Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Update Problem Hjt Log


  • This topic is locked This topic is locked
24 replies to this topic

#1 thefourkingdoms

thefourkingdoms

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:08:47 PM

Posted 20 September 2008 - 09:59 AM

http://www.bleepingcomputer.com/forums/topic170195-15.html
I have been redirected to this forum because superbird believes that I have a deeper problem than what was initially expected.

There are a couple of malware/spyware that have been spoted by spybot already, but they keep coming back. (see the link).

The main problem is that when I download the windows update and restart my PC the internet gets all slow and no signal goes through and my default gateway goes missing. The good thing is that my PC is still workable at that point. I decided to use a system restore and my internet goes back to normal.

Any help will be very much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:51 PM, on 9/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\admin\My Documents\Tamahome\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.smartwifi.com.ph:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188196354203
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 8556 bytes

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:47 PM

Posted 27 September 2008 - 03:16 AM

Hi thefourkingdoms,

Welcome to Bleeping Computer HijackThis forum. I am going to assist you with your problem.
Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
  • I see from the logs Megaupload Toolbar is installed on your computer:

    This program is known to be related to spyware. You may read more Megaupload Toolbar here http://www.castlecops.com/tk30914-Megaupload_Toolbar.html

    To uninstall Megaupload Toolbar:

    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    Megaupload Toolbar

    Also remove the folder in bold: C:\Program Files\Megaupload Toolbar

  • Please download ATF Cleaner by Atribune & save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.
    • If you use Firefox browser click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
  • Please download OTViewIt by OldTimer.
    • Save it to your desktop.
    • Double click on the OTViewIt icon on your desktop.
    • Click the "Scan All Users" checkbox.
    • Set File age to 30 days.
    • Type in the Custom Scans section: hijackthisbackups
    • Click Run Scan button.
    • Two reports will open, copy and paste them to your reply:
      • OTViewIt.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
  • Please copy and paste a fresh Hijackthis log to your reply.

Edited by farbar, 27 September 2008 - 03:28 AM.


#3 thefourkingdoms

thefourkingdoms
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:08:47 PM

Posted 27 September 2008 - 07:51 AM

Extras.txt

OTViewIt Extras logfile created on: 9/27/2008 9:02:09 PM - Run admin
OTViewIt by OldTimer - Version 1.0.9.1 Folder = C:\Documents and Settings\admin\My Documents\Tamahome
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

246.79 Mb Total Physical Memory | 26.74 Mb Available Physical Memory | 10.84% Memory free
633.80 Mb Paging File | 251.82 Mb Available in Paging File | 39.73% Paging File free
Paging file location(s): C:\pagefile.sys 400 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 26.36 Gb Free Space | 67.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 35.46 Gb Total Space | 35.40 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
Drive F: | 1.90 Gb Total Space | 1.57 Gb Free Space | 82.24% Space Free | Partition Type: FAT32
Drive G: | 943.89 Mb Total Space | 70.68 Mb Free Space | 7.49% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RENATO-A93BB767
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = regfile] -- regedit.exe "%1"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 08:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 08:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/27 15:03:04 | 01,018,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2007/06/11 18:16:12 | 04,670,968 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/06/11 18:16:14 | 00,091,640 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Documents and Settings\admin\Application Data\Microsoft\Installer\{D1ABD314-388E-47A8-BBB6-111624C86A02}\_2cd672ae.exe:*:Enabled:_2cd672ae
[2008/04/27 15:09:44 | 03,051,008 | ---- | M] (Flemming Christensen) -- C:\Program Files\MZ Manager 2\mzmanager.exe:*:Enabled:mzmanager
File not found -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
File not found -- C:\Documents and Settings\admin\My Documents\Tamahome\pol_6\pol_6.2\Pokemon Online.exe:*:Enabled:Multimedia Fusion Stand Alone Application
File not found -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget
[2007/08/17 06:07:08 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/02/08 19:04:46 | 00,072,264 | ---- | M] (Kaspersky Lab) -- C:\kav\kav7.0\english\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup
File not found -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus
File not found -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator
File not found -- C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)
[2007/07/02 17:10:58 | 23,237,416 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
msdaipp: [HKLM - No CLSID value]
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[2007/07/02 17:10:58 | 01,828,440 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
File not found application/octet-stream:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]
File not found application/x-complus:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]
File not found application/x-msdownload:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1E6753B9-CCE5-440C-9737-9C86BF3D35EE}"=TMTool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1"=RegAlyzer
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}"=Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}"=Java™ SE Development Kit 6 Update 7
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}"=PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}"=Mega Manager
"{48B82226-75E3-4E90-92CC-D30F79EA6380}"=Norton Security Scan
"{4BD2E114-4580-41BE-899F-60B5DC1DB2EA}"=Cogniview PDF2XL Evaluation
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skypeâ„¢ 3.2
"{67D25F86-239B-459E-91BE-340F88CECCBD}"=MZ Manager 2
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}"=LG PC Suite
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}"=Brother MFL-Pro Suite
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B6C89654-A6A2-477C-873B-724EC1C56407}"=ScanSoft PaperPort 11
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}"=LG USB Modem driver
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}"=Java DB 10.3.1.4
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{D5068583-D569-468B-9755-5FBF5848F46F}"=Sony Picture Utility
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"=Microsoft Windows Application Compatibility Database
"{DF421E99-61E6-4502-92A8-DB5EEB2CAB5A}"=Mega Manager
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"Cablenut"=Cablenut 4.08
"CANONBJ_Deinstall_CNMS300.CPD"=Canon S300
"CCleaner"=CCleaner (remove only)
"C-Media Audio"=C-Media 3D Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_20D514F1"=D-Link DFM-562IS HSFi PCI Modem
"COMODO Firewall Pro"=COMODO Firewall Pro
"Creative Live! Cam Vista IM User's Guide English"=Creative Live! Cam Vista IM User's Guide (English)
"Creative Media Lite"=Creative Media Lite
"Creative Software AutoUpdate"=Creative Software AutoUpdate
"Creative VF0260"=Creative Live! Cam Vista IM Driver (1.01.03.1104)
"Creative WebCam Center"=Creative WebCam Center
"ffdshow_is1"=ffdshow [rev 1324] [2007-07-01]
"HijackThis"=HijackThis 2.0.2
"HOMESTUDENTR"=Microsoft Office Home and Student 2007
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{4BD2E114-4580-41BE-899F-60B5DC1DB2EA}"=Cogniview PDF2XL Evaluation
"LimeWire"=LimeWire PRO 4.14.8
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5"=Microsoft .NET Framework 3.5
"Mozilla Firefox (3.0.2)"=Mozilla Firefox (3.0.2)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"QuickTime"=QuickTime
"RealPlayer 6.0"=RealPlayer
"SysInfo"=Creative System Information
"WIC"=Windows Imaging Component
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Extras"=Yahoo! Browser Services
"Yahoo! Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Search Defender"=Yahoo! Search Protection
"YInstHelper"=Yahoo! Install Manager
"ZENStoneUG"=Creative ZEN Stone User's Guide

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f6e1866890214c41"=TrophyMaster

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f6e1866890214c41"=TrophyMaster

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/25/2008 8:18:24 PM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 9/25/2008 11:13:41 PM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 9/25/2008 11:47:57 PM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 9/26/2008 6:51:31 AM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 9/26/2008 3:22:31 PM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 9/26/2008 4:10:22 PM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 9/26/2008 6:39:54 PM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 9/26/2008 9:07:13 PM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 9/27/2008 4:57:47 AM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 9/27/2008 8:04:32 AM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

[ OSession Events ]
Error - 8/10/2008 9:10:42 AM | Computer Name = RENATO-A93BB767 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1148
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/18/2008 8:36:03 PM | Computer Name = RENATO-A93BB767 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 9/20/2008 10:57:13 PM | Computer Name = RENATO-A93BB767 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0019662EEDC0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 9/22/2008 5:52:12 PM | Computer Name = RENATO-A93BB767 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 9/22/2008 5:52:12 PM | Computer Name = RENATO-A93BB767 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 9/23/2008 9:31:34 AM | Computer Name = RENATO-A93BB767 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 0019662EEDC0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 9/23/2008 5:20:56 PM | Computer Name = RENATO-A93BB767 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 9/23/2008 5:20:56 PM | Computer Name = RENATO-A93BB767 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 9/24/2008 4:53:38 PM | Computer Name = RENATO-A93BB767 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0019662EEDC0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 9/25/2008 3:31:42 PM | Computer Name = RENATO-A93BB767 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0019662EEDC0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 9/26/2008 3:21:41 PM | Computer Name = RENATO-A93BB767 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 0019662EEDC0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >


OTViewIt.txt

OTViewIt logfile created on: 9/27/2008 9:02:09 PM - Run 3
OTViewIt by OldTimer - Version 1.0.9.1 Folder = C:\Documents and Settings\admin\My Documents\Tamahome
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

246.79 Mb Total Physical Memory | 26.74 Mb Available Physical Memory | 10.84% Memory free
633.80 Mb Paging File | 251.82 Mb Available in Paging File | 39.73% Paging File free
Paging file location(s): C:\pagefile.sys 400 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 26.36 Gb Free Space | 67.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 35.46 Gb Total Space | 35.40 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
Drive F: | 1.90 Gb Total Space | 1.57 Gb Free Space | 82.24% Space Free | Partition Type: FAT32
Drive G: | 943.89 Mb Total Space | 70.68 Mb Free Space | 7.49% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RENATO-A93BB767
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/08/15 19:27:29 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2007/06/08 22:59:38 | 00,224,248 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[2008/07/18 08:27:34 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/08/25 09:23:25 | 01,655,552 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cfp.exe
[2007/01/29 21:12:14 | 00,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[2008/07/18 08:27:36 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/08/25 09:23:26 | 00,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe
[1999/12/13 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2007/04/02 14:15:40 | 00,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
[2008/05/29 15:46:18 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/04/14 08:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2007/06/11 18:16:12 | 00,103,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[2008/09/27 06:41:38 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/09/27 15:12:06 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\My Documents\Tamahome\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/18 08:27:36 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/08/15 19:27:29 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/04/14 08:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/08/25 09:23:26 | 00,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe -- (cmdAgent [Auto | Running])
[1999/12/13 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2007/04/02 14:15:40 | 00,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv [Auto | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/11/27 05:56:12 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007/02/27 15:25:10 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/05/30 20:35:58 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/07/18 08:27:38 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb [System | Running])
File not found -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv [On_Demand | Stopped])
File not found -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv [On_Demand | Stopped])
[2004/10/15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
[2008/04/14 02:46:23 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys -- (CCDECODE [On_Demand | Stopped])
[2008/08/25 09:23:27 | 00,087,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys -- (cmdGuard [System | Running])
[2008/08/25 09:23:27 | 00,024,208 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys -- (cmdHlp [System | Running])
[2005/05/12 14:21:08 | 01,332,544 | R--- | M] (C-Media Inc) -- C:\WINDOWS\System32\drivers\cmuda.sys -- (cmuda [On_Demand | Running])
[2004/09/29 15:35:30 | 00,219,136 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2004/09/29 15:33:50 | 01,036,928 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2005/09/20 11:00:54 | 01,302,332 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
[2008/08/25 09:23:27 | 00,079,760 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect [Boot | Running])
[2008/04/14 02:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys -- (intelppm [System | Running])
[2008/04/14 02:54:36 | 00,088,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irda.sys -- (irda [Auto | Running])
[2001/08/17 21:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irsir.sys -- (irsir [On_Demand | Running])
[2004/03/17 12:04:14 | 00,013,059 | R--- | M] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2008/04/14 02:39:50 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2008/04/14 02:46:25 | 00,085,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys -- (NABTSFEC [On_Demand | Stopped])
[2008/04/14 02:46:22 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisip.sys -- (NdisIP [On_Demand | Stopped])
[2001/08/17 13:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
File not found -- C:\Program Files\Softwin\BitDefender10\profos.sys -- (Profos [On_Demand | Stopped])
[2006/02/28 20:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/08 07:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 21:51:32 | 00,019,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rasirda.sys -- (Rasirda [On_Demand | Running])
[2004/08/04 06:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])
File not found -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE [On_Demand | Stopped])
[2007/11/13 18:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/14 02:46:23 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\slip.sys -- (SLIP [On_Demand | Stopped])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2007/03/01 10:34:36 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2008/04/14 02:46:21 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\streamip.sys -- (streamip [On_Demand | Stopped])
[2008/09/18 08:35:20 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
File not found -- C:\Program Files\Softwin\BitDefender10\trufos.sys -- (Trufos [On_Demand | Stopped])
[2007/07/11 10:40:18 | 00,012,416 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
[2007/07/11 15:51:48 | 00,019,840 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
[2008/04/14 02:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2007/07/11 10:45:00 | 00,021,632 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
[2006/11/04 06:45:48 | 00,178,913 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\V0260Vid.sys -- (V0260VID [On_Demand | Running])
[2004/09/29 15:34:24 | 00,702,592 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2006/02/28 20:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])
[2008/04/14 02:46:24 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys -- (WSTCODEC [On_Demand | Stopped])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WudfPf.sys -- (WudfPf [On_Demand | Stopped])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.yahoo.com
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.yahoo.com

