Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this log


  • This topic is locked This topic is locked
7 replies to this topic

#1 ne3na3

ne3na3

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 20 October 2008 - 04:28 AM

good day everybody,
i'm facing some troubles with my laptop, got the blue screen of death couple of times, its a bit slower than its supposed to be .. it gets stuck very often like once an hour or less ... and i need to restart it to get back to normal
i'm attaching the hijack this log report, and would appreciate any help

regards

Attached Files


Edited by ne3na3, 20 October 2008 - 04:32 AM.


BC AdBot (Login to Remove)

 


#2 RELOADED

RELOADED

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bahrain - East Riffa
  • Local time:05:32 AM

Posted 21 October 2008 - 12:27 AM

Hello ne3na3,

Welcome to the BleebingComputer HijackThis Logs and Malware Removal Forum.
My name is RELAODED and i'll be helping you to fix your problems. Please give me some time to look it over and I will be back to you as soon as possible.

Please consider the following:
  • I'm still in training here at BleepingComputer. However, I'll be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you. However be assured that we will be working diligently on your problem.
  • Before going through the cleaning process if you have any doubt about the listed procedures PLEASE don't hesitate to ask. No question is considered dump here at BleepingComputer.
Thanks :thumbsup:


With Regards,
RELOADED
No goal is worthy of our time and effort if all we are going to get out of it is an end result.
If I have been helping you and I don't reply within 48 hours, please shoot me a PM. Thanks.

#3 RELOADED

RELOADED

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bahrain - East Riffa
  • Local time:05:32 AM

Posted 22 October 2008 - 06:36 PM

Hi ne3na3,

Please consider the following:

First of all, Your Computer has been infected with a Backdoor:
  • A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.

    If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one,if not an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.

    Since your computer was compromised read:
    How to report ID theft, fraud, drive-by installs, hijacking and malware:

    http://www.dslreports.com/faq/10451

    When Should I Format, How Should I Reinstall:
    http://www.dslreports.com/faq/10063
-->> If you wish to attempt cleaning your machine, continue with the following:-




A. Download SDFix.exe and save it to your desktop:

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer into Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply with a new HijackThis Log.



B. Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.
    • OTViewIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Copy and Paste the logs into your next reply.



C. HijackThis Log
  • From Start | All Programs | HijackThis
  • Click on Hijackthis to start the program.
  • Choose Do a systen scan and save a logfile button.
  • A log will be produced with a name of: Hijackthis.log, and will be opened in a Notepad.
  • Please post the content of the HijackThis log file in your next reply for further review. (Note: Has been created in C:\Program Files\Trend Micro\HijackThis\hijackthis.log).


Note: In your next post I would like to see (not attached, but posted) the following please:1. The log from SDFix (Report.txt).
2. The two logs from OTviewIt (OTViewIt.txt & Extra.txt).
3. Hijackthis Log.
Thanks.


With Regards,
RELOADED
No goal is worthy of our time and effort if all we are going to get out of it is an end result.
If I have been helping you and I don't reply within 48 hours, please shoot me a PM. Thanks.

#4 ne3na3

ne3na3
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 26 October 2008 - 01:15 PM

hello
thanx for your response, sorry for my delay


SDFix: Version 1.236
Run by ne3na3 on Sun 10/26/2008 at 09:01 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\system.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 21:06:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00037aacef64]
"001f5d56a766"=hex:a3,6c,d8,e7,6f,98,4c,c8,40,ad,62,6f,52,3c,19,a6
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00037aacef64]
"001f5d56a766"=hex:a3,6c,d8,e7,6f,98,4c,c8,40,ad,62,6f,52,3c,19,a6

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\IVP\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 30 Jan 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 20 Oct 2008 12,213 A.SH. --- "C:\WINDOWS\system32\08223B03.dll"
Mon 20 Oct 2008 12,532 A.SH. --- "C:\WINDOWS\system32\122B901E.dll"
Thu 23 Oct 2008 11,699 A.SH. --- "C:\WINDOWS\system32\12B02216.dll"
Sun 26 Oct 2008 216,183 A.SH. --- "C:\WINDOWS\system32\3474A8C2.dll"
Mon 20 Oct 2008 13,419 A.SH. --- "C:\WINDOWS\system32\43ACDCC5.dll"
Mon 20 Oct 2008 11,971 A.SH. --- "C:\WINDOWS\system32\495271CA.dll"
Mon 20 Oct 2008 217,015 A.SH. --- "C:\WINDOWS\system32\4BF9CBA3.dll"
Mon 20 Oct 2008 11,698 A.SH. --- "C:\WINDOWS\system32\4D023DE9.dll"
Mon 20 Oct 2008 11,717 A.SH. --- "C:\WINDOWS\system32\4F34C688.dll"
Mon 20 Oct 2008 12,972 A.SH. --- "C:\WINDOWS\system32\58FF3024.dll"
Mon 20 Oct 2008 11,261 A.SH. --- "C:\WINDOWS\system32\7ADC2AB1.dll"
Mon 20 Oct 2008 11,379 A.SH. --- "C:\WINDOWS\system32\82710040.dll"
Mon 20 Oct 2008 11,951 A.SH. --- "C:\WINDOWS\system32\9CA963CA.dll"
Thu 23 Oct 2008 11,426 A.SH. --- "C:\WINDOWS\system32\A8FC611B.dll"
Mon 20 Oct 2008 11,657 A.SH. --- "C:\WINDOWS\system32\C250CF20.dll"
Mon 20 Oct 2008 216,485 A.SH. --- "C:\WINDOWS\system32\C56BCC10.dll"
Mon 20 Oct 2008 12,005 A.SH. --- "C:\WINDOWS\system32\D91BC61E.dll"
Mon 20 Oct 2008 12,770 A.SH. --- "C:\WINDOWS\system32\DA63E650.dll"
Mon 20 Oct 2008 217,178 A.SH. --- "C:\WINDOWS\system32\DE02F764.dll"
Sun 26 Oct 2008 11,749 A.SH. --- "C:\WINDOWS\system32\E0D39066.dll"
Sun 26 Oct 2008 216,876 A.SH. --- "C:\WINDOWS\system32\E3367679.dll"
Thu 23 Oct 2008 216,518 A.SH. --- "C:\WINDOWS\system32\EC7DA7DC.dll"
Thu 18 Sep 2008 15 ..SHR --- "C:\WINDOWS\system32\drivers\fbd.sys"
Thu 18 Sep 2008 4 ..SHR --- "C:\WINDOWS\system32\drivers\taishop.sys"
Fri 19 Sep 2008 792,104 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0ed7e495766dc4cd7e8f61063b3fe436\BIT2C.tmp"
Fri 5 Oct 2007 135,168 A.SH. --- "C:\Documents and Settings\ne3na3\Desktop\my 1.gb. glash\hamad\SIV283.tmp"
Sat 18 Aug 2007 110,592 A.SH. --- "C:\Documents and Settings\ne3na3\Desktop\my 1.gb. glash\hamad\SIV6.tmp"
Sat 18 Aug 2007 196,608 A.SH. --- "C:\Documents and Settings\ne3na3\Desktop\my 1.gb. glash\hamad\SIV9.tmp"

Finished!

#5 ne3na3

ne3na3
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 26 October 2008 - 01:18 PM

extras report from OTViewIT
OTViewIt Extras logfile created on: 10/26/2008 9:14:31 PM - Run
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\ne3na3\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.60% Memory free
3.84 Gb Paging File | 3.31 Gb Available in Paging File | 86.22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 140.26 Gb Total Space | 123.34 Gb Free Space | 87.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MINT
Current User Name: ne3na3
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 03:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 21:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 03:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/01/26 04:49:34 | 00,472,688 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine
[2007/01/26 04:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2008/08/29 20:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/11 03:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/04/13 21:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/08/11 17:46:50 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2006/10/26 23:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2008/08/11 17:46:50 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/27 07:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}"=TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}"=TOSHIBA Assist
"{1FD25FCD-6F39-4686-AFBB-7056EBAE5E68}"=Avira RootKit Detection
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}"=GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}"=TOSHIBA PC Diagnostic Tool
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{37C866E4-AA67-4725-9E95-A39968DD7960}"=Camera Assistant Software for Toshiba
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}"=TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}"=TOSHIBA Direct Disc Writer
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes
"{425A2BC2-AA64-4107-9C29-484245BBEA05}"=TOSHIBA Software Upgrades
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{5691A25E-C05B-4E0F-87DA-E80869F756C2}"=Toshiba Hotkey Utility
"{576420A5-E1F0-4C09-A07C-F689082E666F}"=Toshiba Touchpad Utility
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}"=TOSHIBA Disc Creator
"{61539202-097E-487E-9237-B291AB56D54C}"=Bluetooth Monitor 4
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}"=Norton 360
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}"=TOSHIBA Zooming Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}"=Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}"=REALTEK RTL8187B Wireless LAN Driver
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}"=Adobe Flash Player 9 ActiveX
"{8F7AC250-4D7D-431D-AC4E-94FB78EA3F8B}"=TOSHIBA Power Saver
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}"=Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}"=Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD for TOSHIBA
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{A800EE5E-D6BD-4326-BED1-F7ECBFBF91CE}"=O2Micro Flash Memory Card Reader Driver (x86)
"{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81000000003}"=Adobe Reader 8.1.0
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}"=TOSHIBA Recovery Disc Creator
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}"=TOSHIBA ConfigFree
"{C852C0FF-CDF5-43F9-A75E-CB99410FF602}"=Toshiba Utility
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}"=Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}"=TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}"=TOSHIBA Speech System Applications
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}"=Toshiba Registration
"Activation Assistant for the 2007 Microsoft Office suites"=Activation Assistant for the 2007 Microsoft Office suites
"CNXT_AUDIO_HDA"=Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF"=HDAUDIO Soft Data Fax Modem with SmartCP
"Google Desktop"=Google Desktop
"HDMI"=Intel® Graphics Media Accelerator Driver
"HijackThis"=HijackThis 2.0.2
"HotspotShield"=Hotspot Shield 1.07
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}"=TOSHIBA PC Diagnostic Tool
"InstallShield_{5691A25E-C05B-4E0F-87DA-E80869F756C2}"=Toshiba Hotkey Utility
"InstallShield_{576420A5-E1F0-4C09-A07C-F689082E666F}"=Toshiba Touchpad Utility
"InstallShield_{C852C0FF-CDF5-43F9-A75E-CB99410FF602}"=Toshiba Utility
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Picasa2"=Picasa 2
"PROHYBRIDR"=2007 Microsoft Office system
"RealPlayer 6.0"=RealPlayer
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"Windows XP Service Pack"=Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/17/2008 12:08:16 PM | Computer Name = MINT | Source = Application Error | ID = 1000
Description = Faulting application otmoveit2.exe, version 1.0.4.3, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 10/19/2008 1:51:00 PM | Computer Name = MINT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/19/2008 4:33:29 PM | Computer Name = MINT | Source = Application Error | ID = 1000
Description = Faulting application tpsmain.exe, version 1.0.15.1, faulting module
tpsmain.exe, version 1.0.15.1, fault address 0x00002cfe.

