Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton Disabled


  • This topic is locked This topic is locked
34 replies to this topic

#1 ps2_dude

ps2_dude

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 20 August 2008 - 10:20 AM

Hello, today for some odd reason when I turned the computer on Norton was Red and said This product has been disabled because you have not activated it. But when I click on fix the window that pops up doesnt work. I have also tried to update my Windows media player and it comes up with an error saying that it is impossible to install it or something in the lines of that. Heres the HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:54 PM, on 20/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Auto Shutdown Genius\ShutdownSvr.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Launchy\Launchy.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} - C:\Program Files\IDA\idabar.dll
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [LtMoh] C:\\Program Files\\ltmoh\\Ltmoh.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [autotd] C:\Program Files\Automatic Torrent Downloader\Automatic Torrent Downloader.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - http://www.update.microsoft.com/microsoftu...b?1211526784640
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Auto Shutdown Service (ShutdownService) - Unknown owner - C:\Program Files\Auto Shutdown Genius\ShutdownSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14337 bytes

Thanks lots in advance :thumbsup:

BC AdBot (Login to Remove)

 


#2 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:18 PM

Posted 05 September 2008 - 03:38 AM

Hello :thumbsup:


Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Edited by Baabiouz, 05 September 2008 - 03:38 AM.

Posted Image

#3 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:18 PM

Posted 10 September 2008 - 09:33 AM

This thread will now be closed.
If you need this topic reopened, please contact me.

This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image

#4 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:18 PM

Posted 11 September 2008 - 01:08 PM

Topic opened :thumbsup:
Posted Image

#5 ps2_dude

ps2_dude
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 12 September 2008 - 07:36 AM

Hey, thanks for reopening the topic. I had just tried to loading RSIT but it comes up with an error Line -1: Error: Variable must be of type "Object" but I have not done the virus scan online

#6 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:18 PM

Posted 12 September 2008 - 09:55 AM

Hello :thumbsup:

Instead of Rsit, please run OtViewIt:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Post it's logs and Kaspersky's log back here :)
Posted Image

#7 ps2_dude

ps2_dude
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 13 September 2008 - 01:19 AM

Hey, This is the OTviewIt Log:

OTViewIt logfile created on: 13/09/2008 2:15:23 PM - Run 1
OTViewIt by OldTimer - Version 1.0.3.1 Folder = C:\Documents and Settings\JUSTIN\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1022.48 Mb Total Physical Memory | 551.39 Mb Available Physical Memory | 53.93% Memory free
2.41 Gb Paging File | 2.01 Gb Available in Paging File | 83.69% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 31.42 Gb Free Space | 42.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COLLARS
Current User Name: JUSTIN
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

========== Processes - Non-Microsoft Only ==========

[07/07/2004 01:16 PM | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
[09/09/2008 09:52 PM | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[06/16/2004 03:44 PM | 00,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
[05/23/2003 12:38 PM | 00,106,496 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
[10/03/2007 09:10 PM | 00,642,048 | ---- | M] () -- C:\Program Files\Auto Shutdown Genius\ShutdownSvr.exe
[09/09/2008 08:02 PM | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[09/09/2008 09:52 PM | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[07/15/2004 08:07 AM | 00,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\ZoomingHook.exe
[11/13/2004 09:57 AM | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
[12/29/2004 08:02 AM | 00,270,336 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
[11/30/2004 01:06 PM | 00,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
[12/07/2004 09:24 PM | 00,024,576 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
[01/23/2005 03:05 AM | 00,028,672 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\TCtrlIOHook.exe
[09/16/2004 07:03 AM | 00,135,168 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
[06/03/2002 09:38 AM | 00,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
[10/11/2005 02:06 PM | 00,094,208 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE
[12/22/2004 06:21 AM | 00,823,296 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
[09/06/2003 08:16 AM | 00,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
[09/06/2004 10:50 AM | 02,125,956 | ---- | M] (OptusNet) -- C:\Program Files\OptusNet DSL Internet\DSC.exe
[01/22/2005 01:48 PM | 00,675,840 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
[12/29/2004 08:02 AM | 00,036,864 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
[10/29/2004 05:37 AM | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\agrsmmsg.exe
[07/27/2004 09:32 AM | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
[07/13/2004 08:51 PM | 00,892,928 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
[09/09/2008 09:52 PM | 01,235,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[09/05/2003 07:24 PM | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
[03/14/2003 10:38 AM | 00,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
[08/29/2003 07:05 PM | 00,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
[08/29/2003 11:14 AM | 00,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
[08/04/2008 11:34 PM | 07,667,312 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[04/02/2007 08:35 PM | 02,306,095 | ---- | M] () -- C:\Program Files\Free Download Manager\fdm.exe
[09/13/2008 02:14 PM | 00,379,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JUSTIN\Desktop\OTViewIt.exe

