Jump to content


Photo

I am certain there is something wrong with my computer

Started by bllott , May 16 2009 04:23 PM

  • Please log in to reply
4 replies to this topic

#1 bllott

bllott

    Active Member

  • Active Members
  • 37 posts

Posted 16 May 2009 - 04:23 PM

Hello,

As instructed, here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:01 PM, on 5/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 6409 bytes

I am sure I am infected with something, if not I think I may have lots of processes that are eating up the processing power of my pc and it is slow. If that's the case please let me know which of these are not fundamental and can be stopped from running in the background.

Thank you!!

#2 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • General Admin
  • 15,731 posts

Posted 19 May 2009 - 04:25 PM

Please follow the guidelines for posting in this forum.

While we request that HJT be installed, the logs we need come from 3 other programs.

#3 bllott

bllott

    Active Member

  • Active Members
  • 37 posts

Posted 28 May 2009 - 01:21 AM

QUOTE (LoPhatPhuud @ May 19 2009, 05:25 PM) <{POST_SNAPBACK}>
Please follow the guidelines for posting in this forum.

While we request that HJT be installed, the logs we need come from 3 other programs.


I made the mistake of not reading the whole thread with the posting instructions, sorry for that.

Please find attached all the logs as instructed:


MBAM log:

Malwarebytes' Anti-Malware 1.37
Database version: 2186
Windows 5.1.2600 Service Pack 2

5/27/2009 8:54:38 PM
mbam-log-2009-05-27 (20-54-38).txt

Scan type: Quick Scan
Objects scanned: 77072
Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
C:\WINDOWS\winudpmgr.exe (Backdoor.Bot) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\a j\local settings\Temp\Adobe Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\winudpmgr.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crss.exe (Backdoor.Bot) -> Quarantined and deleted successfully.


OTListIt:


OTListIt logfile created on: 5/27/2009 9:11:29 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\em\antivirus
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.04 Mb Total Physical Memory | 176.06 Mb Available Physical Memory | 39.47% Memory free
1.03 Gb Paging File | 0.78 Gb Available in Paging File | 75.55% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 45.59 Gb Free Space | 81.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.55 Gb Total Space | 3.81 Gb Free Space | 50.43% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEX
Current User Name: a j
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/03/17 05:17:45 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/03/17 05:17:45 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/06/26 10:33:42 | 00,099,888 | ---- | M] (Logitech Inc.) -- c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
PRC - [2005/09/26 14:22:28 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/01/17 04:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/08/27 12:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2005/12/20 15:17:48 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/03/17 18:37:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2006/04/17 18:34:42 | 16,143,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2006/04/04 17:57:18 | 00,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
PRC - [2006/03/16 16:27:26 | 00,634,880 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
PRC - [2006/04/25 20:57:00 | 00,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
PRC - [2005/12/06 01:06:10 | 01,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/04/26 19:13:20 | 00,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2006/02/02 15:11:38 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2005/05/31 20:16:44 | 00,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2006/03/17 20:22:26 | 00,089,541 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2005/11/17 03:44:38 | 00,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
PRC - [2004/08/04 08:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004/08/04 08:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2005/05/31 20:16:24 | 00,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2006/06/26 10:33:32 | 00,243,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2004/12/30 03:32:20 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
PRC - [2004/08/27 12:37:00 | 00,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2009/05/02 18:49:45 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/27 21:09:20 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\em\antivirus\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/09/26 14:22:28 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe -- (ACS [Auto | Running])
SRV - [2004/07/15 04:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/03/17 05:17:45 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2005/01/17 04:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - [2007/06/13 06:23:07 | 00,005,120 | ---- | M] (COL CT. Company) -- C:\WINDOWS\system32\dnscon70.dll -- (dnscon [Auto | Running])
SRV - [2004/08/27 12:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
SRV - [2004/08/04 08:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/10/18 11:58:40 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService [On_Demand | Stopped])
SRV - [2006/06/26 10:33:42 | 00,099,888 | ---- | M] (Logitech Inc.) -- c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2006/06/26 10:33:56 | 00,091,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
SRV - [2007/06/13 06:23:07 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netmanage.dll -- (NetManager [Auto | Running])
SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/12/20 15:17:48 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/08/27 14:58:12 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2006/03/17 19:36:42 | 01,155,584 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2004/11/15 04:22:08 | 00,101,874 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2006/04/01 20:46:28 | 00,471,264 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Running])
DRV - [2006/03/17 05:24:09 | 01,520,640 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2005/02/02 01:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/01/07 20:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/04/17 19:31:26 | 04,262,912 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2003/09/11 02:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
DRV - [2006/06/26 10:33:28 | 01,587,632 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LVcKap.sys -- (LVcKap [On_Demand | Stopped])
DRV - [2006/06/26 10:33:36 | 01,952,816 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys -- (LVMVDrv [On_Demand | Stopped])
DRV - [2006/06/26 10:33:40 | 00,023,472 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2006/06/22 18:29:46 | 00,038,960 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand | Stopped])
DRV - [2005/06/01 15:33:00 | 00,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) -- C:\WINDOWS\System32\Drivers\meiudf.sys -- (meiudf [System | Running])
DRV - [2003/01/29 02:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
DRV - [2003/10/21 02:07:30 | 00,174,530 | R--- | M] (OmniVision Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\ov519vid.sys -- (ovt519 [On_Demand | Stopped])
DRV - [2003/09/19 04:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
DRV - [2006/06/22 18:29:30 | 00,293,808 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LV561AV.SYS -- (PID_0928 [On_Demand | Stopped])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/10/28 06:02:00 | 00,020,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/06/27 22:35:24 | 00,069,760 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/03 18:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2002/01/24 17:43:40 | 00,006,528 | ---- | M] () -- C:\WINDOWS\system32\Drivers\Tbiosdrv.sys -- (TBiosDrv [On_Demand | Stopped])
DRV - [2006/03/02 21:49:50 | 00,015,360 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running])
DRV - [2006/04/18 18:12:00 | 00,098,816 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\tdudf.sys -- (tdudf [Auto | Running])
DRV - [2006/01/05 19:31:20 | 00,011,264 | ---- | M] (TOSHIBA ) -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav [System | Running])
DRV - [2006/04/25 12:01:48 | 00,043,776 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Running])
DRV - [2004/08/04 02:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/02 18:49:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/02 18:49:53 | 00,000,000 | ---D | M]