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"SearchDefaultBranded"=
"Start Page"=http://www.yahoo.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"SearchDefaultBranded"=
"Start Page"=http://www.yahoo.com/

[HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

========== (O1) Hosts File ==========

Hosts file not found

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
{bf00e119-21a3-4fd1-b178-3b8537e75c92} (HKLM) -- C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"SITEguard" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
"{F2CF5485-4E02-4F68-819C-B92DE9277049}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
"{F2CF5485-4E02-4F68-819C-B92DE9277049}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN (Brother Industries, Ltd.)
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" -h ()
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun (Brother Industries, Ltd.)
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" (Nuance Communications, Inc.)
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" (Nuance Communications, Inc.)
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini (Nuance Communications, Inc.)
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Internet Explorer Policies ==========
[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\control panel] - present
[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\restrictions] - present
[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\control panel] - present
[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\restrictions] - present
[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\control panel] - present
[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\restrictions] - present

========== (O6 & O7) Current Version Policies ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145


========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Send to OneNote -- C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: S&end to OneNote -- C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Yahoo! Services -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Skype -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Uninstall BitDefender Online Scanner v8 -- C:\WINDOWS\bdoscandel.exe ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/9/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1188196354203 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{9600F64D-755F-11D4-A47F-0001023E6D5A}: http://web1.shutterfly.com/downloads/Uploader.cab -- Shutterfly Picture Upload Plugin
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab -- Creative Software AutoUpdate Support Package

========== (O17) DNS Name Servers ==========

{D090CBB2-1D8D-42EC-B195-19DAB18B68D4} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{FCE8FE5F-49DD-4690-B19D-C3E22D1FCA9A} (Servers: | Description: )

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=explorer.exe
>File not found --

"UIHost"=logonui.exe
>File not found --

"VMApplet"=rundll32 shell32,Control_RunDLL "sysdm.cpl"
>File not found --


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
crypt32chain: "DllName" = crypt32.dll -- File not found
cryptnet: "DllName" = cryptnet.dll -- File not found
cscdll: "DllName" = cscdll.dll -- File not found
igfxcui: "DllName" = igfxdev.dll -- File not found
ScCertProp: "DllName" = wlnotify.dll -- File not found
Schedule: "DllName" = wlnotify.dll -- File not found
sclgntfy: "DllName" = sclgntfy.dll -- File not found
SensLogn: "DllName" = WlNotify.dll -- File not found
termsrv: "DllName" = wlnotify.dll -- File not found
wlballoon: "DllName" = wlnotify.dll -- File not found

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" (HKLM) -- File not found

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>File not found --
>File not found --
>File not found --
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/07/12 10:58:07 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTORUN.INF [[autorun] | OPEN=setupSNK.exe | ICON=\SMRTNTKY\fcw.ico | ACTION=Wireless Network Setup Wizard | ]
[2008/05/25 11:05:39 | 00,000,090 | ---- | M] () -- E:\AUTORUN.INF -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18312b4a-9d4f-11dc-8236-0019662eedc0}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18312b4a-9d4f-11dc-8236-0019662eedc0}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18312b4a-9d4f-11dc-8236-0019662eedc0}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\RunDLL32.EXE -- [2008/04/14 08:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25081f18-4604-11dc-861e-0019662eedc0}\Shell]
""=Autorun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25081f18-4604-11dc-861e-0019662eedc0}\Shell\Open\command]
""=SSCVIIHOST.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ab8cef0-9ba4-11dc-8220-0019662eedc0}\Shell\AutoRun\command]
""=bar311.exe %1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ab8cef0-9ba4-11dc-8220-0019662eedc0}\Shell\Explore\command]
""=bar311.exe %1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ab8cef0-9ba4-11dc-8220-0019662eedc0}\Shell\Open\command]
""=bar311.exe %1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31902a64-7543-11dc-80dc-0019662eedc0}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31902a64-7543-11dc-80dc-0019662eedc0}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\RunDLL32.EXE -- [2008/04/14 08:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31902a64-7543-11dc-80dc-0019662eedc0}\Shell\é_†™\command]
""=NETSVCS.EXE


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e51f504-3064-11dc-a923-806d6172696f}\Shell\AutoRun\command]
""=E:\setupSNK.exe -- [2004/08/04 00:56:58 | 00,028,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72ac9b32-5373-11dc-868c-0019662eedc0}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72ac9b32-5373-11dc-868c-0019662eedc0}\Shell\Auto\command]
""=F:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72ac9b32-5373-11dc-868c-0019662eedc0}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72ac9b32-5373-11dc-868c-0019662eedc0}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72ac9b32-5373-11dc-868c-0019662eedc0}\Shell\Browser\command]
""=F:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d634e46-be4d-11dc-8369-0019662eedc0}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d634e46-be4d-11dc-8369-0019662eedc0}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\RunDLL32.EXE -- [2008/04/14 08:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d634e46-be4d-11dc-8369-0019662eedc0}\Shell\é_†™\command]
""=NETSVCS.EXE