========== Win32 Services - Non-Microsoft Only ==========

[07/07/2004 01:16 PM | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe -- (ACS [Auto | Running])
[09/09/2008 09:52 PM | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[09/09/2008 09:52 PM | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
File not found -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
[06/16/2004 03:44 PM | 00,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
[05/23/2003 12:38 PM | 00,106,496 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
[07/09/2008 09:02 PM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
File not found -- C:\DOCUME~1\JUSTIN\LOCALS~1\Temp\NC.exe -- (NC [On_Demand | Stopped])
File not found -- C:\DOCUME~1\JUSTIN\LOCALS~1\Temp\RJZVEZA.exe -- (RJZVEZA [On_Demand | Stopped])
[06/15/2007 04:55 PM | 00,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
[10/03/2007 09:10 PM | 00,642,048 | ---- | M] () -- C:\Program Files\Auto Shutdown Genius\ShutdownSvr.exe -- (ShutdownService [Auto | Running])
File not found -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Stopped])
File not found -- C:\DOCUME~1\JUSTIN\LOCALS~1\Temp\WUDAJCDSH.exe -- (WUDAJCDSH [On_Demand | Stopped])

========== Driver Services - Non-Microsoft Only ==========

[10/29/2004 05:37 AM | 01,270,572 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[12/22/2004 02:45 PM | 00,393,600 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211 [On_Demand | Running])
[02/06/2007 03:05 PM | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32 [System | Running])
[09/09/2008 09:52 PM | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[09/09/2008 08:02 PM | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[09/09/2008 08:02 PM | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
File not found -- C:\DOCUME~1\Ness\LOCALS~1\Temp\catchme.sys -- (catchme [On_Demand | Stopped])
[12/16/2004 06:22 AM | 00,010,240 | ---- | M] (Dritek System Inc.) -- C:\DRIVERS\FN-ESSE\DPortIO.sys -- (DritekPortIO [Auto | Running])
[03/23/2005 02:41 PM | 00,030,296 | ---- | M] (Eagletron Inc.) -- C:\WINDOWS\system32\drivers\dvdriver.sys -- (DVDRIVER [Auto | Running])
File not found -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Stopped])
[12/11/2004 12:29 AM | 00,006,144 | ---- | M] (TOAHIBA, ) -- C:\Program Files\TOSHIBA\E-KEY\EKECioCtl.sys -- (EKECioCtl [System | Running])
[03/07/2003 01:07 PM | 00,029,603 | ---- | M] (GlobespanVirata Inc.) -- C:\WINDOWS\system32\drivers\glauiad.sys -- (glauiad [On_Demand | Stopped])
[08/24/2007 07:45 PM | 00,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped])
[12/12/2004 06:12 AM | 00,006,144 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Applet\HWS_IoDispatch.sys -- (HWSCtrl [System | Running])
[09/11/2003 03:36 PM | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
[01/30/2004 09:32 AM | 00,090,480 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf [System | Running])
[11/03/2005 11:32 PM | 00,028,100 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [Auto | Running])
[10/10/2003 02:23 AM | 00,032,640 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX [On_Demand | Stopped])
[10/07/2004 08:21 AM | 00,015,360 | ---- | M] (Maxtor Corp.) -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD [On_Demand | Stopped])
[01/29/2003 01:35 PM | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio [Auto | Running])
[02/22/2007 11:15 AM | 00,137,216 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd [On_Demand | Stopped])
[02/22/2007 11:15 AM | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc [On_Demand | Stopped])
[02/22/2007 11:15 AM | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj [On_Demand | Stopped])
[02/22/2007 11:15 AM | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm [On_Demand | Stopped])
[04/10/2008 11:22 PM | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
[08/10/2004 06:27 AM | 00,070,144 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
[08/04/2004 06:31 AM | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[07/31/2004 07:05 AM | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SerTVOutCtlr [System | Running])
[12/12/2004 06:12 AM | 00,006,144 | ---- | M] (TOSHIBA ) -- C:\Program Files\TOSHIBA\Windows Utilities\spDispatch.sys -- (SPCtl [System | Running])
[06/11/2007 07:11 PM | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[07/30/2004 03:05 PM | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\EKIOMngr.sys -- (SrvcEKIOMngr [System | Running])
[07/30/2004 03:05 PM | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\SSIOMngr.sys -- (SrvcSSIOMngr [System | Running])
[12/11/2004 06:00 AM | 00,006,144 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys -- (StickyMesger [System | Running])
[05/31/2006 11:46 AM | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
[12/11/2004 06:52 PM | 00,006,144 | ---- | M] (TOSHIBA ) -- C:\WINDOWS\system32\drivers\TCtrlIO.sys -- (TCtrlIO [Boot | Running])
[11/18/2004 02:30 AM | 00,147,840 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
[12/11/2004 05:49 AM | 00,006,144 | ---- | M] (TOAHIBA, ) -- C:\Program Files\TOSHIBA\TouchPad\TPECioCtl.sys -- (TPECioCtl [System | Running])
[12/14/2004 06:29 PM | 00,016,128 | ---- | M] (TOSHIBA ) -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav [System | Running])
[11/27/2004 05:04 AM | 00,029,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs [On_Demand | Running])


========== Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG" = AGRSMMSG.exe (Agere Systems)
"Apoint" = C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
"ATIPTA" = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
"AVG8_TRAY" = C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"CeEKEY" = C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
"Desktop Service Centre" = C:\Program Files\OptusNet DSL Internet\DSC.exe (OptusNet)
"dla" = C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"Easy-PrintToolBox" = C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon (CANON INC.)
"HWSetup" = C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP (TOSHIBA CO.,LTD.)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc.)
"LtMoh" = C:\\Program Files\\ltmoh\\Ltmoh.exe (Agere Systems)
"MaxtorOneTouch" = C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe (Maxtor Corporation)
"MXOBG" = C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
"NDSTray.exe" = NDSTray.exe File not found
"NeroFilterCheck" = C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"Omnipage" = C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
"PadTouch" = C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SmoothView" = C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SVPWUTIL" = C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL (TOSHIBA)
"TCtryIOHook" = TCtrlIOHook.exe (TOSHIBA)
"TOSHIBA Accessibility" = C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe (TOSHIBA)
"TPNF" = C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
"TPSMain" = TPSMain.exe (TOSHIBA Corporation)
"Tvs" = C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
"ZoomingHook" = ZoomingHook.exe (TOSHIBA)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector" = C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R (Creative Technology Ltd)
"TOSCDSPD" = C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
"WMPNSCFG" = C:\Program Files\Windows Media Player\WMPNSCFG.exe File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync" = C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)
"Nokia.PCSync" = C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)
"Creative Detector" = C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R (Creative Technology Ltd)
"TOSCDSPD" = C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
"WMPNSCFG" = C:\Program Files\Windows Media Player\WMPNSCFG.exe File not found

========== Startup Folders ==========

[12/14/2004 04:44 AM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[03/14/2003 10:38 AM | 00,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
[10/17/2005 04:35 PM | 00,256,000 | R--- | M] () -- C:\Documents and Settings\JUSTIN\Start Menu\Programs\Startup\PowerReg Scheduler.exe
[08/29/2003 07:05 PM | 00,360,448 | ---- | M] () -- C:\Documents and Settings\JUSTIN\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

========== Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
"Default_Search_URL" = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
"Local Page" = C:\WINDOWS\SYSTEM32\blank.htm
"Search Page" = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
"Start Page" = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch" = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant" = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page" = C:\WINDOWS\system32\blank.htm
"Search Page" = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
"Start Page" = http://www.google.com.au/

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page" = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
"Start Page" = http://securityresponse.symantec.com/avcenter/fix_homepage

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page" = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
"Start Page" = http://securityresponse.symantec.com/avcenter/fix_homepage

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Bar" = http://search.msn.com/spbasic.htm
"Search Page" = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
"Start Page" = http://securityresponse.symantec.com/avcenter/fix_homepage

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Bar" = http://search.msn.com/spbasic.htm
"Search Page" = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
"Start Page" = http://securityresponse.symantec.com/avcenter/fix_homepage

[HKEY_USERS\S-1-5-21-3524890968-815006414-94132602-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page" = C:\WINDOWS\system32\blank.htm
"Search Page" = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
"Start Page" = http://www.google.com.au/

[HKEY_USERS\S-1-5-21-3524890968-815006414-94132602-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} (HKLM) -- C:\Program Files\IDA\idaiehlp.dll (WestByte)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{4A368E80-174F-4872-96B5-0B27DDD11DB2} (HKLM) -- C:\Program Files\SpywareGuard\dlprotect.dll ()
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} (HKLM) -- C:\Program Files\Free Download Manager\iefdmcks.dll ()
{E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} (HKLM) -- C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)

========== Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{C70E30C7-140A-4166-A2E8-43557E62B41A}" (HKLM) -- C:\Program Files\IDA\idabar.dll (WestByte Software)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{C70E30C7-140A-4166-A2E8-43557E62B41A}" (HKLM) -- C:\Program Files\IDA\idabar.dll (WestByte Software)
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{C70E30C7-140A-4166-A2E8-43557E62B41A}" (HKLM) -- C:\Program Files\IDA\idabar.dll (WestByte Software)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3524890968-815006414-94132602-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{C70E30C7-140A-4166-A2E8-43557E62B41A}" (HKLM) -- C:\Program Files\IDA\idabar.dll (WestByte Software)
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{C70E30C7-140A-4166-A2E8-43557E62B41A}" (HKLM) -- C:\Program Files\IDA\idabar.dll (WestByte Software)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls" = ,avgrsstx.dll
>File not found --
>[09/09/2008 08:02 PM | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}" (HKLM) -- C:\Program Files\SpywareGuard\spywareguard.dll ()

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- File not found

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders" = msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
>File not found --

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[03/17/2006 12:37 PM | 00,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ede6dba-b384-11dc-a5c2-000fb055a7ec}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ede6dba-b384-11dc-a5c2-000fb055a7ec}\Shell\AutoRun]
"" = Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ede6dba-b384-11dc-a5c2-000fb055a7ec}\Shell\AutoRun\command]
"" = E:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48e96c8e-cbb1-11db-a2ad-0011f535ae42}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48e96c8e-cbb1-11db-a2ad-0011f535ae42}\Shell\AutoRun]
"" = Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48e96c8e-cbb1-11db-a2ad-0011f535ae42}\Shell\AutoRun\command]
"" = E:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{929bfc03-c4f5-11dc-a623-000fb055a7ec}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{929bfc03-c4f5-11dc-a623-000fb055a7ec}\Shell\AutoRun]
"" = Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{929bfc03-c4f5-11dc-a623-000fb055a7ec}\Shell\AutoRun\command]
"" = E:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{befe15d2-3aeb-11dd-a7ad-0011f535ae42}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{befe15d2-3aeb-11dd-a7ad-0011f535ae42}\Shell\AutoRun]
"" = Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{befe15d2-3aeb-11dd-a7ad-0011f535ae42}\Shell\AutoRun\command]
"" = E:\AutoRun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{befe15d3-3aeb-11dd-a7ad-0011f535ae42}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{befe15d3-3aeb-11dd-a7ad-0011f535ae42}\Shell\AutoRun]
"" = Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{befe15d3-3aeb-11dd-a7ad-0011f535ae42}\Shell\AutoRun\command]
"" = E:\AutoRun.exe -- File not found