[2008/11/04 10:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\mozilla\Extensions
[2008/11/04 10:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/11/04 10:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\mozilla\Firefox\Profiles\cqs99wth.default\extensions
[2008/11/04 10:12:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/02 18:49:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/02 18:49:44 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/02 18:49:44 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/12 09:47:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/12 09:47:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/12 09:47:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/12 09:47:14 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/12 09:47:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/12 09:47:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/12 09:47:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (306096 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100-- The nicest hobby on Earth ;) --links.com
O1 - Hosts: 127.0.0.1 www.100-- The nicest hobby on Earth ;) --links.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10539 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" (Logitech Inc.)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL (TOSHIBA)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/03 14:51:28 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/27 20:54:28 | 00,000,306 | RHS- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{49d53d60-c6ee-11dc-8fe6-0016e35f3114}\Shell - "" = AutoRun
O33 - MountPoints2\{49d53d60-c6ee-11dc-8fe6-0016e35f3114}\Shell\Auto\command - "" = E:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- [2004/08/04 05:00:00 | 00,089,600 | RHS- | M] ()
O33 - MountPoints2\{49d53d60-c6ee-11dc-8fe6-0016e35f3114}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{49d53d60-c6ee-11dc-8fe6-0016e35f3114}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- File not found
O33 - MountPoints2\{49d53d60-c6ee-11dc-8fe6-0016e35f3114}\Shell\Browser\command - "" = E:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- [2004/08/04 05:00:00 | 00,089,600 | RHS- | M] ()
O33 - MountPoints2\{5ccdb97c-7203-11dd-9124-0016e35f3114}\Shell - "" = AutoRun
O33 - MountPoints2\{5ccdb97c-7203-11dd-9124-0016e35f3114}\Shell\Auto\command - "" = E:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- [2004/08/04 05:00:00 | 00,089,600 | RHS- | M] ()
O33 - MountPoints2\{5ccdb97c-7203-11dd-9124-0016e35f3114}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5ccdb97c-7203-11dd-9124-0016e35f3114}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- File not found
O33 - MountPoints2\{5ccdb97c-7203-11dd-9124-0016e35f3114}\Shell\Browser\command - "" = E:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- [2004/08/04 05:00:00 | 00,089,600 | RHS- | M] ()
O33 - MountPoints2\{7e0b37c8-cc58-11dc-9002-0016e35f3114}\Shell - "" = AutoRun
O33 - MountPoints2\{7e0b37c8-cc58-11dc-9002-0016e35f3114}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a7264932-6f2c-11dd-911f-0016e35f3114}\Shell - "" = AutoRun
O33 - MountPoints2\{a7264932-6f2c-11dd-911f-0016e35f3114}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a7264932-6f2c-11dd-911f-0016e35f3114}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a7264933-6f2c-11dd-911f-0016e35f3114}\Shell - "" = AutoRun
O33 - MountPoints2\{a7264933-6f2c-11dd-911f-0016e35f3114}\Shell\Auto\command - "" = F:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- File not found
O33 - MountPoints2\{a7264933-6f2c-11dd-911f-0016e35f3114}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a7264933-6f2c-11dd-911f-0016e35f3114}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- File not found
O33 - MountPoints2\{a7264933-6f2c-11dd-911f-0016e35f3114}\Shell\Browser\command - "" = F:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- File not found
O33 - MountPoints2\{c9d7ffcc-ac51-11dd-9160-0016e35f3114}\Shell - "" = AutoRun
O33 - MountPoints2\{c9d7ffcc-ac51-11dd-9160-0016e35f3114}\Shell\Auto\command - "" = E:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- [2004/08/04 05:00:00 | 00,089,600 | RHS- | M] ()
O33 - MountPoints2\{c9d7ffcc-ac51-11dd-9160-0016e35f3114}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c9d7ffcc-ac51-11dd-9160-0016e35f3114}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- File not found
O33 - MountPoints2\{c9d7ffcc-ac51-11dd-9160-0016e35f3114}\Shell\Browser\command - "" = E:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- [2004/08/04 05:00:00 | 00,089,600 | RHS- | M] ()
O33 - MountPoints2\{ca8d7fb2-80f7-11dd-912c-0016e35f3114}\Shell - "" = AutoRun
O33 - MountPoints2\{ca8d7fb2-80f7-11dd-912c-0016e35f3114}\Shell\Auto\command - "" = E:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- [2004/08/04 05:00:00 | 00,089,600 | RHS- | M] ()
O33 - MountPoints2\{ca8d7fb2-80f7-11dd-912c-0016e35f3114}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca8d7fb2-80f7-11dd-912c-0016e35f3114}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- File not found
O33 - MountPoints2\{ca8d7fb2-80f7-11dd-912c-0016e35f3114}\Shell\Browser\command - "" = E:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- [2004/08/04 05:00:00 | 00,089,600 | RHS- | M] ()
O33 - MountPoints2\{f04e9f77-54fe-11dd-9116-0016e35f3114}\Shell - "" = AutoRun
O33 - MountPoints2\{f04e9f77-54fe-11dd-9116-0016e35f3114}\Shell\Auto\command - "" = F:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- File not found
O33 - MountPoints2\{f04e9f77-54fe-11dd-9116-0016e35f3114}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f04e9f77-54fe-11dd-9116-0016e35f3114}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- File not found
O33 - MountPoints2\{f04e9f77-54fe-11dd-9116-0016e35f3114}\Shell\Browser\command - "" = F:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- File not found
O33 - MountPoints2\{f992c964-b372-11dc-8fcd-0016e35f3114}\Shell - "" = AutoRun
O33 - MountPoints2\{f992c964-b372-11dc-8fcd-0016e35f3114}\Shell\Auto\command - "" = E:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- [2004/08/04 05:00:00 | 00,089,600 | RHS- | M] ()
O33 - MountPoints2\{f992c964-b372-11dc-8fcd-0016e35f3114}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f992c964-b372-11dc-8fcd-0016e35f3114}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- File not found