[ System Events ]
Error - 10/26/2008 1:52:26 PM | Computer Name = MINT | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 10/26/2008 1:52:26 PM | Computer Name = MINT | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 10/26/2008 1:52:26 PM | Computer Name = MINT | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 10/26/2008 1:52:26 PM | Computer Name = MINT | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 10/26/2008 1:52:26 PM | Computer Name = MINT | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 10/26/2008 1:52:26 PM | Computer Name = MINT | Source = Service Control Manager | ID = 7001
Description = The Hotspot Shield Service service depends on the DHCP Client service
which failed to start because of the following error: %%1068

Error - 10/26/2008 1:52:26 PM | Computer Name = MINT | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 10/26/2008 1:52:26 PM | Computer Name = MINT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip

Error - 10/26/2008 1:52:47 PM | Computer Name = MINT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/26/2008 1:52:47 PM | Computer Name = MINT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >


OTViewIT
OTViewIt logfile created on: 10/26/2008 9:14:31 PM - Run
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\ne3na3\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.60% Memory free
3.84 Gb Paging File | 3.31 Gb Available in Paging File | 86.22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 140.26 Gb Total Space | 123.34 Gb Free Space | 87.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MINT
Current User Name: ne3na3
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/11 02:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 20:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2005/01/18 02:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
[2008/08/27 21:14:34 | 00,084,440 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
[2007/10/04 01:45:02 | 00,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
[2007/02/13 02:43:44 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
[2007/01/26 04:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
[2008/10/26 21:03:32 | 00,017,408 | ---- | M] () -- C:\WINDOWS\system32\rpcnetp.exe
[2007/10/24 02:27:16 | 00,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
[2007/11/22 03:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
[2004/08/11 11:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008/04/14 03:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2007/06/06 00:46:52 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
[2007/06/06 00:46:24 | 00,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2007/06/06 00:46:38 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2008/01/29 00:23:18 | 00,268,152 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
[2007/06/06 00:46:44 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2007/11/30 03:31:16 | 01,024,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2007/10/26 03:41:18 | 00,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
[2006/03/16 23:58:00 | 00,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
[2008/04/14 03:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/01/05 02:10:52 | 01,773,568 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
[2007/04/10 04:07:02 | 00,159,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
[2007/06/06 00:46:34 | 00,166,680 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
[2007/05/11 13:06:32 | 00,040,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[2008/01/22 21:00:30 | 04,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
[2008/09/11 03:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/09/21 13:01:19 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/01/29 00:24:00 | 00,038,776 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
[2006/05/19 22:13:00 | 00,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
[2008/04/14 03:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/04/14 03:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/08/11 17:46:50 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/09/11 03:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/08/11 17:46:50 | 00,076,744 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
[2008/08/23 08:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/07/19 08:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/04/14 03:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/04/14 03:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/10/26 20:43:24 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ne3na3\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/11 02:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2005/09/23 18:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 20:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/01/18 02:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
[2005/09/23 18:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/03/27 00:34:15 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])
[2008/03/27 00:36:20 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/08/27 21:14:34 | 00,084,440 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService [Auto | Running])
[2007/10/04 01:45:02 | 00,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON [Auto | Running])
[2005/04/04 10:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/09/11 03:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007/02/13 02:43:44 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash [Auto | Running])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/27 00:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/01/26 04:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger [Auto | Running])
[2008/10/26 21:04:06 | 00,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll -- (rpcnetp [Unknown | Running])
[2007/10/24 02:27:16 | 00,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr [Auto | Running])
[2007/11/22 03:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv [Auto | Running])
[2004/08/11 11:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/10/20 10:12:20 | 00,005,504 | ---- | M] () -- C:\WINDOWS\system32\4901228.sys -- (4901228 [On_Demand | Stopped])
[2008/10/20 10:12:13 | 00,005,504 | ---- | M] () -- C:\WINDOWS\system32\4c70249.sys -- (4c70249 [On_Demand | Stopped])
[2008/10/23 08:13:37 | 00,005,504 | ---- | M] () -- C:\WINDOWS\system32\5102a80.sys -- (5102a80 [On_Demand | Stopped])
[2008/10/20 10:12:45 | 00,005,504 | ---- | M] () -- C:\WINDOWS\system32\8b52f47.sys -- (8b52f47 [On_Demand | Running])
[2008/10/26 08:22:37 | 00,005,504 | ---- | M] () -- C:\WINDOWS\system32\9fd8db.sys -- (9fd8db [On_Demand | Stopped])
[2007/03/22 09:36:24 | 00,043,584 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2005/06/11 07:42:00 | 00,005,504 | ---- | M] (Quanta Computer Corp) -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup [On_Demand | Running])
[2008/04/13 21:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum [On_Demand | Running])
[2008/04/13 21:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Running])
[2008/06/13 14:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2008/04/13 21:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB [On_Demand | Running])
[2008/10/20 10:13:13 | 00,005,504 | ---- | M] () -- C:\WINDOWS\system32\c551839.sys -- (c551839 [On_Demand | Stopped])
File not found -- -- (catchme [On_Demand | Running])
[2008/02/01 23:18:56 | 00,732,160 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (CnxtHdAudAddService [On_Demand | Running])
[2008/10/26 20:44:08 | 00,018,048 | ---- | M] () -- C:\WINDOWS\system32\drivers\eth8023.sys -- (eth8023 [On_Demand | Stopped])
[2008/04/17 23:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/10/15 07:07:17 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2008/10/23 08:14:25 | 00,018,144 | ---- | M] () -- C:\WINDOWS\system32\drivers\HBKernel32.sys -- (HBKernel32 [Boot | Running])
[2008/04/13 19:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007/11/02 02:25:32 | 00,211,456 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2007/11/02 02:26:36 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2007/05/16 21:14:58 | 05,707,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm [On_Demand | Running])
[2007/09/30 09:03:12 | 00,308,248 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2006/06/19 23:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2003/01/30 00:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio [Auto | Running])
[2007/09/26 16:01:32 | 02,236,032 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32 [On_Demand | Running])
[2008/03/04 19:12:06 | 00,048,600 | ---- | M] (O2Micro ) -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR [On_Demand | Running])
[2004/08/03 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/09/28 00:53:22 | 00,036,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2007/05/29 20:01:50 | 00,006,912 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\drivers\QIOMem.sys -- (QIOMem [On_Demand | Running])
[2006/01/13 02:21:18 | 00,031,872 | ---- | M] (Quanta Computer, Inc.) -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr [On_Demand | Running])
[2005/05/06 00:27:38 | 00,007,936 | ---- | M] (Quanta Computer, Inc.) -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr [On_Demand | Stopped])
[2008/04/13 21:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Running])
[2008/04/13 21:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2008/04/13 19:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/03/05 10:20:02 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2007/11/30 03:16:14 | 00,219,712 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2008/01/24 00:25:32 | 00,027,136 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn [On_Demand | Running])
[2007/02/23 01:10:30 | 00,016,128 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running])
[2007/03/26 22:22:18 | 00,105,856 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf [Auto | Running])
[2006/10/24 02:32:20 | 00,009,216 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec [On_Demand | Running])
[2007/02/19 22:15:32 | 00,134,016 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf [Auto | Running])
[2008/04/13 21:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2008/04/13 21:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
[2007/12/17 21:45:20 | 00,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR [On_Demand | Running])
[2007/11/02 02:25:22 | 00,731,520 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/13 21:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])
[2007/12/28 20:51:00 | 00,285,952 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchDefaultBranded"=
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.toshibadirect.com/dpdstart