========== DNS Name Servers ==========

{1B874FFE-79A4-4607-8D11-13C071B57DFC} (Servers: | Description: )
{6B29A949-8578-4E31-AFE1-D52CE656D2D9} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{85AA169B-AA41-4945-9647-E11211786715} (Servers: | Description: 1394 Net Adapter)
{91B1FBF5-B0B8-4780-AFCA-921EB9C592D6} (Servers: | Description: D-Link DSL-302G Modem)
{E2785968-60D4-4CAA-B7E3-3DC300385195} (Servers: | Description: Atheros AR5004X Wireless Network Adapter)

========== Hosts File ==========

HOSTS File = (262036 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net



========== Files/Folders - Created Within 30 days ==========

[08/21/2008 05:03 PM | -HSD | C] -- C:\RECYCLER
[08/28/2008 10:04 PM | ---D | C] -- C:\SDFix
[08/29/2008 04:51 PM | ---D | C] -- C:\Deckard
[09/12/2008 08:26 PM | ---D | C] -- C:\rsit
[09/09/2008 08:02 PM | 00,111,420 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[09/09/2008 08:02 PM | 00,211,986 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[09/09/2008 08:02 PM | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[09/09/2008 08:02 PM | 27,193,179 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[08/25/2008 09:04 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[08/25/2008 09:04 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[09/09/2008 08:02 PM | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[09/09/2008 08:02 PM | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[09/09/2008 08:02 PM | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[09/09/2008 08:02 PM | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[10 C:\WINDOWS\System32\*.tmp files]
[08/19/2008 01:33 AM | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[08/19/2008 01:33 AM | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[08/23/2008 11:05 PM | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[08/27/2008 06:09 PM | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[08/31/2008 10:13 PM | 00,069,632 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNQU70.DLL
[08/31/2008 10:13 PM | 00,339,968 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\N067UFW.DLL
[09/04/2008 06:44 PM | 00,077,824 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\DRWEBSP.DLL
[09/09/2008 08:02 PM | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[1 C:\WINDOWS\*.tmp files]
[08/20/2008 10:14 PM | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\Nircmd.exe
[08/20/2008 10:14 PM | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFind.exe
[08/20/2008 10:14 PM | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[08/20/2008 10:14 PM | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[08/20/2008 10:14 PM | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[08/20/2008 10:14 PM | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[08/20/2008 10:14 PM | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\swsc.exe
[08/20/2008 10:14 PM | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[08/20/2008 10:14 PM | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\swxcacls.exe
[08/20/2008 10:23 PM | ---D | C] -- C:\WINDOWS\temp
[09/12/2008 08:30 PM | 00,099,592 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[09/13/2008 01:00 PM | ---D | C] -- C:\WINDOWS\LastGood
[08/19/2008 12:46 AM | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[08/25/2008 10:12 PM | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[09/04/2008 06:35 PM | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg8
[08/21/2008 08:47 PM | ---D | C] -- C:\Documents and Settings\JUSTIN\Application Data\AdobeUM
[09/01/2008 01:14 AM | ---D | C] -- C:\Documents and Settings\JUSTIN\Application Data\Canon
[09/01/2008 09:25 PM | ---D | C] -- C:\Documents and Settings\JUSTIN\Application Data\Comodo
[09/09/2008 03:58 PM | ---D | C] -- C:\Documents and Settings\JUSTIN\Application Data\WinPatrol
[09/01/2008 10:00 PM | ---D | C] -- C:\Documents and Settings\JUSTIN\Local Settings\Application Data\Comodo
[09/10/2008 10:54 PM | 00,024,064 | ---- | C] () -- C:\Documents and Settings\JUSTIN\My Documents\The Undreamable Dream.doc
[09/08/2008 09:59 PM | 00,051,712 | ---- | C] () -- C:\Documents and Settings\JUSTIN\Desktop\IT Flyer.doc
[09/11/2008 11:50 PM | 00,002,632 | ---- | C] () -- C:\Documents and Settings\JUSTIN\Desktop\Andy_Williams_-_The_Impossible_Dream.mp3--MOTIVATION.3805543.TPB.torrent
[09/12/2008 09:53 PM | 03,383,235 | ---- | C] () -- C:\Documents and Settings\JUSTIN\Desktop\Ron_Killings__R-Truth_s_K-Kwik_s__Current_-_4th__Theme_-__quot_What_s_Up__quot___WWE_Edit_.flv
[09/13/2008 02:12 PM | 00,379,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JUSTIN\Desktop\OTViewIt.exe
[09/08/2008 09:58 PM | 00,000,661 | ---- | C] () -- C:\Documents and Settings\JUSTIN\Start Menu\Programs\Startup\SpywareGuard.lnk
[08/22/2008 01:14 AM | ---D | C] -- C:\Program Files\Enigma Software Group
[08/25/2008 08:54 PM | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[08/27/2008 08:16 PM | ---D | C] -- C:\Program Files\Messenger Plus! Live
[08/27/2008 08:16 PM | ---D | C] -- C:\Program Files\Windows Live
[09/01/2008 09:24 PM | ---D | C] -- C:\Program Files\COMODO
[09/01/2008 10:11 PM | ---D | C] -- C:\Program Files\SpywareGuard
[09/04/2008 06:44 PM | ---D | C] -- C:\Program Files\DrWeb
[09/09/2008 05:28 PM | ---D | C] -- C:\Program Files\AVG