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcf71554-30e7-11dc-859d-0019662eedc0}\Shell\AutoRun\command]
""=bar311.exe %1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcf71554-30e7-11dc-859d-0019662eedc0}\Shell\Explore\command]
""=bar311.exe %1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcf71554-30e7-11dc-859d-0019662eedc0}\Shell\Open\command]
""=bar311.exe %1

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/09/22 23:36:30 | 09,113,788 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Mama and Ivy Birthday Video Card from Pompom.AVI
[2008/09/19 21:53:09 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/19 21:53:07 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/19 21:53:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/19 14:05:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Cogniview
[2008/09/19 14:05:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cogniview
[2008/09/19 14:04:33 | 00,000,000 | ---D | C] -- C:\Program Files\CogniView
[2008/09/18 17:14:07 | 24,023,814 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\CCI09182008_00000.bmp
[2008/09/18 14:43:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Scansoft
[2008/09/18 14:40:32 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/09/18 14:40:32 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/09/18 14:40:09 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2008/09/18 14:40:09 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2008/09/18 14:36:23 | 00,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat
[2008/09/18 14:35:40 | 00,045,568 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrUsi07a.dll
[2008/09/18 14:35:39 | 01,520,640 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrWia07a.dll
[2008/09/18 14:35:39 | 00,015,295 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrScnUsb.sys
[2008/09/18 14:35:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2008/09/18 14:35:35 | 00,054,784 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\brinsstr.dll
[2008/09/18 14:35:22 | 00,094,208 | R--- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll
[2008/09/18 14:35:22 | 00,012,288 | R--- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll
[2008/09/18 14:35:22 | 00,012,288 | R--- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll
[2008/09/18 14:35:20 | 00,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BroSNMP.dll
[2008/09/18 14:35:10 | 00,163,840 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
[2008/09/18 14:35:10 | 00,006,224 | ---- | C] () -- C:\WINDOWS\CVRPAGE.BMP
[2008/09/18 14:35:10 | 00,000,000 | ---D | C] -- C:\Program Files\Brother
[2008/09/18 14:35:09 | 00,131,072 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\brunin03.dll
[2008/09/18 14:34:20 | 00,000,000 | ---D | C] -- C:\Program Files\Nuance
[2008/09/18 14:33:48 | 00,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/09/18 14:33:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2008/09/18 14:32:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2008/09/18 14:32:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/09/18 14:32:33 | 00,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2008/09/18 14:31:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2008/09/18 09:02:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2008/09/17 22:32:48 | 00,013,894 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\GMA 2.xlsx
[2008/09/11 21:16:58 | 00,000,000 | ---D | C] -- C:\Program Files\Investintech.com Inc
[2008/09/10 02:09:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\Hazel's Millward Brown files - DO NOT DELETE!
[2008/09/09 08:33:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Malwarebytes
[2008/09/09 08:32:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/09/08 20:01:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/09/08 20:01:44 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008/09/08 20:01:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\SUPERAntiSpyware.com
[2008/09/08 19:40:07 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2008/09/08 16:43:34 | 00,000,063 | ---- | C] () -- C:\WINDOWS\System\SysSD.dll
[2008/09/08 16:41:57 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareDetector
[2008/09/08 15:56:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2008/09/08 09:20:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/09/08 09:18:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2008/09/08 09:18:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/09/01 12:49:46 | 00,000,067 | ---- | C] () -- C:\WINDOWS\iltwain.ini

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/09/27 20:03:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/09/27 20:03:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/09/27 10:58:34 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/27 09:10:00 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Word 2007.lnk
[2008/09/25 04:53:40 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/23 06:25:22 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2008/09/22 23:36:25 | 09,113,788 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Mama and Ivy Birthday Video Card from Pompom.AVI
[2008/09/21 11:07:49 | 00,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/19 19:13:41 | 00,028,728 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/18 17:14:11 | 24,023,814 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\CCI09182008_00000.bmp
[2008/09/18 14:42:38 | 00,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/18 14:40:32 | 00,000,419 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2008/09/18 14:40:32 | 00,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2008/09/18 14:36:23 | 00,000,050 | ---- | M] () -- C:\WINDOWS\System32\bridf07a.dat
[2008/09/18 08:35:20 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/09/17 22:32:48 | 00,013,894 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\GMA 2.xlsx
[2008/09/10 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/08 19:56:54 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/09/08 16:43:34 | 00,000,063 | ---- | M] () -- C:\WINDOWS\System\SysSD.dll
[2008/09/06 20:06:46 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/09/01 13:00:20 | 00,000,067 | ---- | M] () -- C:\WINDOWS\iltwain.ini

========== Custom Scans ==========


========== HijackThis Backups ==========

C:\Documents and Settings\admin\My Documents\Tamahome\Hijack\backups\backup-20080922-053001-917
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\admin\My Documents\Tamahome\Hijack\backups\backup-20080922-053805-679
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

C:\Documents and Settings\admin\My Documents\Tamahome\Hijack\backups\backup-20080922-225928-469
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

======= End HijackThis Backups =========

< End of report >

Edited by thefourkingdoms, 27 September 2008 - 08:04 AM.


#4 thefourkingdoms

thefourkingdoms
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:08:47 PM

Posted 27 September 2008 - 08:05 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:46 PM, on 9/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\admin\My Documents\Tamahome\OTViewIt.exe
C:\Documents and Settings\admin\My Documents\Tamahome\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.smartwifi.com.ph:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188196354203
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 8387 bytes

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:47 PM

Posted 27 September 2008 - 08:33 AM

Well done.

I have to go now and there is no time to look it over. I'm not sure if I'm back on time tonight but I'll certainly get back to you tomorrow.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:47 PM

Posted 28 September 2008 - 04:42 AM

Hi again,

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case BitTorrent and LimeWire). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
Your computer is infected with a flash drive infection. This type of infection get carried over through removable devices (flash drive/ thump drive/ memory stick/ USB stick/ etc. Please make sure you have your removable devices ready to disinfect. Don't connect them yet.
  • Empty all p2p (BitTorrent, Limewire, etc...) download folders. They might contain infected files. Please avoid using these p2p applications until the system is clean. Using these applications at this stage might lead to reinfection or infecting other users.

  • I see on the log a proxy server is set. Tell me if you have yourself set to use a proxy server?