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (214215 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.1 localhost
127.1 fffff8888fsgfbghj88.cn
127.1 61.134.37.12
127.1 ko.ssa387.cn
127.1 www.ndxrr.cn
127.1 12345.ssa387.cn
127.1 lihai88.com
127.1 wwwwhf.cn
127.1 a89369093.sq.u9idc.com
127.1 www.mmd178.cn
127.1 www.178mmd.cn
127.1 www.wenzhuoyyy.cn
127.1 tw.lovechina.tw.cn
127.1 222.189.238.151
127.1 222.179.185.78
127.1 www.wq9q.cn
127.1 593ffcey.cn
127.1 set.yay520.cn
127.1 tenmoc999.cn
127.1 lihai88.com
127.1 121.kcuf-01.com
127.1 www.ew1q.cn
127.1 www.b3sk.cn
127.1 up.bizmd.cn
127.1 www.ms2a.cn
9660 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
{97421D0D-E07F-40DF-8F07-99597B9585AD} (HKLM) -- C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll ()
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3PMmUpdate"=rundll32 "C:\WINDOWS\Update.dll",Main ()
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start (Chicony)
"CFSServ.exe"=CFSServ.exe -NoClient File not found
"HBService32"=SYSTEM.EXE File not found
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
"NDSTray.exe"=NDSTray.exe File not found
"Persistence"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"Pinger"=c:\toshiba\ivp\ism\pinger.exe /run ()
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en (TOSHIBA Inc.)
"TPSMain"=TPSMain.exe (TOSHIBA Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)

========== (O4) Startup Folders ==========

[2007/04/07 06:11:56 | 00,092,280 | ---- | M] (TOSHIBA CORPORATION) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Monitor.lnk = C:\Program Files\Toshiba\Bluetooth Monitor\BtMon2.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/30 03:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [2007/09/25 11:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008/08/11 17:46:50 | 01,443,112 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/27 06:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 03:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 03:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 03:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Facebo...toUploader5.cab -- Facebook Photo Uploader 5
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1221682930889 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03

========== (O17) DNS Name Servers ==========

{165E839F-537F-426F-ABE5-620B61ED9528} (Servers: | Description: 1394 Net Adapter)
{19C6FB64-FA7E-448E-AEAB-1E096736F774} (Servers: | Description: Intel® Wireless WiFi Link 4965AGN)
{6B9D5121-41BA-4019-A479-26684E42BA0D} (Servers: | Description: Marvell Yukon 88E8040T PCI-E Fast Ethernet Controller)
{7CFF1CC8-8771-4470-85AB-1E1CCE04AA0E} (Servers: | Description: )
{80A9BAE0-6D91-4900-87D1-57C23CF91D7F} (Servers: | Description: )
{F8CCAEFA-FE1B-4AFA-AAB2-B074287E3451} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=HBmhly.dll,HB1000Y.dll,HBWOOOL.dll,HBXY2.dll,HBJXSJ.dll,HBSO2.dll,HBFS2.dll,HBXY3.dll,HBSHQ.dll,HBFY.dll,HBWULIN2.dll,HBW2I.dll,HBKDXY.dll,HBWORLD2.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,HBZERO.dll,HBBO.dll,HBCONQUER.dll,HBSOUL.dll,HBCHIBI.dll,HBDNF.dll,HBWARLORDS.dll,HBTL.dll,HBPICKCHINA.dll,HBCT.dll,HBGC.dll,HBHM.dll,HBHX2.dll,HBQQHX.dll,HBTW2.dll,HBQQSG.dll,HBQQFFO.dll,HBZT.dll,HBMIR2.dll,HBRXJH.dll,HBYY.dll,HBMXD.dll,HBSQ.dll,HBTJ.dll,HBFHZL.dll,HBWLQX.dll,HBLYFX.dll,HBR2.dll,HBCHD.dll,HBTZ.dll,HBQQXX.dll,HBWD.dll,HBZG.dll,HBPPBL.dll,HBXMJ.dll,HBJTLQ.dll,HBQJSJ.dllm
127.1 jspa-1.cn
127.1 jspa-2.cn
127.1 jspa-3.cn
127.1 jspa-4.cn
127.1 jspa-5.cn
127.1 jspa-6.cn
127.1 jspa-7.cn
127.1 jspa-8.cn
127.1 jspa-9.cn
127.1 jspa-10.cn
127.1 www.kcrlsb.com
127.1 fstat.cn
127.1 a417147085.27free.cn
127.1 www.bawang8.cn
127.1 www.s1na101.com.cn
127.1 www.ms2a.cn
127.1 sql.33-65.net
127.1 sql.33-66.net
127.1 sql.33-67.net
127.1 222.00kk9.cn
127.1 wangluo7788.com
127.1 www.tianxia.hk.cn
127.1 221.130.185.200
127.1 m.d5x8.com
127.1 w.c99y.cn
127.1 d.c5x8.com
127.1 121.kcuf-01.com
127.1 ku.dhjs002.cn
127.1 mixlong.cn
1
>[2008/10/23 08:13:35 | 00,019,968 | ---- | M] () -- C:\WINDOWS\system32\HBmhly.dll
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>[2008/10/23 08:14:29 | 00,024,576 | ---- | M] () -- C:\WINDOWS\system32\HBZHUXIAN.dll
>File not found --
>File not found --
>[2008/10/23 08:14:26 | 00,024,576 | ---- | M] () -- C:\WINDOWS\system32\HBBO.dll
>File not found --
>File not found --
>[2008/10/23 08:14:25 | 00,024,576 | ---- | M] () -- C:\WINDOWS\system32\HBCHIBI.dll
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>[2008/10/20 10:13:46 | 00,014,848 | ---- | M] () -- C:\WINDOWS\system32\HBQQSG.dll
>[2008/10/20 10:13:51 | 00,016,384 | ---- | M] () -- C:\WINDOWS\system32\HBQQFFO.dll
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>[2008/10/26 20:43:56 | 00,013,312 | ---- | M] () -- C:\WINDOWS\system32\HBZG.dll
>File not found --
>File not found --
>File not found --
>File not found --

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msnmsg"={DA191DE0-AA86-4ED0-4B87-293D48B2AE99} (HKLM) -- C:\Program Files\Messenger\msgmr.dll (Microsoft Corporation)
"ThunderAdvise"={97421D0D-E07F-40DF-8F07-99597B9585AD} (HKLM) -- C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll ()
"Upnp"={DE01DA19-A6A8-EB80-4D47-248DEB2A9399} (HKLM) -- C:\WINDOWS\system32\upnpsrv.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}" (HKLM) -- C:\WINDOWS\system32\08223B03.dll ()
"{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}" (HKLM) -- C:\WINDOWS\system32\122B901E.dll ()
"{12B02216-AC3F-42A7-8313-449771237061}" (HKLM) -- C:\WINDOWS\system32\12B02216.dll ()
"{3474A8C2-BEF9-46C8-983A-A26A0030EC30}" (HKLM) -- C:\WINDOWS\system32\3474A8C2.dll ()
"{43ACDCC5-9009-4AF4-B80A-93BC656EF298}" (HKLM) -- C:\WINDOWS\system32\43ACDCC5.dll ()
"{495271CA-D0C6-4052-ABE6-5B01C73CDFB0}" (HKLM) -- C:\WINDOWS\system32\495271CA.dll ()
"{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F}" (HKLM) -- C:\WINDOWS\system32\4BF9CBA3.dll ()
"{4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426}" (HKLM) -- C:\WINDOWS\system32\4D023DE9.dll ()
"{4F34C688-FD49-42FC-97F7-87D2F5791612}" (HKLM) -- C:\WINDOWS\system32\4F34C688.dll ()
"{58FF3024-8A83-4B1A-88E9-302F47646EEE}" (HKLM) -- C:\WINDOWS\system32\58FF3024.dll ()
"{7ADC2AB1-5C6A-4178-82DA-94863354AF7C}" (HKLM) -- C:\WINDOWS\system32\7ADC2AB1.dll ()
"{82710040-F86E-42E0-B1F8-04EDF75856F8}" (HKLM) -- C:\WINDOWS\system32\82710040.dll ()
"{9CA963CA-107C-4089-B0AB-31380F90D7E3}" (HKLM) -- C:\WINDOWS\system32\9CA963CA.dll ()
"{A8FC611B-71F6-4B4D-BD3A-BFBCCDE96F57}" (HKLM) -- C:\WINDOWS\system32\A8FC611B.dll ()
"{C250CF20-5F89-4310-9854-4BC261FB14FB}" (HKLM) -- C:\WINDOWS\system32\C250CF20.dll ()
"{C56BCC10-503E-43AB-B208-3CD37FCFCE40}" (HKLM) -- C:\WINDOWS\system32\C56BCC10.dll ()
"{D91BC61E-7D78-4A2A-A336-7B97E8E52F0B}" (HKLM) -- C:\WINDOWS\system32\D91BC61E.dll ()
"{DA63E650-537C-4042-87BB-9D19D844680B}" (HKLM) -- C:\WINDOWS\system32\DA63E650.dll ()
"{DE02F764-C51A-4788-9597-D78ECC2AC08F}" (HKLM) -- C:\WINDOWS\system32\DE02F764.dll ()
"{E3367679-4775-4244-A62E-4CFE58FC850B}" (HKLM) -- C:\WINDOWS\system32\E3367679.dll ()
"{EC7DA7DC-2597-4736-AAEF-334299726138}" (HKLM) -- C:\WINDOWS\system32\EC7DA7DC.dll ()