O33 - MountPoints2\{f992c964-b372-11dc-8fcd-0016e35f3114}\Shell\Browser\command - "" = E:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- [2004/08/04 05:00:00 | 00,089,600 | RHS- | M] ()
O33 - MountPoints2\{f992c967-b372-11dc-8fcd-0016e35f3114}\Shell - "" = AutoRun
O33 - MountPoints2\{f992c967-b372-11dc-8fcd-0016e35f3114}\Shell\Auto\command - "" = E:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- [2004/08/04 05:00:00 | 00,089,600 | RHS- | M] ()
O33 - MountPoints2\{f992c967-b372-11dc-8fcd-0016e35f3114}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f992c967-b372-11dc-8fcd-0016e35f3114}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- File not found
O33 - MountPoints2\{f992c967-b372-11dc-8fcd-0016e35f3114}\Shell\Browser\command - "" = E:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- [2004/08/04 05:00:00 | 00,089,600 | RHS- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/27 21:09:44 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/05/27 20:45:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\a j\Application Data\Malwarebytes
[2009/05/27 20:45:34 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/27 20:45:33 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/27 20:45:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/27 20:45:32 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/27 20:42:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\a j\Desktop\index.php_files
[2009/05/27 20:42:56 | 00,080,847 | ---- | C] () -- C:\Documents and Settings\a j\Desktop\index.php.htm
[2009/05/25 18:17:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/05/25 18:16:37 | 00,000,000 | ---D | C] -- C:\Program Files\Macromedia
[2009/05/25 18:16:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia
[2009/05/16 12:16:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/16 11:42:04 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\a j\Desktop\Spybot - Search & Destroy.lnk
[2009/05/16 11:41:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/05/16 11:41:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/05/16 11:39:05 | 00,000,000 | ---D | C] -- C:\em
[2009/05/13 09:40:48 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\a j\Desktop\Emil employment letter.doc
[2009/05/12 10:18:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\a j\Application Data\dvdcss
[2009/04/29 21:34:01 | 00,111,616 | ---- | C] () -- C:\Documents and Settings\a j\Desktop\Jelev Asset Purchase Draft 3 April 23 2009 doc (2) Sicotte Redlined[1].doc
[2008/07/14 15:36:09 | 00,000,023 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/04/15 12:13:20 | 00,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2008/01/22 16:48:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2008/01/19 20:55:06 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/10/18 17:36:54 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2007/05/02 19:01:41 | 00,000,032 | ---- | C] () -- C:\WINDOWS\Start.INI
[2007/04/23 18:47:00 | 00,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/10/08 23:57:51 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/27 14:54:25 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/08/27 14:54:25 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/08/27 14:54:25 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/08/27 14:54:25 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/08/27 14:53:53 | 00,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2006/06/26 10:33:40 | 00,023,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/05/04 22:33:04 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/03 17:13:51 | 00,000,484 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/03 17:09:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/05/03 17:07:00 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/05/03 17:07:00 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/05/03 17:04:16 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/05/03 17:04:16 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/05/03 17:04:16 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/05/03 17:04:16 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/05/03 17:04:16 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/05/03 17:04:16 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/05/03 16:58:30 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2006/05/03 16:55:22 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/05/03 14:54:56 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/03 14:32:48 | 00,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/03 14:32:35 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/05/03 14:32:34 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/05/03 14:32:25 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/05/03 14:32:24 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\SR1000R.DLL
[2006/01/05 21:49:34 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2006/01/05 20:36:22 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2005/12/09 17:36:30 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/11/23 16:55:42 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[2009/05/27 20:59:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/27 20:59:22 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\a j\Local Settings\desktop.ini
[2009/05/27 20:59:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/27 20:59:06 | 46,777,5488 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/27 20:43:00 | 00,080,847 | ---- | M] () -- C:\Documents and Settings\a j\Desktop\index.php.htm
[2009/05/27 20:15:03 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/27 20:14:46 | 00,124,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/25 18:55:07 | 00,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2009/05/16 12:17:56 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\a j\Desktop\HijackThis.lnk
[2009/05/16 12:00:25 | 00,306,096 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/16 11:42:04 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\a j\Desktop\Spybot - Search & Destroy.lnk
[2009/05/13 09:42:15 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\a j\Desktop\Emil employment letter.doc
[2009/04/29 21:34:01 | 00,111,616 | ---- | M] () -- C:\Documents and Settings\a j\Desktop\Jelev Asset Purchase Draft 3 April 23 2009 doc (2) Sicotte Redlined[1].doc