========== Files - Modified Within 30 days ==========

[08/16/2008 02:41 PM | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[08/16/2008 02:41 PM | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[08/29/2008 01:05 PM | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[08/29/2008 01:05 PM | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[08/29/2008 12:49 PM | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[08/29/2008 12:49 PM | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[09/02/2008 09:07 PM | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[09/02/2008 09:07 PM | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[09/09/2008 08:02 PM | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[09/09/2008 09:17 PM | 00,211,986 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[09/12/2008 08:29 PM | 00,111,420 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[09/13/2008 01:01 PM | 27,193,179 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[08/18/2008 09:49 PM | 00,259,041 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20080821-182323.backup
[08/21/2008 06:23 PM | 00,260,593 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20080821-192544.backup
[08/21/2008 07:25 PM | 00,260,699 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20080821-194343.backup
[08/21/2008 07:43 PM | 00,260,593 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20080822-202440.backup
[08/23/2008 11:05 PM | 00,259,106 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.mvt
[08/23/2008 11:06 PM | 00,259,106 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20080824-155125.backup
[08/24/2008 10:30 PM | 00,259,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20080829-000448.backup
[08/29/2008 02:03 AM | 00,262,036 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20080830-222119.backup
[08/29/2008 12:25 AM | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20080829-020330.backup
[08/30/2008 10:21 PM | 00,262,036 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20080830-222233.backup
[08/30/2008 10:22 PM | 00,262,036 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[09/09/2008 08:02 PM | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[09/09/2008 08:02 PM | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[09/09/2008 09:52 PM | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[10 C:\WINDOWS\System32\*.tmp files]
[08/19/2008 01:43 AM | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[08/19/2008 01:43 AM | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[08/21/2008 08:10 PM | 00,444,276 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[08/24/2008 04:29 PM | 00,012,800 | -HS- | M] () -- C:\WINDOWS\System32\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\System32\Thumbs.db:encryptable
[08/28/2008 12:06 AM | 00,054,120 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[08/28/2008 12:06 AM | 00,384,038 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[09/07/2008 12:36 AM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\DRWEBSP.DLL
[09/09/2008 08:02 PM | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[09/13/2008 12:58 PM | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\*.tmp files]
[08/15/2008 05:50 PM | 00,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[08/19/2008 01:43 AM | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[08/20/2008 10:20 PM | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[08/21/2008 12:19 AM | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[08/31/2008 12:25 AM | 00,025,601 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[09/09/2008 08:53 PM | 00,000,774 | ---- | M] () -- C:\WINDOWS\win.ini
[09/11/2008 12:52 AM | 00,000,031 | ---- | M] () -- C:\WINDOWS\DaysAS.ini
[09/12/2008 08:45 PM | 00,099,592 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[09/13/2008 12:56 PM | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[09/13/2008 12:56 PM | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[08/20/2008 10:42 PM | 00,094,592 | ---- | M] () -- C:\Documents and Settings\JUSTIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[09/11/2008 10:56 PM | 00,118,272 | ---- | M] () -- C:\Documents and Settings\JUSTIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[09/12/2008 02:00 AM | 02,650,194 | -H-- | M] () -- C:\Documents and Settings\JUSTIN\Local Settings\Application Data\IconCache.db
[09/09/2008 09:09 PM | 00,002,645 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[09/12/2008 09:21 PM | 00,024,064 | ---- | M] () -- C:\Documents and Settings\JUSTIN\My Documents\The Undreamable Dream.doc
[08/23/2008 05:03 PM | 00,000,641 | ---- | M] () -- C:\Documents and Settings\JUSTIN\Desktop\µTorrent.lnk
[09/08/2008 10:16 PM | 00,051,712 | ---- | M] () -- C:\Documents and Settings\JUSTIN\Desktop\IT Flyer.doc
[09/09/2008 01:19 AM | 00,024,238 | ---- | M] () -- C:\Documents and Settings\JUSTIN\Desktop\Scrolling shooter.gb1
[09/09/2008 09:04 PM | 00,026,129 | ---- | M] () -- C:\Documents and Settings\JUSTIN\Desktop\Scrolling shooter.gmk
[09/10/2008 10:00 PM | 00,002,497 | ---- | M] () -- C:\Documents and Settings\JUSTIN\Desktop\Microsoft Office Word 2003.lnk
[09/11/2008 11:50 PM | 00,002,632 | ---- | M] () -- C:\Documents and Settings\JUSTIN\Desktop\Andy_Williams_-_The_Impossible_Dream.mp3--MOTIVATION.3805543.TPB.torrent
[09/12/2008 10:04 PM | 03,383,235 | ---- | M] () -- C:\Documents and Settings\JUSTIN\Desktop\Ron_Killings__R-Truth_s_K-Kwik_s__Current_-_4th__Theme_-__quot_What_s_Up__quot___WWE_Edit_.flv
[09/13/2008 02:14 PM | 00,379,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JUSTIN\Desktop\OTViewIt.exe
[09/08/2008 09:58 PM | 00,000,661 | ---- | M] () -- C:\Documents and Settings\JUSTIN\Start Menu\Programs\Startup\SpywareGuard.lnk