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/03/26 23:02:03 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5d90c9c-84f5-11dd-be21-001f3ba974ab}\Shell\AutoRun\command]
""=System\DriveGuard\DriveProtect.exe -run 


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5d90c9c-84f5-11dd-be21-001f3ba974ab}\Shell\Explore\Command]
""=System\DriveGuard\DriveProtect.exe -run  


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5d90c9c-84f5-11dd-be21-001f3ba974ab}\Shell\Open\Command]
""=System\DriveGuard\DriveProtect.exe -run 

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2008/10/26 21:10:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ne3na3\Desktop\bc
[2008/10/26 21:03:37 | 21,374,44352 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/26 20:45:39 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2008/10/26 20:45:03 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2008/10/26 20:43:22 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ne3na3\Desktop\OTViewIt.exe
[2008/10/26 20:25:09 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\unxxx.bat
[2008/10/26 08:48:03 | 00,044,544 | ---- | C] (Absolute Software Corp.) -- C:\WINDOWS\System32\agremove.exe
[2008/10/26 08:22:46 | 00,011,749 | -HS- | C] () -- C:\WINDOWS\System32\E0D39066.dll
[2008/10/26 08:22:46 | 00,000,180 | -HS- | C] () -- C:\WINDOWS\System32\E0D39066.cfg
[2008/10/26 08:22:39 | 00,216,183 | -HS- | C] () -- C:\WINDOWS\System32\3474A8C2.dll
[2008/10/26 08:22:39 | 00,000,312 | -HS- | C] () -- C:\WINDOWS\System32\3474A8C2.cfg
[2008/10/26 08:22:37 | 00,005,504 | ---- | C] () -- C:\WINDOWS\System32\9fd8db.sys
[2008/10/26 08:05:59 | 00,028,951 | ---- | C] () -- C:\Documents and Settings\ne3na3\Desktop\basic_sketch.JPG
[2008/10/23 14:01:20 | 00,216,876 | -HS- | C] () -- C:\WINDOWS\System32\E3367679.dll
[2008/10/23 14:01:20 | 00,000,208 | -HS- | C] () -- C:\WINDOWS\System32\E3367679.cfg
[2008/10/23 08:14:34 | 00,216,518 | -HS- | C] () -- C:\WINDOWS\System32\EC7DA7DC.dll
[2008/10/23 08:14:34 | 00,000,212 | -HS- | C] () -- C:\WINDOWS\System32\EC7DA7DC.cfg
[2008/10/23 08:14:12 | 00,011,699 | -HS- | C] () -- C:\WINDOWS\System32\12B02216.dll
[2008/10/23 08:14:12 | 00,000,224 | -HS- | C] () -- C:\WINDOWS\System32\12B02216.cfg
[2008/10/23 08:13:44 | 00,011,426 | -HS- | C] () -- C:\WINDOWS\System32\A8FC611B.dll
[2008/10/23 08:13:43 | 00,000,200 | -HS- | C] () -- C:\WINDOWS\System32\A8FC611B.cfg
[2008/10/23 08:13:37 | 00,005,504 | ---- | C] () -- C:\WINDOWS\System32\5102a80.sys
[2008/10/20 11:07:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ne3na3\Desktop\20th
[2008/10/20 11:05:48 | 00,000,000 | ---D | C] -- C:\rsit
[2008/10/20 11:03:35 | 00,043,584 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008/10/20 11:03:35 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2008/10/20 11:03:35 | 00,000,000 | ---D | C] -- C:\Program Files\Avira GmbH
[2008/10/20 11:02:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ne3na3\Desktop\antiroot
[2008/10/20 11:02:43 | 02,188,928 | ---- | C] () -- C:\Documents and Settings\ne3na3\Desktop\antivir_rootkit.zip
[2008/10/20 10:44:38 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\eth8023.sys
[2008/10/20 10:13:59 | 00,217,015 | -HS- | C] () -- C:\WINDOWS\System32\4BF9CBA3.dll
[2008/10/20 10:13:59 | 00,000,220 | -HS- | C] () -- C:\WINDOWS\System32\4BF9CBA3.cfg
[2008/10/20 10:13:57 | 00,216,485 | -HS- | C] () -- C:\WINDOWS\System32\C56BCC10.dll
[2008/10/20 10:13:57 | 00,000,212 | -HS- | C] () -- C:\WINDOWS\System32\C56BCC10.cfg
[2008/10/20 10:13:55 | 00,011,717 | -HS- | C] () -- C:\WINDOWS\System32\4F34C688.dll
[2008/10/20 10:13:55 | 00,000,184 | -HS- | C] () -- C:\WINDOWS\System32\4F34C688.cfg
[2008/10/20 10:13:51 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\HBQQFFO.dll
[2008/10/20 10:13:51 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\HBZG.dll
[2008/10/20 10:13:50 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\HBZHUXIAN.dll
[2008/10/20 10:13:47 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\HBCHIBI.dll
[2008/10/20 10:13:47 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\HBBO.dll
[2008/10/20 10:13:46 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\HBQQSG.dll
[2008/10/20 10:13:40 | 00,011,971 | -HS- | C] () -- C:\WINDOWS\System32\495271CA.dll
[2008/10/20 10:13:40 | 00,000,204 | -HS- | C] () -- C:\WINDOWS\System32\495271CA.cfg
[2008/10/20 10:13:34 | 00,012,532 | -HS- | C] () -- C:\WINDOWS\System32\122B901E.dll
[2008/10/20 10:13:34 | 00,000,464 | -HS- | C] () -- C:\WINDOWS\System32\122B901E.cfg
[2008/10/20 10:13:27 | 00,011,951 | -HS- | C] () -- C:\WINDOWS\System32\9CA963CA.dll
[2008/10/20 10:13:27 | 00,000,220 | -HS- | C] () -- C:\WINDOWS\System32\9CA963CA.cfg
[2008/10/20 10:13:20 | 00,011,657 | -HS- | C] () -- C:\WINDOWS\System32\C250CF20.dll
[2008/10/20 10:13:20 | 00,000,224 | -HS- | C] () -- C:\WINDOWS\System32\C250CF20.cfg
[2008/10/20 10:13:13 | 00,012,770 | -HS- | C] () -- C:\WINDOWS\System32\DA63E650.dll
[2008/10/20 10:13:13 | 00,005,504 | ---- | C] () -- C:\WINDOWS\System32\c551839.sys
[2008/10/20 10:13:13 | 00,000,252 | -HS- | C] () -- C:\WINDOWS\System32\DA63E650.cfg
[2008/10/20 10:13:07 | 00,011,261 | -HS- | C] () -- C:\WINDOWS\System32\7ADC2AB1.dll
[2008/10/20 10:13:07 | 00,000,184 | -HS- | C] () -- C:\WINDOWS\System32\7ADC2AB1.cfg
[2008/10/20 10:12:59 | 00,012,213 | -HS- | C] () -- C:\WINDOWS\System32\08223B03.dll
[2008/10/20 10:12:59 | 00,000,232 | -HS- | C] () -- C:\WINDOWS\System32\08223B03.cfg
[2008/10/20 10:12:45 | 00,011,698 | -HS- | C] () -- C:\WINDOWS\System32\4D023DE9.dll
[2008/10/20 10:12:45 | 00,005,504 | ---- | C] () -- C:\WINDOWS\System32\8b52f47.sys
[2008/10/20 10:12:45 | 00,000,240 | -HS- | C] () -- C:\WINDOWS\System32\4D023DE9.cfg
[2008/10/20 10:12:39 | 00,011,379 | -HS- | C] () -- C:\WINDOWS\System32\82710040.dll
[2008/10/20 10:12:39 | 00,000,200 | -HS- | C] () -- C:\WINDOWS\System32\82710040.cfg
[2008/10/20 10:12:33 | 00,012,005 | -HS- | C] () -- C:\WINDOWS\System32\D91BC61E.dll
[2008/10/20 10:12:33 | 00,000,184 | -HS- | C] () -- C:\WINDOWS\System32\D91BC61E.cfg
[2008/10/20 10:12:27 | 00,012,972 | -HS- | C] () -- C:\WINDOWS\System32\58FF3024.dll
[2008/10/20 10:12:27 | 00,000,212 | -HS- | C] () -- C:\WINDOWS\System32\58FF3024.cfg
[2008/10/20 10:12:21 | 00,013,419 | -HS- | C] () -- C:\WINDOWS\System32\43ACDCC5.dll
[2008/10/20 10:12:21 | 00,000,212 | -HS- | C] () -- C:\WINDOWS\System32\43ACDCC5.cfg
[2008/10/20 10:12:20 | 00,005,504 | ---- | C] () -- C:\WINDOWS\System32\4901228.sys
[2008/10/20 10:12:14 | 00,217,178 | -HS- | C] () -- C:\WINDOWS\System32\DE02F764.dll
[2008/10/20 10:12:14 | 00,000,244 | -HS- | C] () -- C:\WINDOWS\System32\DE02F764.cfg
[2008/10/20 10:12:13 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\HBmhly.dll
[2008/10/20 10:12:13 | 00,018,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\HBKernel32.sys
[2008/10/20 10:12:13 | 00,005,504 | ---- | C] () -- C:\WINDOWS\System32\4c70249.sys
[2008/10/20 10:12:10 | 00,237,568 | ---- | C] () -- C:\WINDOWS\Update.dll
[2008/10/20 10:02:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2008/10/20 09:53:26 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008/10/20 09:36:04 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/10/20 09:33:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/10/20 09:29:41 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/10/20 09:29:38 | 01,522,584 | ---- | C] () -- C:\Documents and Settings\ne3na3\Desktop\SDFix.exe
[2008/10/19 19:59:31 | 00,000,701 | ---- | C] () -- C:\Documents and Settings\ne3na3\Desktop\Hotspot Shield Launch.lnk
[2008/10/19 19:59:30 | 00,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2008/10/19 19:58:35 | 03,110,004 | ---- | C] () -- C:\Documents and Settings\ne3na3\Desktop\HSS-1.07-install-anchorfree-76-conduit.zip
[2008/10/19 08:33:35 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/10/19 08:33:35 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/10/19 08:33:35 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/10/19 08:33:35 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/10/19 08:33:35 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/10/19 08:33:35 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/10/19 08:33:35 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/10/19 08:33:35 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/10/19 08:33:35 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/10/19 08:33:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/10/19 08:33:24 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/10/19 08:28:00 | 02,992,400 | R--- | C] () -- C:\Documents and Settings\ne3na3\Desktop\ComboFix.exe
[2008/10/18 14:46:43 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2008/10/18 14:46:43 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2008/10/18 14:46:43 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll
[2008/10/18 14:46:43 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2008/10/18 14:46:43 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2008/10/18 14:46:43 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2008/10/18 14:46:24 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/10/18 14:46:16 | 00,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Monitor.lnk
[2008/10/17 22:41:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ne3na3\Desktop\Unused Desktop Shortcuts
[2008/10/17 21:00:59 | 00,356,352 | ---- | C] (funkytoad.com) -- C:\Documents and Settings\ne3na3\Desktop\HostsXpert.exe
[2008/10/17 19:37:12 | 11,635,040 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\ne3na3\Desktop\drweb-cureit.exe
[2008/10/17 17:30:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ne3na3\Application Data\zweitgeist
[2008/10/17 17:30:18 | 00,667,648 | ---- | C] (zweitgeist GmbH) -- C:\Documents and Settings\ne3na3\Desktop\weblinInstall.exe
[2008/10/17 17:20:25 | 00,001,884 | ---- | C] () -- C:\Documents and Settings\ne3na3\Desktop\RegFix.Reg
[2008/10/17 12:13:05 | 00,291,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ne3na3\Desktop\OTMoveIt2.exe
[2008/10/16 08:28:08 | 00,811,008 | ---- | C] () -- C:\Documents and Settings\ne3na3\Desktop\gmer.exe
[2008/10/16 07:46:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ne3na3\Application Data\Malwarebytes
[2008/10/16 07:46:52 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/16 07:46:52 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/16 07:46:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/16 07:46:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/16 07:46:28 | 02,182,784 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ne3na3\Desktop\mbam-setup.exe