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Download Deckard's Association File Tool daft.exe and save it to your desktop.
    • Double click on it and click Run.
    • Click on the Scan button.
    • If it finds faulty file associations, they will appear in red beside a checkbox. If this occurs, just place a checkmark (tick) in the boxes in question (it would be .cpl,.reg and .url inyour case). Please report what is found.
    • Click the Fix button.
  • Please read this carefully: http://www.zyxware.com/articles/2007/08/14...virus-infection

    Note: It is important to have autoplay feature turned off and not to open the thump drives by double clicking. Instead rightclick the drive and select Explore

  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    • Wait until it has finished scanning and then exit the program.
    • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

  • Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
    Copy and paste the text in code box into it.

    REGEDIT4 
    
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25081f18-4604-11dc-861e-0019662eedc0}]
    
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ab8cef0-9ba4-11dc-8220-0019662eedc0}]
    
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31902a64-7543-11dc-80dc-0019662eedc0}]
    
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72ac9b32-5373-11dc-868c-0019662eedc0}]
    
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d634e46-be4d-11dc-8369-0019662eedc0}]
    
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18312b4a-9d4f-11dc-8236-0019662eedc0}]
    
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcf71554-30e7-11dc-859d-0019662eedc0}]
    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm.
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.
    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  • This step is to make sure these files are not on the system. Download FileFind.zip and unzip to your desktop.
    • Double-click FindFile.exe
    • In the box labeled "Enter the directory to search" enter the Drive: C:\
    • In the box labeled "Enter the File to Search" enter:
      SSCVIIHOST.exe
    • Click "Find" to begin the search.
    • When the search is done, it will list the total number of files found.
    • Double-click on "Export"
    • This will create and save a text file named export.txt in the root of your C:\ directory.
    • Locate export.txt and copy/paste its contents in your next post.
    • Please repeat the search also for NETSVCS.EXE and mmc32.EXE
    • Connect your removable devices and repeat the search for all three files but enter the letter of the removable drive (it could be F).
  • Please apply ATF Cleaner once more both for Internet Explorer and Firefox.

  • Please do a scan with Kaspersky Online Scanner


    Click on the Accept button and install any components it needs.
    • The program will install and then begin downloading the latest definition files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run.
    • Once the scan is complete, click on View scan report
    • Now, click on the Save Report as button.
    • Save the file to your desktop.
    • Copy and paste that information in your next post.
  • Please run OTViewIt once more as before and copy/paste only the OTViewIt.txt to your reply.

  • Please copy and paste a fresh Hijackthis log to your reply.
Please copy/paste in your next reply:
  • If you have set a proxy server.
  • The Kaspersky scan.
  • The OTViewIt.txt.
  • The Hijackthis log


#7 thefourkingdoms

thefourkingdoms
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:08:47 PM

Posted 28 September 2008 - 08:31 AM

when I choose to run flash disinfector, nothing appears when I click it. Is it normal

How do I know if I have myself set to use a proxy server? Is it bad?

Edited by thefourkingdoms, 28 September 2008 - 09:58 AM.


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:47 PM

Posted 28 September 2008 - 10:50 AM

  • Running flash-disinfector:

    When you run it you should first get a popup window asking you to plug in your flash drive. Then the screen goes blank for a second and after that you get a popup with finished/done message. The disinfection won't take more than a few seconds, but you should get those notifications. If you didn't your security programs might prevent the tool from running. You can disconnect from internet to be safe and then disable all security applications. If you don't know how visit:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Proxy server:
    If you have a home computer and have not set a proxy yourself it might be bad. If the proxy server is a malware one it means every traffic from or to your PC goes through a malware server and they have full control of the traffic.

    This line of HJT shows a proxy is set:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.smartwifi.com.ph:8080

    Information about your proxy: http://bleuken.i.ph/blogs/bleuken/2007/12/...browsing-speed/

    You can change the setting. To do that:

    Open Internet Explorer. When it is open click on Tools and then Internet Options. Then click on the Connections tab and then press the Lan Settings button. When Internet is set to use a proxy server there is a check mark in the box next to Use a proxy server for your LAN. If you uncheck it the proxy setting is removed.


#9 thefourkingdoms

thefourkingdoms
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:08:47 PM

Posted 28 September 2008 - 07:04 PM

I still can't run flash disinfector. It shows the hourglass beside the mouse pointer but after a few seconds, nothing happens.

I have set a proxy server, but I don't use it. I chose to auto detect settings.

Edited by thefourkingdoms, 28 September 2008 - 07:07 PM.


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:47 PM

Posted 29 September 2008 - 02:09 AM

Please remove your copy of Flash-disinfector and download a fresh copy using Internet Explorer. This time put it on C:\ drive instead of your desktop and run it from there. Let me know if you could run it.

If you still could not run it proceed but by step 8 skip this part:

Connect your removable devices and repeat the search for all three files but enter the letter of the removable drive (it could be F).


We postpone this step until I see the logs and make sure it is safe to connect the flash drive.

#11 thefourkingdoms

thefourkingdoms
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:08:47 PM

Posted 29 September 2008 - 03:26 AM

This is my Kaspersky log. I still can't run flash disinfector from C:
I have disabled my comodo firewall and my avira antivir while my internet is disabled but it still doesn't work.
I have done all steps except for the 6th step.

the draft tool didn't detect anything. I also did the regfix and it was successful.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, September 29, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, September 29, 2008 00:30:39
Records in database: 1270500
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 43457
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:46:01


File name / Threat name / Threats count
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080401-083754-202.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.ae 1

The selected area was scanned.