< End of report >

#8 ps2_dude

ps2_dude
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 13 September 2008 - 01:20 AM

And this is the Extras log:

OTViewIt Extras logfile created on: 13/09/2008 2:15:24 PM - Run 1
OTViewIt by OldTimer - Version 1.0.3.1 Folder = C:\Documents and Settings\JUSTIN\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1022.48 Mb Total Physical Memory | 551.39 Mb Available Physical Memory | 53.93% Memory free
2.41 Gb Paging File | 2.01 Gb Available in Paging File | 83.69% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 31.42 Gb Free Space | 42.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = jsfile] -- Reg Error: Key does not exist or could not be opened. File not found
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[08/04/2004 08:00 PM | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[01/19/2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Downloads\Software\utorrent.exe:*:Enabled:µTorrent
[10/30/2006 06:36 AM | 15,338,560 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[08/26/2008 01:45 AM | 00,219,952 | ---- | M] () -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[07/28/2007 10:28 PM | 00,177,152 | ---- | M] () -- C:\Documents and Settings\JUSTIN\Desktop\Entertainment Things\utorrent.exe:*:Enabled:µTorrent
[01/19/2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger
[04/23/2008 05:45 PM | 22,058,792 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[09/09/2008 09:52 PM | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[09/09/2008 09:21 PM | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

========== Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[09/09/2008 08:02 PM | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])
msdaipp: [HKLM - No CLSID value]
[04/23/2008 05:45 PM | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0B095086-7205-4D48-90DF-DCD16613C6D4}" =
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D917C5F-1CF9-42E0-899F-78AC10576405}" = First Step Guide
"{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}" = Security Update for CAPICOM (KB931906)
"{103BCDA0-E063-46AC-8028-64E78722ABA7}" =
"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
"{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}" =
"{2797D1CC-B68F-4098-96EF-E45700A3335C}" = DesignPro Business Cards SE
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java™ SE Development Kit 6 Update 7
"{32C32B46-41C3-438F-94F6-55FE150D50D8}" = ImageMixer EasyStepDVD
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3B124151-B6A0-492C-8838-0854B800535D}" = Creative MuVo NX-TX
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}" =
"{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{63A317D0-60A6-43FC-848A-9FE4A53B29CE}" =
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{700932B3-A964-4878-82A2-96054622A1F7}" =
"{7148F0A8-6813-11D6-A77B-00B0D0142150}" = Java 2 Runtime Environment, SE v1.4.2_15
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B2BC65-F997-4208-AEE5-CF8B809A3A71}" = TIxx21/x515
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.1
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{836612F0-1571-4C65-A4B7-58A39AA578EE}" =
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9B65F068-5A91-4B41-AE3A-0BCC34DC7904}" =
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9E54F486-CD4A-44A5-B041-16D4E1E56A53}" =
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}" =
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACCEC3BD-FFCA-4146-8587-17650B86165B}" = D-Link DSL-302G USB Driver
"{AEFAC3EB-9C53-4a36-8CDF-77B59F387294}_is1" = DVdriver Trial ver. 1.0.1.60
"{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7A1E737-0347-4B8A-B1A8-1D4624C3C45A}" = ActivePerl 5.8.8 Build 820
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE325D55-FCAF-4273-BB79-069BB8747270}" = TomTom HOME
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D524239C-FD5C-4183-A49C-7930915A9C0A}" =
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{D9A812DA-143D-4780-BEDC-FD6D41386317}" =
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB12A0E4-FD16-4E45-9D63-DECD98FFC153}" = A+ Portuguese
"{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}" =
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Auto Shutdown Genius_is1" = Auto Shutdown Genius 2.2.1
"AVG8Uninstall" = AVG Free 8.0
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"CADI" =
"CanonBJ_BJN_UTILITY" = BJ Network Tool
"CANONBJ_Deinstall_CNMCP6j.DLL" = Canon PIXMA iP4000R
"CD/DVD-ROM Generator" = CD/DVD-ROM Generator 1.50
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
"Connection Manager" =
"Creative Audio CD Ripper" =
"Creative MediaSource" =
"Creative MediaSource AudioSync Plugin" =
"Creative MediaSource CD-ROM Burner Plugin" =
"Creative MediaSource Detector" =
"Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin" =
"Creative MediaSource NOMAD MuVo Plugin" =
"Creative MediaSource Player Skin Pack" =
"Creative MuVo NX-TX Media Explorer" =
"dlatray.exe" =
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab Platinum 4_is1" = DVDFab Platinum 4.1.2.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"e-tax 2007" = e-tax 2007
"Fn-esse" = TOSHIBA Fn-esse
"Free Download Manager_is1" = Free Download Manager 2.3 BETA
"Game Maker 7.0" = Game Maker 7.0
"InstallShield Uninstall Information" =
"InstallShield_{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"InstallShield_{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
"InstallShield_{2797D1CC-B68F-4098-96EF-E45700A3335C}" = DesignPro Business Cards SE
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls
"InstallShield_{73B2BC65-F997-4208-AEE5-CF8B809A3A71}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"InstallShield_{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"InterActual Player" = InterActual Player
"Internet Download Accelerator_is1" = Internet Download Accelerator version 5.6
"IsoBuster_is1" = IsoBuster 2.0
"KB884016" =
"KB893803" =
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB898458" = Security Update for Step By Step Interactive Training (KB898458)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 10 (KB911565)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB923723" = Security Update for Step By Step Interactive Training (KB923723)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB931906" = Security Update for CAPICOM (KB931906)
"KB936782_WMP10" = Security Update for Windows Media Player 10 (KB936782)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"LastFM_is1" = Last.fm 1.5.1.29527
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Interactive Training" =
"Mozilla Firefox (2.0.0.16)" = Mozilla Firefox (2.0.0.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MSNINST" = MSN
"MuVo Driver" = MuVo Driver
"MXOFX" = USB Storage Adapter FX (MXO)
"Nero - Burning Rom!UninstallKey" =
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NeroVision!UninstallKey" =
"NMPUninstallKey" =
"Nokia PC Suite" = Nokia PC Suite
"NVEContent!UninstallKey" =
"Optus Dial-up" = Optus Dial-up
"Optus Wireless Broadband" = Optus Wireless Broadband
"OptusNet DSL" = OptusNet DSL
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"PCHealth" =
"RealJukebox 1.0" =
"RealPlayer 6.0" = RealPlayer
"RecordNow.exe" =
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SpeedUpMyPC_is1" = Uniblue SpeedUpMyPC 3
"SpywareBlaster_is1" = SpywareBlaster 4.1
"SpywareGuard_is1" = SpywareGuard v2.2
"SysInfo" = Creative System Information
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WinAVI FLV Converter 1.0_is1" = WinAVI FLV Converter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3524890968-815006414-94132602-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/09/2008 11:01:10 AM | Computer Name = COLLARS | Source = Application Error | ID = 1000
Description = Faulting application FPQNSEFY.exe, version 1.71.0.0, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Error - 3/09/2008 4:39:30 AM | Computer Name = COLLARS | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.4669, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 5/09/2008 9:58:58 AM | Computer Name = COLLARS | Source = MsiInstaller | ID = 11316
Description = Product: ActivePerl 5.8.8 Build 820 -- Error 1316. A network error
occurred while attempting to read from the file: C:\WINDOWS\Installer\ActivePerl-5.8.8.820-MSWin32-x86-274739.msi