========== LOP Check ==========

[2009/05/27 20:45:41 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\a j\Application Data
[2008/03/28 17:55:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\Addinsoft
[2008/09/29 00:24:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\Adobe
[2006/09/05 16:21:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\AdobeUM
[2006/10/07 14:32:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\Ahead
[2008/04/29 13:03:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\Apple Computer
[2008/04/15 12:14:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\deskPDF
[2009/05/12 10:18:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\dvdcss
[2009/03/16 13:07:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\Help
[2006/09/12 04:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\ICQ
[2006/05/03 14:51:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\Identities
[2006/10/03 21:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\InterVideo
[2006/08/28 00:23:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\Macromedia
[2009/05/27 20:45:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\Malwarebytes
[2008/03/30 17:23:29 | 00,000,000 | --SD | M] -- C:\Documents and Settings\a j\Application Data\Microsoft
[2006/08/27 15:50:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\Microsoft Web Folders
[2008/11/04 10:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\Mozilla
[2008/06/18 11:28:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\Real
[2006/11/07 00:41:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\Sun
[2006/05/03 17:06:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\toshiba
[2009/04/12 16:49:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\U3
[2008/01/05 14:35:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\vlc
[2007/03/25 21:17:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\a j\Application Data\WinRAR
[2009/05/27 20:45:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2006/05/03 17:02:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/10/12 20:59:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2007/04/23 19:03:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2009/05/25 18:17:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/05/27 20:45:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/22 14:06:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2006/05/03 14:56:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/05/16 11:44:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/01/04 12:45:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2004/08/04 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/05/27 20:59:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >



Extras:





OTListIt Extras logfile created on: 5/27/2009 9:11:29 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\em\antivirus
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.04 Mb Total Physical Memory | 176.06 Mb Available Physical Memory | 39.47% Memory free
1.03 Gb Paging File | 0.78 Gb Available in Paging File | 75.55% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 45.59 Gb Free Space | 81.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.55 Gb Total Space | 3.81 Gb Free Space | 50.43% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEX
Current User Name: a j
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2003/10/14 13:03:50 | 01,880,639 | ---- | M] (ICQ Inc.) -- C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ
[2005/10/18 12:50:24 | 12,116,480 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/02/22 01:23:38 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\ImageJ\jre\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\DOCUME~1\AJ09A9~1\LOCALS~1\Temp\reptile.exe:*:Enabled:Windows UDP Control Center