#12 thefourkingdoms

thefourkingdoms
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:08:47 PM

Posted 29 September 2008 - 03:34 AM

OTViewIt logfile created on: 9/29/2008 4:31:56 PM - Run 4
OTViewIt by OldTimer - Version 1.0.9.1 Folder = C:\Documents and Settings\admin\My Documents\Tamahome
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

246.79 Mb Total Physical Memory | 68.46 Mb Available Physical Memory | 27.74% Memory free
633.80 Mb Paging File | 292.88 Mb Available in Paging File | 46.21% Paging File free
Paging file location(s): C:\pagefile.sys 400 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 26.21 Gb Free Space | 67.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 35.46 Gb Total Space | 35.40 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RENATO-A93BB767
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/08/15 19:27:29 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2007/06/08 22:59:38 | 00,224,248 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[2008/07/18 08:27:34 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/08/25 09:23:25 | 01,655,552 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cfp.exe
[2007/01/29 21:12:14 | 00,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[2008/07/18 08:27:36 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/08/25 09:23:26 | 00,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe
[1999/12/13 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2008/05/29 15:46:18 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2007/04/02 14:15:40 | 00,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
[2008/04/14 08:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2007/06/11 18:16:12 | 00,103,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[2008/09/28 14:59:53 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/09/27 15:12:06 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\My Documents\Tamahome\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/18 08:27:36 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/08/15 19:27:29 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/04/14 08:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/08/25 09:23:26 | 00,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe -- (cmdAgent [Auto | Running])
[1999/12/13 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2007/04/02 14:15:40 | 00,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv [Auto | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/11/27 05:56:12 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007/02/27 15:25:10 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/05/30 20:35:58 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/07/18 08:27:38 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb [System | Running])
File not found -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv [On_Demand | Stopped])
File not found -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv [On_Demand | Stopped])
[2004/10/15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
[2008/04/14 02:46:23 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys -- (CCDECODE [On_Demand | Stopped])
[2008/08/25 09:23:27 | 00,087,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys -- (cmdGuard [System | Running])
[2008/08/25 09:23:27 | 00,024,208 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys -- (cmdHlp [System | Running])
[2005/05/12 14:21:08 | 01,332,544 | R--- | M] (C-Media Inc) -- C:\WINDOWS\System32\drivers\cmuda.sys -- (cmuda [On_Demand | Running])
[2004/09/29 15:35:30 | 00,219,136 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2004/09/29 15:33:50 | 01,036,928 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2005/09/20 11:00:54 | 01,302,332 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
[2008/08/25 09:23:27 | 00,079,760 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect [Boot | Running])
[2008/04/14 02:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys -- (intelppm [System | Running])
[2008/04/14 02:54:36 | 00,088,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irda.sys -- (irda [Auto | Running])
[2001/08/17 21:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irsir.sys -- (irsir [On_Demand | Running])
[2004/03/17 12:04:14 | 00,013,059 | R--- | M] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2008/04/14 02:39:50 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2008/04/14 02:46:25 | 00,085,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys -- (NABTSFEC [On_Demand | Stopped])
[2008/04/14 02:46:22 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisip.sys -- (NdisIP [On_Demand | Stopped])
[2001/08/17 13:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
File not found -- C:\Program Files\Softwin\BitDefender10\profos.sys -- (Profos [On_Demand | Stopped])
[2006/02/28 20:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/08 07:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 21:51:32 | 00,019,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rasirda.sys -- (Rasirda [On_Demand | Running])
[2004/08/04 06:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])
File not found -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE [On_Demand | Stopped])
[2007/11/13 18:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/14 02:46:23 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\slip.sys -- (SLIP [On_Demand | Stopped])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2007/03/01 10:34:36 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2008/04/14 02:46:21 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\streamip.sys -- (streamip [On_Demand | Stopped])
[2008/09/18 08:35:20 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
File not found -- C:\Program Files\Softwin\BitDefender10\trufos.sys -- (Trufos [On_Demand | Stopped])
[2007/07/11 10:40:18 | 00,012,416 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
[2007/07/11 15:51:48 | 00,019,840 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
[2008/04/14 02:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2007/07/11 10:45:00 | 00,021,632 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
[2006/11/04 06:45:48 | 00,178,913 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\V0260Vid.sys -- (V0260VID [On_Demand | Running])
[2004/09/29 15:34:24 | 00,702,592 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2006/02/28 20:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])
[2008/04/14 02:46:24 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys -- (WSTCODEC [On_Demand | Stopped])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WudfPf.sys -- (WudfPf [On_Demand | Stopped])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.yahoo.com
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.yahoo.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"SearchDefaultBranded"=
"Start Page"=http://www.yahoo.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"SearchDefaultBranded"=
"Start Page"=http://www.yahoo.com/

[HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

========== (O1) Hosts File ==========

Hosts file not found

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
{bf00e119-21a3-4fd1-b178-3b8537e75c92} (HKLM) -- C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"SITEguard" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
"{F2CF5485-4E02-4F68-819C-B92DE9277049}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
"{F2CF5485-4E02-4F68-819C-B92DE9277049}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN (Brother Industries, Ltd.)
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" -h ()
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun (Brother Industries, Ltd.)
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" (Nuance Communications, Inc.)
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" (Nuance Communications, Inc.)
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini (Nuance Communications, Inc.)
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Internet Explorer Policies ==========
[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\control panel] - present
[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\restrictions] - present
[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\control panel] - present
[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\restrictions] - present
[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\control panel] - present
[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\restrictions] - present

========== (O6 & O7) Current Version Policies ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145


========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Send to OneNote -- C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: S&end to OneNote -- C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Yahoo! Services -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Skype -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Uninstall BitDefender Online Scanner v8 -- C:\WINDOWS\bdoscandel.exe ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/9/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1188196354203 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{9600F64D-755F-11D4-A47F-0001023E6D5A}: http://web1.shutterfly.com/downloads/Uploader.cab -- Shutterfly Picture Upload Plugin
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab -- Creative Software AutoUpdate Support Package

========== (O17) DNS Name Servers ==========

{D090CBB2-1D8D-42EC-B195-19DAB18B68D4} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{FCE8FE5F-49DD-4690-B19D-C3E22D1FCA9A} (Servers: | Description: )

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=explorer.exe
>File not found --

"UIHost"=logonui.exe
>File not found --

"VMApplet"=rundll32 shell32,Control_RunDLL "sysdm.cpl"
>File not found --


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
crypt32chain: "DllName" = crypt32.dll -- File not found
cryptnet: "DllName" = cryptnet.dll -- File not found
cscdll: "DllName" = cscdll.dll -- File not found
igfxcui: "DllName" = igfxdev.dll -- File not found
ScCertProp: "DllName" = wlnotify.dll -- File not found
Schedule: "DllName" = wlnotify.dll -- File not found
sclgntfy: "DllName" = sclgntfy.dll -- File not found
SensLogn: "DllName" = WlNotify.dll -- File not found
termsrv: "DllName" = wlnotify.dll -- File not found
wlballoon: "DllName" = wlnotify.dll -- File not found