Error - 5/09/2008 10:19:31 AM | Computer Name = COLLARS | Source = MsiInstaller | ID = 11316
Description = Product: ActivePerl 5.8.8 Build 820 -- Error 1316. A network error
occurred while attempting to read from the file: C:\WINDOWS\Installer\ActivePerl-5.8.8.820-MSWin32-x86-274739.msi

Error - 5/09/2008 10:30:48 AM | Computer Name = COLLARS | Source = MsiInstaller | ID = 11316
Description = Product: ActivePerl 5.8.8 Build 820 -- Error 1316. A network error
occurred while attempting to read from the file: C:\WINDOWS\Installer\ActivePerl-5.8.8.820-MSWin32-x86-274739.msi

Error - 6/09/2008 4:37:17 AM | Computer Name = COLLARS | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.4669, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 8/09/2008 7:47:27 AM | Computer Name = COLLARS | Source = Application Error | ID = 1000
Description = Faulting application crack.exe, version 1.0.0.0, faulting module crack.exe,
version 1.0.0.0, fault address 0x00021361.

Error - 9/09/2008 10:37:35 AM | Computer Name = COLLARS | Source = Application Error | ID = 1000
Description = Faulting application ShutdownSvr.exe, version 0.0.0.0, faulting module
kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

Error - 10/09/2008 12:53:18 PM | Computer Name = COLLARS | Source = Application Error | ID = 1000
Description = Faulting application ShutdownSvr.exe, version 0.0.0.0, faulting module
kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

Error - 11/09/2008 8:54:20 AM | Computer Name = COLLARS | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.4669, faulting
module avgssff.dll, version 8.0.0.148, fault address 0x00018741.

[ System Events ]
Error - 12/09/2008 9:24:12 AM | Computer Name = COLLARS | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.

Error - 12/09/2008 10:19:43 AM | Computer Name = COLLARS | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.

Error - 12/09/2008 10:21:43 AM | Computer Name = COLLARS | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.

Error - 13/09/2008 12:56:43 AM | Computer Name = COLLARS | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 13/09/2008 12:56:48 AM | Computer Name = COLLARS | Source = Service Control Manager | ID = 7000
Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service failed
to start due to the following error: %%3

Error - 13/09/2008 12:56:48 AM | Computer Name = COLLARS | Source = Service Control Manager | ID = 7000
Description = The Symantec Core LC service failed to start due to the following
error: %%3

Error - 13/09/2008 12:56:59 AM | Computer Name = COLLARS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 13/09/2008 12:57:41 AM | Computer Name = COLLARS | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 13/09/2008 1:00:33 AM | Computer Name = COLLARS | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.

Error - 13/09/2008 1:00:54 AM | Computer Name = COLLARS | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024d007: Automatic Updates.


