comes up after the fix.
File reports from Jotti
MBAM scan report

Thanks.

Mara · Nov 16, 2009

Re: Got a window re "cmd.exe"

Have disabled Windows Firewall
Have stopped Super-Antispyware from running all the time

You forgot to post the Extras.txt from Otl. ...

Hmmm ... if seem to have got myself befuddled here as I copied/pasted the entire scan results ... and right at the bottom it says, <End of Report> ... I can run it again and look for the word 'extras', though.

Off I go to do the next steps - thank you, thank you!!

Mara · Nov 16, 2009

Re: Got a window re "cmd.exe"

Had to try twice because mid-way through the first attempt, a little window came up on screen saying:

"Error:
Invalid time Flag! (cabsa.cab (Sympantec RuFSI Utility Class)). Must be numerical".

But it worked on the second try and below is the results:

All processes killed
========== OTL ==========
Unable to stop service is-PT13Cdrv!
Service\Driver key is-PT13Cdrv not found.
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
C:\Documents and Settings\Glen\Start Menu\Programs\Startup\is-EE9LB.lnk moved successfully.
Starting removal of ActiveX control {644E432F-49D3-41A1-8DD5-E099162EEEC5}
C:\WINDOWS\Downloaded Program Files\CabSA.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\Glen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== FILES ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1957F8A9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:810B9F0D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8DAF83BD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9FB286BF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Glen
->Temp folder emptied: 1068827 bytes
->Temporary Internet Files folder emptied: 9411537 bytes
->Java cache emptied: 19173470 bytes
->FireFox cache emptied: 284642045 bytes
->Apple Safari cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 344358 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2430486 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 38912 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 299412 bytes

Total Files Cleaned = 302.86 mb

OTL by OldTimer - Version 3.1.5.0 log created on 11162009_191615

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_65c.dat moved successfully.

Registry entries deleted on Reboot...

Mara · Nov 16, 2009

Re: Got a window re "cmd.exe"

Jotti "found nothing" re both file scans.

On to the next step.

Mara · Nov 16, 2009

Re: Got a window re "cmd.exe"

Next scan result:

Malwarebytes' Anti-Malware 1.41
Database version: 3185
Windows 5.1.2600 Service Pack 3

11/16/2009 8:23:47 PM
mbam-log-2009-11-16 (20-23-47).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Objects scanned: 189514
Time elapsed: 43 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Log in or Sign up

Got a window re "cmd.exe" (Solved)

Mara Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

Mara Registered Members

BSchwarz Guest

Mara Registered Members

DSTM (Dougie) Registered Members

Mara Registered Members

Mara Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

Mara Registered Members

allheart55 (Cindy E) Administrator Administrator

Mara Registered Members

starbuck Rest In Peace Pete Administrator

Mara Registered Members

Mara Registered Members

starbuck Rest In Peace Pete Administrator

Mara Registered Members

Mara Registered Members

Mara Registered Members

Mara Registered Members

Share This Page

Log in or Sign up

Got a window re "cmd.exe" (Solved)

Mara Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

Mara Registered Members

BSchwarz Guest

Mara Registered Members

DSTM (Dougie) Registered Members

Mara Registered Members

Mara Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

Mara Registered Members

allheart55 (Cindy E) Administrator Administrator

Mara Registered Members

starbuck Rest In Peace Pete Administrator

Mara Registered Members

Mara Registered Members

starbuck Rest In Peace Pete Administrator

Mara Registered Members

Mara Registered Members

Mara Registered Members

Mara Registered Members

Share This Page

Useful Searches