[2008/10/16 07:35:26 | 00,731,136 | ---- | C] () -- C:\Documents and Settings\ne3na3\Desktop\avenger.exe
[2008/10/16 07:35:04 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\ne3na3\Desktop\avenger.zip
[2008/10/15 23:52:32 | 00,000,305 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/15 22:05:21 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 22:05:04 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 22:04:56 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 22:04:55 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 22:04:55 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 22:04:54 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/15 07:10:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ne3na3\Desktop\log and info
[2008/10/15 07:07:18 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/10/15 07:07:17 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/10/15 07:07:17 | 00,811,008 | R--- | C] () -- C:\WINDOWS\gmer.exe
[2008/10/15 07:07:17 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/15 07:07:17 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/15 07:07:05 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\ne3na3\Desktop\gmer.zip
[2008/10/15 07:05:47 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\ne3na3\Desktop\RSIT.exe
[2008/10/15 07:04:16 | 00,353,485 | ---- | C] () -- C:\Documents and Settings\ne3na3\Desktop\HostsXpert.zip
[2008/10/14 11:31:57 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\ne3na3\Desktop\HijackThis.lnk
[2008/10/14 11:31:57 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/14 11:31:52 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\ne3na3\Desktop\HJTInstall.exe
[2008/10/12 23:54:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ne3na3\Desktop\my 1.gb. glash
[2008/10/12 23:54:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2008/10/12 23:53:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ne3na3\Desktop\my 1g.b. flah
[2008/10/11 10:49:50 | 00,001,768 | ---- | C] () -- C:\Documents and Settings\ne3na3\Desktop\Friday_Night_Dance_Party_135_[mininova].torrent
[2008/10/10 18:49:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ne3na3\Application Data\DivX
[2008/10/10 18:26:10 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2008/10/10 18:25:37 | 03,436,280 | ---- | C] (DivX, Inc.) -- C:\Documents and Settings\ne3na3\Desktop\DivXCodec.exe
[2008/10/10 11:55:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ne3na3\Desktop\my place before decoration
[2008/10/10 10:55:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ne3na3\Desktop\porn
[2008/10/10 10:50:04 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\ne3na3\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/09 23:09:03 | 00,000,200 | -HS- | C] () -- C:\WINDOWS\System32\AF05A291.cfg
[2008/10/08 12:56:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ne3na3\Desktop\Brokeback.Mountain[2005]DvDrip[Eng]-aXXo
[2008/10/08 12:56:08 | 00,056,592 | ---- | C] () -- C:\Documents and Settings\ne3na3\Desktop\Brokeback_Mountain_[2005]_Subs_English_Spanish_[DXO]__[www.RapidshareKing.com]_[mininova].torrent
[2008/10/08 09:40:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ne3na3\Desktop\-R & B Collection 2008-
[2008/10/08 09:40:35 | 00,016,249 | ---- | C] () -- C:\Documents and Settings\ne3na3\Desktop\-R_&_B_Collection_2008-_[mininova].torrent
[2008/10/08 09:14:52 | 00,007,750 | ---- | C] () -- C:\Documents and Settings\ne3na3\Desktop\2Pac_[mininova].torrent
[2008/10/08 08:00:23 | 03,096,064 | ---- | C] () -- C:\Documents and Settings\ne3na3\Desktop\BitLord_1.01.exe
[2008/10/05 21:37:08 | 00,090,352 | ---- | C] () -- C:\Documents and Settings\ne3na3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/05 16:17:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/05 16:12:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/10/05 16:12:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/10/05 16:12:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/10/05 16:12:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/10/05 16:10:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/10/05 16:09:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/10/05 16:07:20 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/09/30 14:03:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ne3na3\Desktop\bahrain pics
[2008/09/27 12:52:13 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/09/27 12:52:11 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/09/27 12:52:11 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/09/27 12:52:11 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/09/27 12:52:09 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/09/27 12:52:09 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/09/27 12:52:08 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/09/27 12:52:07 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/09/27 12:52:07 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/09/27 12:52:07 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/09/27 12:52:04 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/09/27 12:52:04 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/09/27 12:52:02 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/09/27 12:52:00 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/09/27 12:51:59 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/09/27 12:51:59 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/09/27 12:51:59 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/09/27 12:51:58 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/09/27 12:51:58 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/09/27 12:51:58 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/09/27 12:51:58 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/09/27 12:51:58 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/09/27 12:51:58 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ne3na3\My Documents\My Videos
[2008/09/27 12:51:57 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/09/27 12:51:57 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/09/27 12:51:54 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/09/27 12:51:51 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/09/27 12:51:51 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/09/27 12:51:51 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/09/27 12:51:50 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/09/27 12:51:50 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/09/27 12:51:50 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/09/27 12:51:50 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/09/27 12:51:48 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/09/27 12:51:48 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/09/27 12:51:41 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/09/27 12:51:40 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/09/27 12:51:40 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/09/27 12:51:40 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/09/27 12:51:35 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/09/27 12:51:34 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/09/27 12:51:34 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/09/27 12:51:34 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/09/27 12:51:34 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/09/27 12:51:34 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/09/27 12:51:30 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2008/09/27 12:51:29 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2008/09/27 12:51:29 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/09/27 12:51:28 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2008/09/27 12:51:28 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2008/09/27 12:51:26 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/09/27 12:51:26 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/09/27 12:51:25 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/09/27 12:51:24 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/09/27 12:51:23 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/09/27 12:51:23 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/09/27 12:51:23 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/09/27 12:51:23 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/09/27 12:51:23 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/09/27 12:51:23 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/09/27 12:51:23 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/09/27 12:51:23 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/09/27 12:51:22 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/09/27 12:51:22 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/09/27 12:51:22 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/09/27 12:51:22 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/09/27 12:51:22 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/09/27 12:51:22 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/09/27 12:51:22 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/09/27 12:51:21 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/09/27 12:51:21 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/09/27 12:51:21 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/09/27 12:51:20 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/09/27 12:51:20 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/09/27 12:51:17 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/09/27 12:51:17 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/09/27 12:51:17 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/09/27 12:51:17 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/09/27 12:51:17 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/09/27 12:51:17 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/09/27 12:51:15 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/09/27 12:51:15 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/09/27 12:51:15 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/09/27 12:51:15 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2008/10/26 21:13:08 | 00,214,215 | R-S- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/10/26 21:04:17 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/26 21:04:06 | 00,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2008/10/26 21:03:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/26 21:03:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/26 21:03:37 | 21,374,44352 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/26 21:03:32 | 00,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2008/10/26 20:49:31 | 04,301,644 | -H-- | M] () -- C:\Documents and Settings\ne3na3\Local Settings\Application Data\IconCache.db