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI/PCIe card Driver
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}" = iTunes
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AD6E7C67-EA8D-491F-A56B-7C7B3D6B713D}" = XLSTAT-Pro
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"deskPDF 2.5 Standard_is1" = deskPDF 2.5 Standard Edition
"Fn-esse" = TOSHIBA Fn-esse
"Gel-Pro Analyzer 4.0" = Gel-Pro Analyzer 4.0
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"HijackThis" = HijackThis 2.0.2
"ICQ" = ICQ
"ImageJ_is1" = ImageJ 1.39u
"InstallShield_{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"InstallShield_{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}" = iTunes
"InstallShield_{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"InstallShield_{AD6E7C67-EA8D-491F-A56B-7C7B3D6B713D}" = XLSTAT-Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = MSN Toolbar
"MSNINST" = MSN
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"QcDrv" = Logitech? Camera Driver
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Switch" = Switch Uninstall
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"VGA USB Camera" = VGA USB Camera
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/15/2009 12:55:23 PM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application excel.exe, version 9.0.0.2719, faulting module
excel.exe, version 9.0.0.2719, fault address 0x001fad2b.

Error - 4/15/2009 12:55:36 PM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application excel.exe, version 9.0.0.2719, faulting module
excel.exe, version 9.0.0.2719, fault address 0x001fad2b.

Error - 4/15/2009 12:56:26 PM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application excel.exe, version 9.0.0.2719, faulting module
excel.exe, version 9.0.0.2719, fault address 0x001fad2b.

Error - 4/15/2009 1:00:24 PM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application excel.exe, version 9.0.0.2719, faulting module
unknown, version 0.0.0.0, fault address 0x002c00ab.

Error - 4/23/2009 4:43:01 PM | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/23/2009 7:29:48 PM | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Hanging application POWERPNT.EXE, version 9.0.0.2716, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/23/2009 7:29:48 PM | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Hanging application POWERPNT.EXE, version 9.0.0.2716, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/24/2009 5:23:19 PM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application excel.exe, version 9.0.0.2719, faulting module
excel.exe, version 9.0.0.2719, fault address 0x001fad2b.

Error - 5/12/2009 10:20:43 AM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module libvlc.dll,
version 0.0.0.0, fault address 0x0007b1b2.

Error - 5/12/2009 11:47:46 AM | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/19/2009 5:51:01 PM | Computer Name = ALEX | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/19/2009 5:51:01 PM | Computer Name = ALEX | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/19/2009 6:18:42 PM | Computer Name = ALEX | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/19/2009 6:18:42 PM | Computer Name = ALEX | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/19/2009 6:20:07 PM | Computer Name = ALEX | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/19/2009 6:20:07 PM | Computer Name = ALEX | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/19/2009 6:21:12 PM | Computer Name = ALEX | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/19/2009 6:21:12 PM | Computer Name = ALEX | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/21/2009 5:48:03 PM | Computer Name = ALEX | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.11 for the Network Card with network
address 0016E35F3114 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/27/2009 8:15:19 PM | Computer Name = ALEX | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.22 for the Network Card with network
address 0016E35F3114 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >



Checkup:



Results of screen317's Security Check version 0.98.3
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````
Windows Firewall Enabled!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````
Spybot - Search & Destroy
Malwarebytes' Anti-Malware
HijackThis 2.0.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
Spybot SDHelper is disabled!
antivirus SecurityCheck.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

Scan took -76494 seconds.
`````````End of Log```````````



Please let me know what to do next!

Thank you


#4 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • General Admin
  • 15,731 posts

Posted 30 May 2009 - 03:13 PM

It appears that MBAM removed the problems. OTListIt did not show any additional risks.

Many of the nefarious programs found on the internet are infected. The more popular the program, eg Adobe products, the more likely you are to find infected Adobe installers, especially keygens, etc. There are other alternatives to Adobe at a fraction of the price.

Let me know if there are any issues still outstanding.

#5 bllott

bllott

    Active Member

  • Active Members
  • 37 posts

Posted 30 May 2009 - 10:03 PM

That was easy!

Ok I guess everything is alright and the computer is not infected anymore!

Thanks
Back to HELP! Think you are Infected?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Gladiator Security Forum
  2. Malware Help Forum
  3. HELP! Think you are Infected?
  4. Privacy Policy
  5. GSF Board Rules ·