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" (HKLM) -- File not found

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>File not found --
>File not found --
>File not found --
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/07/12 10:58:07 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTORUN.INF [[autorun] | OPEN=setupSNK.exe | ICON=\SMRTNTKY\fcw.ico | ACTION=Wireless Network Setup Wizard | ]
[2008/05/25 11:05:39 | 00,000,090 | ---- | M] () -- E:\AUTORUN.INF -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e51f504-3064-11dc-a923-806d6172696f}\Shell\AutoRun\command]
""=E:\setupSNK.exe -- [2004/08/04 00:56:58 | 00,028,672 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/09/29 16:19:04 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Flash_Disinfector.exe
[2008/09/22 23:36:30 | 09,113,788 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Mama and Ivy Birthday Video Card from Pompom.AVI
[2008/09/19 21:53:09 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/19 21:53:07 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/19 21:53:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/19 14:05:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Cogniview
[2008/09/19 14:05:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cogniview
[2008/09/19 14:04:33 | 00,000,000 | ---D | C] -- C:\Program Files\CogniView
[2008/09/18 17:14:07 | 24,023,814 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\CCI09182008_00000.bmp
[2008/09/18 14:43:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Scansoft
[2008/09/18 14:40:32 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/09/18 14:40:32 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/09/18 14:40:09 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2008/09/18 14:40:09 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2008/09/18 14:36:23 | 00,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat
[2008/09/18 14:35:40 | 00,045,568 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrUsi07a.dll
[2008/09/18 14:35:39 | 01,520,640 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrWia07a.dll
[2008/09/18 14:35:39 | 00,015,295 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrScnUsb.sys
[2008/09/18 14:35:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2008/09/18 14:35:35 | 00,054,784 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\brinsstr.dll
[2008/09/18 14:35:22 | 00,094,208 | R--- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll
[2008/09/18 14:35:22 | 00,012,288 | R--- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll
[2008/09/18 14:35:22 | 00,012,288 | R--- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll
[2008/09/18 14:35:20 | 00,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BroSNMP.dll
[2008/09/18 14:35:10 | 00,163,840 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
[2008/09/18 14:35:10 | 00,006,224 | ---- | C] () -- C:\WINDOWS\CVRPAGE.BMP
[2008/09/18 14:35:10 | 00,000,000 | ---D | C] -- C:\Program Files\Brother
[2008/09/18 14:35:09 | 00,131,072 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\brunin03.dll
[2008/09/18 14:34:20 | 00,000,000 | ---D | C] -- C:\Program Files\Nuance
[2008/09/18 14:33:48 | 00,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/09/18 14:33:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2008/09/18 14:32:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2008/09/18 14:32:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/09/18 14:32:33 | 00,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2008/09/18 14:31:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2008/09/18 09:02:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2008/09/17 22:32:48 | 00,013,894 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\GMA 2.xlsx
[2008/09/11 21:16:58 | 00,000,000 | ---D | C] -- C:\Program Files\Investintech.com Inc
[2008/09/10 02:09:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\Hazel's Millward Brown files - DO NOT DELETE!
[2008/09/09 08:33:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Malwarebytes
[2008/09/09 08:32:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/09/08 20:01:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/09/08 20:01:44 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008/09/08 20:01:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\SUPERAntiSpyware.com
[2008/09/08 19:40:07 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2008/09/08 16:43:34 | 00,000,063 | ---- | C] () -- C:\WINDOWS\System\SysSD.dll
[2008/09/08 16:41:57 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareDetector
[2008/09/08 15:56:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2008/09/08 09:20:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/09/08 09:18:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2008/09/08 09:18:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/09/01 12:49:46 | 00,000,067 | ---- | C] () -- C:\WINDOWS\iltwain.ini

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/09/29 16:19:04 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Flash_Disinfector.exe
[2008/09/29 16:12:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/09/29 16:12:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/09/27 22:24:06 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/27 09:10:00 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Word 2007.lnk
[2008/09/25 04:53:40 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/23 06:25:22 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2008/09/22 23:36:25 | 09,113,788 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Mama and Ivy Birthday Video Card from Pompom.AVI
[2008/09/21 11:07:49 | 00,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/19 19:13:41 | 00,028,728 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/18 17:14:11 | 24,023,814 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\CCI09182008_00000.bmp
[2008/09/18 14:42:38 | 00,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/18 14:40:32 | 00,000,419 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2008/09/18 14:40:32 | 00,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2008/09/18 14:36:23 | 00,000,050 | ---- | M] () -- C:\WINDOWS\System32\bridf07a.dat
[2008/09/18 08:35:20 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/09/17 22:32:48 | 00,013,894 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\GMA 2.xlsx
[2008/09/10 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/08 19:56:54 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/09/08 16:43:34 | 00,000,063 | ---- | M] () -- C:\WINDOWS\System\SysSD.dll
[2008/09/06 20:06:46 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/09/01 13:00:20 | 00,000,067 | ---- | M] () -- C:\WINDOWS\iltwain.ini
< End of report >



OTViewIt Extras logfile created on: 9/29/2008 4:31:56 PM - Run admin
OTViewIt by OldTimer - Version 1.0.9.1 Folder = C:\Documents and Settings\admin\My Documents\Tamahome
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