[2008/10/26 20:44:08 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\eth8023.sys
[2008/10/26 20:43:56 | 00,013,312 | ---- | M] () -- C:\WINDOWS\System32\HBZG.dll
[2008/10/26 20:43:24 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ne3na3\Desktop\OTViewIt.exe
[2008/10/26 20:32:55 | 00,044,544 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\agremove.exe
[2008/10/26 20:25:36 | 00,000,164 | ---- | M] () -- C:\WINDOWS\System32\unxxx.bat
[2008/10/26 20:19:46 | 00,002,838 | ---- | M] () -- C:\WINDOWS\machine.ver
[2008/10/26 20:16:01 | 00,000,404 | ---- | M] () -- C:\Documents and Settings\ne3na3\My Documents\My Sharing Folders.lnk
[2008/10/26 09:38:36 | 00,011,749 | -HS- | M] () -- C:\WINDOWS\System32\E0D39066.dll
[2008/10/26 09:38:29 | 00,216,876 | -HS- | M] () -- C:\WINDOWS\System32\E3367679.dll
[2008/10/26 09:22:17 | 00,028,951 | ---- | M] () -- C:\Documents and Settings\ne3na3\Desktop\basic_sketch.JPG
[2008/10/26 08:22:55 | 00,000,464 | -HS- | M] () -- C:\WINDOWS\System32\122B901E.cfg
[2008/10/26 08:22:46 | 00,000,180 | -HS- | M] () -- C:\WINDOWS\System32\E0D39066.cfg
[2008/10/26 08:22:39 | 00,216,183 | -HS- | M] () -- C:\WINDOWS\System32\3474A8C2.dll
[2008/10/26 08:22:39 | 00,000,312 | -HS- | M] () -- C:\WINDOWS\System32\3474A8C2.cfg
[2008/10/26 08:22:37 | 00,005,504 | ---- | M] () -- C:\WINDOWS\System32\9fd8db.sys
[2008/10/23 14:01:20 | 00,000,208 | -HS- | M] () -- C:\WINDOWS\System32\E3367679.cfg
[2008/10/23 08:51:29 | 00,216,518 | -HS- | M] () -- C:\WINDOWS\System32\EC7DA7DC.dll
[2008/10/23 08:14:34 | 00,000,212 | -HS- | M] () -- C:\WINDOWS\System32\EC7DA7DC.cfg
[2008/10/23 08:14:29 | 00,024,576 | ---- | M] () -- C:\WINDOWS\System32\HBZHUXIAN.dll
[2008/10/23 08:14:26 | 00,024,576 | ---- | M] () -- C:\WINDOWS\System32\HBBO.dll
[2008/10/23 08:14:25 | 00,024,576 | ---- | M] () -- C:\WINDOWS\System32\HBCHIBI.dll
[2008/10/23 08:14:25 | 00,018,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\HBKernel32.sys
[2008/10/23 08:14:12 | 00,011,699 | -HS- | M] () -- C:\WINDOWS\System32\12B02216.dll
[2008/10/23 08:14:12 | 00,000,224 | -HS- | M] () -- C:\WINDOWS\System32\12B02216.cfg
[2008/10/23 08:13:44 | 00,011,426 | -HS- | M] () -- C:\WINDOWS\System32\A8FC611B.dll
[2008/10/23 08:13:43 | 00,000,200 | -HS- | M] () -- C:\WINDOWS\System32\A8FC611B.cfg
[2008/10/23 08:13:37 | 00,005,504 | ---- | M] () -- C:\WINDOWS\System32\5102a80.sys
[2008/10/23 08:13:35 | 00,019,968 | ---- | M] () -- C:\WINDOWS\System32\HBmhly.dll
[2008/10/20 23:00:55 | 00,463,490 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/20 23:00:55 | 00,396,674 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/20 23:00:55 | 00,060,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/20 11:02:55 | 02,188,928 | ---- | M] () -- C:\Documents and Settings\ne3na3\Desktop\antivir_rootkit.zip
[2008/10/20 10:13:59 | 00,217,015 | -HS- | M] () -- C:\WINDOWS\System32\4BF9CBA3.dll
[2008/10/20 10:13:59 | 00,000,220 | -HS- | M] () -- C:\WINDOWS\System32\4BF9CBA3.cfg
[2008/10/20 10:13:57 | 00,216,485 | -HS- | M] () -- C:\WINDOWS\System32\C56BCC10.dll
[2008/10/20 10:13:57 | 00,000,212 | -HS- | M] () -- C:\WINDOWS\System32\C56BCC10.cfg
[2008/10/20 10:13:55 | 00,011,717 | -HS- | M] () -- C:\WINDOWS\System32\4F34C688.dll
[2008/10/20 10:13:55 | 00,000,184 | -HS- | M] () -- C:\WINDOWS\System32\4F34C688.cfg
[2008/10/20 10:13:51 | 00,016,384 | ---- | M] () -- C:\WINDOWS\System32\HBQQFFO.dll
[2008/10/20 10:13:46 | 00,014,848 | ---- | M] () -- C:\WINDOWS\System32\HBQQSG.dll
[2008/10/20 10:13:40 | 00,011,971 | -HS- | M] () -- C:\WINDOWS\System32\495271CA.dll
[2008/10/20 10:13:40 | 00,000,204 | -HS- | M] () -- C:\WINDOWS\System32\495271CA.cfg
[2008/10/20 10:13:34 | 00,012,532 | -HS- | M] () -- C:\WINDOWS\System32\122B901E.dll
[2008/10/20 10:13:27 | 00,011,951 | -HS- | M] () -- C:\WINDOWS\System32\9CA963CA.dll
[2008/10/20 10:13:27 | 00,000,220 | -HS- | M] () -- C:\WINDOWS\System32\9CA963CA.cfg
[2008/10/20 10:13:20 | 00,011,657 | -HS- | M] () -- C:\WINDOWS\System32\C250CF20.dll
[2008/10/20 10:13:20 | 00,000,224 | -HS- | M] () -- C:\WINDOWS\System32\C250CF20.cfg
[2008/10/20 10:13:13 | 00,012,770 | -HS- | M] () -- C:\WINDOWS\System32\DA63E650.dll
[2008/10/20 10:13:13 | 00,005,504 | ---- | M] () -- C:\WINDOWS\System32\c551839.sys
[2008/10/20 10:13:13 | 00,000,252 | -HS- | M] () -- C:\WINDOWS\System32\DA63E650.cfg
[2008/10/20 10:13:07 | 00,011,261 | -HS- | M] () -- C:\WINDOWS\System32\7ADC2AB1.dll
[2008/10/20 10:13:07 | 00,000,184 | -HS- | M] () -- C:\WINDOWS\System32\7ADC2AB1.cfg
[2008/10/20 10:12:59 | 00,012,213 | -HS- | M] () -- C:\WINDOWS\System32\08223B03.dll
[2008/10/20 10:12:59 | 00,000,232 | -HS- | M] () -- C:\WINDOWS\System32\08223B03.cfg
[2008/10/20 10:12:45 | 00,011,698 | -HS- | M] () -- C:\WINDOWS\System32\4D023DE9.dll
[2008/10/20 10:12:45 | 00,005,504 | ---- | M] () -- C:\WINDOWS\System32\8b52f47.sys
[2008/10/20 10:12:45 | 00,000,240 | -HS- | M] () -- C:\WINDOWS\System32\4D023DE9.cfg
[2008/10/20 10:12:39 | 00,011,379 | -HS- | M] () -- C:\WINDOWS\System32\82710040.dll
[2008/10/20 10:12:39 | 00,000,200 | -HS- | M] () -- C:\WINDOWS\System32\82710040.cfg
[2008/10/20 10:12:33 | 00,012,005 | -HS- | M] () -- C:\WINDOWS\System32\D91BC61E.dll
[2008/10/20 10:12:33 | 00,000,184 | -HS- | M] () -- C:\WINDOWS\System32\D91BC61E.cfg
[2008/10/20 10:12:27 | 00,012,972 | -HS- | M] () -- C:\WINDOWS\System32\58FF3024.dll
[2008/10/20 10:12:27 | 00,000,212 | -HS- | M] () -- C:\WINDOWS\System32\58FF3024.cfg
[2008/10/20 10:12:21 | 00,013,419 | -HS- | M] () -- C:\WINDOWS\System32\43ACDCC5.dll
[2008/10/20 10:12:21 | 00,000,212 | -HS- | M] () -- C:\WINDOWS\System32\43ACDCC5.cfg
[2008/10/20 10:12:20 | 00,005,504 | ---- | M] () -- C:\WINDOWS\System32\4901228.sys
[2008/10/20 10:12:14 | 00,217,178 | -HS- | M] () -- C:\WINDOWS\System32\DE02F764.dll
[2008/10/20 10:12:14 | 00,000,244 | -HS- | M] () -- C:\WINDOWS\System32\DE02F764.cfg
[2008/10/20 10:12:13 | 00,005,504 | ---- | M] () -- C:\WINDOWS\System32\4c70249.sys
[2008/10/20 10:12:10 | 00,237,568 | ---- | M] () -- C:\WINDOWS\Update.dll
[2008/10/20 09:59:32 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/20 09:36:04 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/10/20 09:29:40 | 01,522,584 | ---- | M] () -- C:\Documents and Settings\ne3na3\Desktop\SDFix.exe
[2008/10/20 07:21:05 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/10/19 19:59:31 | 00,000,701 | ---- | M] () -- C:\Documents and Settings\ne3na3\Desktop\Hotspot Shield Launch.lnk
[2008/10/19 19:58:38 | 03,110,004 | ---- | M] () -- C:\Documents and Settings\ne3na3\Desktop\HSS-1.07-install-anchorfree-76-conduit.zip
[2008/10/19 08:33:16 | 02,992,400 | R--- | M] () -- C:\Documents and Settings\ne3na3\Desktop\ComboFix.exe
[2008/10/18 14:46:16 | 00,000,661 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Monitor.lnk
[2008/10/17 21:00:51 | 00,353,485 | ---- | M] () -- C:\Documents and Settings\ne3na3\Desktop\HostsXpert.zip
[2008/10/17 19:39:02 | 11,635,040 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\ne3na3\Desktop\drweb-cureit.exe
[2008/10/17 17:30:26 | 00,667,648 | ---- | M] (zweitgeist GmbH) -- C:\Documents and Settings\ne3na3\Desktop\weblinInstall.exe
[2008/10/17 17:20:25 | 00,001,884 | ---- | M] () -- C:\Documents and Settings\ne3na3\Desktop\RegFix.Reg
[2008/10/17 12:13:11 | 00,291,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ne3na3\Desktop\OTMoveIt2.exe
[2008/10/16 07:46:36 | 02,182,784 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ne3na3\Desktop\mbam-setup.exe
[2008/10/16 07:35:10 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\ne3na3\Desktop\avenger.zip
[2008/10/16 07:30:33 | 00,329,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 23:53:19 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 23:52:32 | 00,000,305 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/15 07:07:17 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/10/15 07:07:17 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/15 07:07:17 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/15 07:07:14 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\ne3na3\Desktop\gmer.zip
[2008/10/15 07:05:53 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\ne3na3\Desktop\RSIT.exe
[2008/10/14 11:31:57 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\ne3na3\Desktop\HijackThis.lnk
[2008/10/14 11:31:55 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\ne3na3\Desktop\HJTInstall.exe
[2008/10/11 10:49:52 | 00,001,768 | ---- | M] () -- C:\Documents and Settings\ne3na3\Desktop\Friday_Night_Dance_Party_135_[mininova].torrent
[2008/10/10 18:25:56 | 03,436,280 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\ne3na3\Desktop\DivXCodec.exe
[2008/10/10 11:34:11 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\ne3na3\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/09 23:09:03 | 00,000,200 | -HS- | M] () -- C:\WINDOWS\System32\AF05A291.cfg
[2008/10/08 12:56:10 | 00,056,592 | ---- | M] () -- C:\Documents and Settings\ne3na3\Desktop\Brokeback_Mountain_[2005]_Subs_English_Spanish_[DXO]__[www.RapidshareKing.com]_[mininova].torrent
[2008/10/08 09:40:36 | 00,016,249 | ---- | M] () -- C:\Documents and Settings\ne3na3\Desktop\-R_&_B_Collection_2008-_[mininova].torrent
[2008/10/08 09:14:53 | 00,007,750 | ---- | M] () -- C:\Documents and Settings\ne3na3\Desktop\2Pac_[mininova].torrent
[2008/10/08 08:00:27 | 03,096,064 | ---- | M] () -- C:\Documents and Settings\ne3na3\Desktop\BitLord_1.01.exe
[2008/10/07 22:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/05 21:37:08 | 00,090,352 | ---- | M] () -- C:\Documents and Settings\ne3na3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/05 16:19:36 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/10/05 16:08:54 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/03 20:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 20:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/09/28 17:38:17 | 00,000,625 | ---- | M] () -- C:\WINDOWS\win.ini
< End of report >