< End of report >

#9 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:18 PM

Posted 13 September 2008 - 04:02 AM

Hello

Do you regonize this file:

[ Application Events ]
Error - 2/09/2008 11:01:10 AM | Computer Name = COLLARS | Source = Application Error | ID = 1000
Description = Faulting application
FPQNSEFY.exe , version 1.71.0.0, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.


?

How's your Norton working?
If you have problems with it, please uninstall it first normally and then run Norton's removal tool:
http://service1.symantec.com/Support/tsgen...005033108162039

Reboot computer and install Norton back. :thumbsup:

Before uninstalling Norton, please disconnect your computer from internet. Remember download the Norton's Removal Tool before that :)
_____________________

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window

C:\Program Files\Automatic Torrent Downloader\Automatic Torrent Downloader.exe

Click Submit/Send File
Please post back, to let me know the results.

If Jotti is too busy please try Virustotal

Please post a fresh HijackThis log and Jottis results back here :)

Ps. Have you ran Kaspersky Online Scanner? :)

Edited by Baabiouz, 13 September 2008 - 04:02 AM.

Posted Image

#10 ps2_dude

ps2_dude
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 13 September 2008 - 06:44 AM

Hey, I have run the Kaspersky Online Scanner and it did not find any viruses. I will have to remove some other components on Norton, and by the way, I have never heard of the file FPQNSEFY.exe Also I tried to send
C:\Program Files\Automatic Torrent Downloader\Automatic Torrent Downloader.exe
To both of them but, on Jotti it says 0 bytes you may have a firewall or malware blocking you from sending file But on Virustotal it just says 0 bytes sent?? I also went to check my programs folder and I cannot seem to find that file. What should I do now?

Edited by ps2_dude, 13 September 2008 - 06:45 AM.


#11 ps2_dude

ps2_dude
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 13 September 2008 - 07:01 AM

I have also forgot to mention that when I try to turn off the computer it takes a really long time and also My Computer has stopped working(the window just keeps loading) and some Real Player does not work anymore and when I try to uninstall it, it says "you do not have the adequate permission" even though I'm a Administrator. Do you think this is caused by one virus, many viruses or no viruses at all? Thanks for everything you have done so far and you have never let me down :thumbsup:

#12 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:18 PM

Posted 13 September 2008 - 09:18 AM

Hello

Use windows search (Start -> Search) to search this file:

FPQNSEFY.exe

If you find it, please scan it at virustotal/jotti and post the results back here :thumbsup:

_____________

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Please post a fresh HijackThis log, Mbam results and virustotal/jotti results back here :)
Posted Image

#13 ps2_dude

ps2_dude
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 14 September 2008 - 04:14 AM

Hey, I tried to find the file but I could not find it. I have just done a full virus scan with MalwareBytes and it has found 1 infection and I have removed it but it has not fixed the problem, heres the log like you asked:

Malwarebytes' Anti-Malware 1.28
Database version: 1147
Windows 5.1.2600 Service Pack 2

14/09/2008 4:51:50 PM
mbam-log-2008-09-14 (16-51-50).txt

Scan type: Full Scan (C:\|)
Objects scanned: 168262
Time elapsed: 1 hour(s), 18 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dllschannel.dlldigest.dllmsnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 ps2_dude

ps2_dude
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 14 September 2008 - 04:22 AM

I have also made a fresh HijackThis log and I have also noticed a hidden file in Progam Files named Zero G Registry:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:57 PM, on 14/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Auto Shutdown Genius\ShutdownSvr.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Downloads\Software\Virus Removing Softwares\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JUSTIN.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} - C:\Program Files\IDA\idabar.dll
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [LtMoh] C:\\Program Files\\ltmoh\\Ltmoh.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-3524890968-815006414-94132602-1006\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User '?')
O4 - HKUS\S-1-5-21-3524890968-815006414-94132602-1006\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R (User '?')
O4 - HKUS\S-1-5-21-3524890968-815006414-94132602-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3524890968-815006414-94132602-1006\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-21-3524890968-815006414-94132602-1006 Startup: PowerReg Scheduler.exe (User '?')
O4 - S-1-5-21-3524890968-815006414-94132602-1006 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User '?')
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - http://www.update.microsoft.com/microsoftu...b?1211526784640
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9A0EE54-1126-4DED-98A1-13F98C30FF5E}: NameServer = 61.88.88.88 61.88.88.88
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NC - Unknown owner - C:\DOCUME~1\JUSTIN\LOCALS~1\Temp\NC.exe (file missing)
O23 - Service: RJZVEZA - Unknown owner - C:\DOCUME~1\JUSTIN\LOCALS~1\Temp\RJZVEZA.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Auto Shutdown Service (ShutdownService) - Unknown owner - C:\Program Files\Auto Shutdown Genius\ShutdownSvr.exe
O23 - Service: WUDAJCDSH - Unknown owner - C:\DOCUME~1\JUSTIN\LOCALS~1\Temp\WUDAJCDSH.exe (file missing)

--
End of file - 13475 bytes

#15 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:18 PM

Posted 14 September 2008 - 04:26 AM

Hello

We can fix that:

Backup Your Registry with ERUNT
  • Please click HERE to download Erunt.zip
  • Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Please run Notepad and paste the following text into a new file:

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=" msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Reboot your computer and please do quick scan with mbam and post the results back here :thumbsup:

Edited by Baabiouz, 14 September 2008 - 04:26 AM.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users