246.79 Mb Total Physical Memory | 68.46 Mb Available Physical Memory | 27.74% Memory free
633.80 Mb Paging File | 292.88 Mb Available in Paging File | 46.21% Paging File free
Paging file location(s): C:\pagefile.sys 400 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 26.21 Gb Free Space | 67.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 35.46 Gb Total Space | 35.40 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RENATO-A93BB767
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = regfile] -- regedit.exe "%1"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 08:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 08:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/27 15:03:04 | 01,018,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2007/06/11 18:16:12 | 04,670,968 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/06/11 18:16:14 | 00,091,640 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Documents and Settings\admin\Application Data\Microsoft\Installer\{D1ABD314-388E-47A8-BBB6-111624C86A02}\_2cd672ae.exe:*:Enabled:_2cd672ae
[2008/04/27 15:09:44 | 03,051,008 | ---- | M] (Flemming Christensen) -- C:\Program Files\MZ Manager 2\mzmanager.exe:*:Enabled:mzmanager
File not found -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
File not found -- C:\Documents and Settings\admin\My Documents\Tamahome\pol_6\pol_6.2\Pokemon Online.exe:*:Enabled:Multimedia Fusion Stand Alone Application
File not found -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget
[2007/08/17 06:07:08 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/02/08 19:04:46 | 00,072,264 | ---- | M] (Kaspersky Lab) -- C:\kav\kav7.0\english\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup
File not found -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus
File not found -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator
File not found -- C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)
[2007/07/02 17:10:58 | 23,237,416 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
msdaipp: [HKLM - No CLSID value]
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[2007/07/02 17:10:58 | 01,828,440 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
File not found application/octet-stream:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]
File not found application/x-complus:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]
File not found application/x-msdownload:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1E6753B9-CCE5-440C-9737-9C86BF3D35EE}"=TMTool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1"=RegAlyzer
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}"=Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}"=Java™ SE Development Kit 6 Update 7
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}"=PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}"=Mega Manager
"{48B82226-75E3-4E90-92CC-D30F79EA6380}"=Norton Security Scan
"{4BD2E114-4580-41BE-899F-60B5DC1DB2EA}"=Cogniview PDF2XL Evaluation
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.2
"{67D25F86-239B-459E-91BE-340F88CECCBD}"=MZ Manager 2
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}"=LG PC Suite
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}"=Brother MFL-Pro Suite
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B6C89654-A6A2-477C-873B-724EC1C56407}"=ScanSoft PaperPort 11
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}"=LG USB Modem driver
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}"=Java DB 10.3.1.4
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{D5068583-D569-468B-9755-5FBF5848F46F}"=Sony Picture Utility
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"=Microsoft Windows Application Compatibility Database
"{DF421E99-61E6-4502-92A8-DB5EEB2CAB5A}"=Mega Manager
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"Cablenut"=Cablenut 4.08
"CANONBJ_Deinstall_CNMS300.CPD"=Canon S300
"CCleaner"=CCleaner (remove only)
"C-Media Audio"=C-Media 3D Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_20D514F1"=D-Link DFM-562IS HSFi PCI Modem
"COMODO Firewall Pro"=COMODO Firewall Pro
"Creative Live! Cam Vista IM User's Guide English"=Creative Live! Cam Vista IM User's Guide (English)
"Creative Media Lite"=Creative Media Lite
"Creative Software AutoUpdate"=Creative Software AutoUpdate
"Creative VF0260"=Creative Live! Cam Vista IM Driver (1.01.03.1104)
"Creative WebCam Center"=Creative WebCam Center
"ffdshow_is1"=ffdshow [rev 1324] [2007-07-01]
"HijackThis"=HijackThis 2.0.2
"HOMESTUDENTR"=Microsoft Office Home and Student 2007
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{4BD2E114-4580-41BE-899F-60B5DC1DB2EA}"=Cogniview PDF2XL Evaluation
"LimeWire"=LimeWire PRO 4.14.8
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5"=Microsoft .NET Framework 3.5
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"QuickTime"=QuickTime
"RealPlayer 6.0"=RealPlayer
"SysInfo"=Creative System Information
"WIC"=Windows Imaging Component
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Extras"=Yahoo! Browser Services
"Yahoo! Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Search Defender"=Yahoo! Search Protection
"YInstHelper"=Yahoo! Install Manager
"ZENStoneUG"=Creative ZEN Stone User's Guide

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f6e1866890214c41"=TrophyMaster

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-73586283-842925246-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f6e1866890214c41"=TrophyMaster

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/28/2008 1:38:09 AM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 9/28/2008 2:58:13 AM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 9/28/2008 5:24:30 AM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 9/28/2008 9:10:38 AM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 9/28/2008 10:32:40 AM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 9/28/2008 2:17:17 PM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 9/28/2008 4:28:23 PM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 9/28/2008 7:54:38 PM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 9/28/2008 11:07:50 PM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 9/29/2008 4:12:54 AM | Computer Name = RENATO-A93BB767 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

[ OSession Events ]
Error - 8/10/2008 9:10:42 AM | Computer Name = RENATO-A93BB767 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1148
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/18/2008 8:36:03 PM | Computer Name = RENATO-A93BB767 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 9/20/2008 10:57:13 PM | Computer Name = RENATO-A93BB767 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0019662EEDC0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 9/22/2008 5:52:12 PM | Computer Name = RENATO-A93BB767 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 9/22/2008 5:52:12 PM | Computer Name = RENATO-A93BB767 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 9/23/2008 9:31:34 AM | Computer Name = RENATO-A93BB767 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 0019662EEDC0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 9/23/2008 5:20:56 PM | Computer Name = RENATO-A93BB767 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 9/23/2008 5:20:56 PM | Computer Name = RENATO-A93BB767 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 9/24/2008 4:53:38 PM | Computer Name = RENATO-A93BB767 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0019662EEDC0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 9/25/2008 3:31:42 PM | Computer Name = RENATO-A93BB767 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0019662EEDC0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 9/26/2008 3:21:41 PM | Computer Name = RENATO-A93BB767 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 0019662EEDC0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#13 thefourkingdoms

thefourkingdoms
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:08:47 PM

Posted 29 September 2008 - 03:36 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:55 PM, on 9/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\admin\My Documents\Tamahome\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.smartwifi.com.ph:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188196354203
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 8171 bytes

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:47 PM

Posted 29 September 2008 - 06:06 AM

You have done a good job and we alre almost there.

Please tell me about the step 8, did the files were found?

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:47 PM

Posted 29 September 2008 - 06:42 AM

BTW you can now perform the whole step 8 and post me the result.

Since you are connecting the flash drive please make a fresh OTViewIt scan. The OTviewIt.txt is enough. No need for OTviewIt extras. I want to make sure both the flash drive and the PC are clean.

Edited by farbar, 29 September 2008 - 06:43 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users