hijack this


SDFix: Version 1.236
Run by ne3na3 on Sun 10/26/2008 at 09:01 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\system.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 21:06:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00037aacef64]
"001f5d56a766"=hex:a3,6c,d8,e7,6f,98,4c,c8,40,ad,62,6f,52,3c,19,a6
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00037aacef64]
"001f5d56a766"=hex:a3,6c,d8,e7,6f,98,4c,c8,40,ad,62,6f,52,3c,19,a6

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\IVP\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 30 Jan 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 20 Oct 2008 12,213 A.SH. --- "C:\WINDOWS\system32\08223B03.dll"
Mon 20 Oct 2008 12,532 A.SH. --- "C:\WINDOWS\system32\122B901E.dll"
Thu 23 Oct 2008 11,699 A.SH. --- "C:\WINDOWS\system32\12B02216.dll"
Sun 26 Oct 2008 216,183 A.SH. --- "C:\WINDOWS\system32\3474A8C2.dll"
Mon 20 Oct 2008 13,419 A.SH. --- "C:\WINDOWS\system32\43ACDCC5.dll"
Mon 20 Oct 2008 11,971 A.SH. --- "C:\WINDOWS\system32\495271CA.dll"
Mon 20 Oct 2008 217,015 A.SH. --- "C:\WINDOWS\system32\4BF9CBA3.dll"
Mon 20 Oct 2008 11,698 A.SH. --- "C:\WINDOWS\system32\4D023DE9.dll"
Mon 20 Oct 2008 11,717 A.SH. --- "C:\WINDOWS\system32\4F34C688.dll"
Mon 20 Oct 2008 12,972 A.SH. --- "C:\WINDOWS\system32\58FF3024.dll"
Mon 20 Oct 2008 11,261 A.SH. --- "C:\WINDOWS\system32\7ADC2AB1.dll"
Mon 20 Oct 2008 11,379 A.SH. --- "C:\WINDOWS\system32\82710040.dll"
Mon 20 Oct 2008 11,951 A.SH. --- "C:\WINDOWS\system32\9CA963CA.dll"
Thu 23 Oct 2008 11,426 A.SH. --- "C:\WINDOWS\system32\A8FC611B.dll"
Mon 20 Oct 2008 11,657 A.SH. --- "C:\WINDOWS\system32\C250CF20.dll"
Mon 20 Oct 2008 216,485 A.SH. --- "C:\WINDOWS\system32\C56BCC10.dll"
Mon 20 Oct 2008 12,005 A.SH. --- "C:\WINDOWS\system32\D91BC61E.dll"
Mon 20 Oct 2008 12,770 A.SH. --- "C:\WINDOWS\system32\DA63E650.dll"
Mon 20 Oct 2008 217,178 A.SH. --- "C:\WINDOWS\system32\DE02F764.dll"
Sun 26 Oct 2008 11,749 A.SH. --- "C:\WINDOWS\system32\E0D39066.dll"
Sun 26 Oct 2008 216,876 A.SH. --- "C:\WINDOWS\system32\E3367679.dll"
Thu 23 Oct 2008 216,518 A.SH. --- "C:\WINDOWS\system32\EC7DA7DC.dll"
Thu 18 Sep 2008 15 ..SHR --- "C:\WINDOWS\system32\drivers\fbd.sys"
Thu 18 Sep 2008 4 ..SHR --- "C:\WINDOWS\system32\drivers\taishop.sys"
Fri 19 Sep 2008 792,104 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0ed7e495766dc4cd7e8f61063b3fe436\BIT2C.tmp"
Fri 5 Oct 2007 135,168 A.SH. --- "C:\Documents and Settings\ne3na3\Desktop\my 1.gb. glash\hamad\SIV283.tmp"
Sat 18 Aug 2007 110,592 A.SH. --- "C:\Documents and Settings\ne3na3\Desktop\my 1.gb. glash\hamad\SIV6.tmp"
Sat 18 Aug 2007 196,608 A.SH. --- "C:\Documents and Settings\ne3na3\Desktop\my 1.gb. glash\hamad\SIV9.tmp"

Finished!

#6 ne3na3

ne3na3
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 26 October 2008 - 01:32 PM

hello
i think i have mistakingly put something that was not required, and missed putting hijack this log report, so i'm attaching it
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:18 PM, on 10/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\WINDOWS\System32\rpcnetp.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.2.230.4:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
O4 - HKLM\..\Run: [HBService32] SYSTEM.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1221682930889
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: HBmhly.dll,HB1000Y.dll,HBWOOOL.dll,HBXY2.dll,HBJXSJ.dll,HBSO2.dll,HBFS2.dll,HBXY3.dll,HBSHQ.dll,HBFY.dll,HBWULIN2.dll,HBW2I.dll,HBKDXY.dll,HBWORLD2.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,HBZERO.dll,HBBO.dll,HBCONQUER.dll,HBSOUL.dll,HBCHIBI.dll,HBDNF.dll,HBWARLORDS.dll,HBTL.dll,HBPICKCHINA.dll,HBCT.dll,HBGC.dll,HBHM.dll,HBHX2.dll,HBQQHX.dll,HBTW2.dll,HBQQSG.dll,HBQQFFO.dll,HBZT.dll,HBMIR2.dll,HBRXJH.dll,HBYY.dll,HBMXD.dll,HBSQ.dll,HBTJ.dll,HBFHZL.dll,HBWLQX.dll,HBLYFX.dll,HBR2.dll,HBCHD.dll,HBTZ.dll,HBQQXX.dll,HBWD.dll,HBZG.dll,HBPPBL.dll,HBXMJ.dll,HBJTLQ.dll,HBQJSJ.dll
O21 - SSODL: Upnp - {DE01DA19-A6A8-EB80-4D47-248DEB2A9399} - C:\WINDOWS\system32\upnpsrv.dll
O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 10211 bytes

#7 RELOADED

RELOADED

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bahrain - East Riffa
  • Local time:05:32 AM

Posted 27 October 2008 - 11:15 PM

Hello ne3na3,

Sorry for the delay. I'm afraid to tell you that your computer has been infected badly and your machine might start yelling at you!
Please lets follow the below instructions and see what can we conclude:-


Peer to Peer File Sharing (Azureus)
Please note that as long as you're using any form of Peer-to-Peer networking (BitLord, utorrent, Azureus, Morpheus, Limewire, etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.

When you use Peer-to-peer (P2P) programs, you are downloading software from an UNKNOWN source directly onto your computer, bypassing your Firewall and Anti-Virus software. It's hardly surprising that many of the available downloads are being used by malware purveyors as a delivery method for their infections. Further, if your P2P program is not configured correctly you may be sharing more files than you realize. See here: http://www.infoworld.com/article/07/09/06/...ID-theft_1.html

Even if you have one of the SAFE P2P programs, the practice of file-sharing is very UNSAFE for the health of your PC.
You may decide to continue P2P sharing, but keep in mind that this practice may be the source of major PC infections.
Better ask yourself if you and your system CD are REALLY ready to reformat your Hard Drive and Re-install Windows.

The risks of using P2P programs are described here in this Sourceforge webpage and in this Information Week article.
Some malware help forums are now refusing to help those who show up with infections from P2P usage.

I think you should stop using and Uninstall BitLord, but it's your decision.
I have included them in the removals below.



A. Please click start>control panel>add/remove programs.
  • Under Currently installed programs.
  • Please select BitLord program.
  • Then press the Remove button next to it to remove it.
  • Once you have done that please remove following folders(if present)
  • C:\Program Files\BitLord<<-- delete this folder
  • C:\Documents and Settings\DennisFanti\Application Data\BitLord<<-- delete this folder
+++++++++++++++++++++++++++



A. Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    rpcnetp <delete service>
    4901228.sys <delete service>
    4c70249.sys <delete service>
    5102a80.sys <delete service>
    9fd8db.sys <delete service>
    c551839.sys <delete service>
    eth8023.sys <delete service>
    HBKernel32.sys <delete service>
    
    C:\WINDOWS\System32\rpcnetp.dll
    C:\WINDOWS\System32\rpcnetp.exe
    C:\WINDOWS\system32\4901228.sys
    C:\WINDOWS\system32\4c70249.sys
    C:\WINDOWS\system32\5102a80.sys 
    C:\WINDOWS\system32\9fd8db.sys
    C:\WINDOWS\system32\c551839.sys
    C:\WINDOWS\system32\drivers\eth8023.sys
    C:\WINDOWS\system32\drivers\HBKernel32.sys
    C:\WINDOWS\System32\unxxx.bat
    C:\WINDOWS\System32\E0D39066.dll
    C:\WINDOWS\System32\E0D39066.cfg
     C:\WINDOWS\System32\3474A8C2.dll
    C:\WINDOWS\System32\3474A8C2.cfg
    C:\WINDOWS\System32\E3367679.dll
    C:\WINDOWS\System32\E3367679.cfg
    C:\WINDOWS\System32\EC7DA7DC.dll
    C:\WINDOWS\System32\EC7DA7DC.cfg
    C:\WINDOWS\System32\12B02216.dll
    C:\WINDOWS\System32\12B02216.cfg
    C:\WINDOWS\System32\A8FC611B.dll
    C:\WINDOWS\System32\A8FC611B.cfg
    C:\WINDOWS\System32\4BF9CBA3.dll
    C:\WINDOWS\System32\4BF9CBA3.cfg
    C:\WINDOWS\System32\C56BCC10.dll
    C:\WINDOWS\System32\C56BCC10.cfg
    C:\WINDOWS\System32\4F34C688.dll
    C:\WINDOWS\System32\4F34C688.cfg
    C:\WINDOWS\System32\HBQQFFO.dll
    C:\WINDOWS\System32\HBZG.dll
    C:\WINDOWS\System32\HBZHUXIAN.dll
    C:\WINDOWS\System32\HBCHIBI.dll
    C:\WINDOWS\System32\HBBO.dll
    C:\WINDOWS\System32\HBQQSG.dll
    C:\WINDOWS\System32\495271CA.dll
    C:\WINDOWS\System32\495271CA.cfg
    C:\WINDOWS\System32\122B901E.dll
    C:\WINDOWS\System32\122B901E.cfg
    C:\WINDOWS\System32\9CA963CA.dll
    C:\WINDOWS\System32\9CA963CA.cfg
    C:\WINDOWS\System32\C250CF20.dll
    C:\WINDOWS\System32\C250CF20.cfg
    C:\WINDOWS\System32\DA63E650.dll
    C:\WINDOWS\System32\DA63E650.cfg
    C:\WINDOWS\System32\7ADC2AB1.dll
    C:\WINDOWS\System32\7ADC2AB1.cfg
    C:\WINDOWS\System32\08223B03.dll
    C:\WINDOWS\System32\08223B03.cfg
    C:\WINDOWS\System32\4D023DE9.dll
    C:\WINDOWS\System32\8b52f47.sys
    C:\WINDOWS\System32\4D023DE9.cfg
    C:\WINDOWS\System32\82710040.dll
    C:\WINDOWS\System32\82710040.cfg
    C:\WINDOWS\System32\D91BC61E.dll
    C:\WINDOWS\System32\D91BC61E.cfg
    C:\WINDOWS\System32\58FF3024.dll
    C:\WINDOWS\System32\58FF3024.cfg
    C:\WINDOWS\System32\43ACDCC5.dll
    C:\WINDOWS\System32\43ACDCC5.cfg
    C:\WINDOWS\System32\4901228.sys
    C:\WINDOWS\System32\DE02F764.dll
    C:\WINDOWS\System32\DE02F764.cfg
    C:\WINDOWS\System32\HBmhly.dll
    C:\WINDOWS\Update.dll
    C:\WINDOWS\System32\AF05A291.cfg
    C:\Documents and Settings\ne3na3\Desktop\porn
    C:\Documents and Settings\ne3na3\Desktop\-R_&_B_Collection_2008-_[mininova].torrent
    C:\Documents and Settings\ne3na3\Desktop\2Pac_[mininova].torrent
    C:\Documents and Settings\ne3na3\Desktop\BitLord_1.01.exe
    
    
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\\{97421D0D-E07F-40DF-8F07-99597B9585AD}
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\3PMmUpdate 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HBService32
    
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\msnmsg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\ThunderAdvise
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\Upnp
    
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{12B02216-AC3F-42A7-8313-449771237061}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{3474A8C2-BEF9-46C8-983A-A26A0030EC30}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{43ACDCC5-9009-4AF4-B80A-93BC656EF298}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{495271CA-D0C6-4052-ABE6-5B01C73CDFB0}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{4F34C688-FD49-42FC-97F7-87D2F5791612}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{58FF3024-8A83-4B1A-88E9-302F47646EEE}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{7ADC2AB1-5C6A-4178-82DA-94863354AF7C}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{82710040-F86E-42E0-B1F8-04EDF75856F8}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{9CA963CA-107C-4089-B0AB-31380F90D7E3}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{A8FC611B-71F6-4B4D-BD3A-BFBCCDE96F57}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{C250CF20-5F89-4310-9854-4BC261FB14FB}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{C56BCC10-503E-43AB-B208-3CD37FCFCE40}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{D91BC61E-7D78-4A2A-A336-7B97E8E52F0B}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DA63E650-537C-4042-87BB-9D19D844680B}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DE02F764-C51A-4788-9597-D78ECC2AC08F}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E3367679-4775-4244-A62E-4CFE58FC850B}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{EC7DA7DC-2597-4736-AAEF-334299726138}
    
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



+++++++++++++++++++++++++++



B. Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".



+++++++++++++++++++++++++++



C. Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



+++++++++++++++++++++++++++



D. HijackThis Log
  • From Start | All Programs | HijackThis
  • Click on Hijackthis to start the program.
  • Choose Do a systen scan and save a logfile button.
  • A log will be produced with a name of: Hijackthis.log, and will be opened in a Notepad.
  • Please post the content of the HijackThis log file in your next reply for further review. (Note: Has been created in C:\Program Files\Trend Micro\HijackThis\hijackthis.log).

+++++++++++++++++++++++++++



E. Runing OTViewIt Again Please
  • Double click on the OTViewIt.exe icon on your desktop.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button.
    • OTViewIt.txt <-- Will be opened
  • Copy and Paste the log into your next reply.

Note: In your next post I would like to see (not attached, but posted) the following please:1. The log from OTMoveIt.
2. The log from OTviewIt (OTViewIt.txt).
3. MBAM Log.
4. Hijackthis Log.
Thanks and good luck.


With Regards,
RELOADED
No goal is worthy of our time and effort if all we are going to get out of it is an end result.
If I have been helping you and I don't reply within 48 hours, please shoot me a PM. Thanks.

#8 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:09:32 PM

Posted 07 November 2008 - 10:20 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
All others please read The Preparation Guide before starting your topic.

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users