Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.bho


  • This topic is locked This topic is locked
6 replies to this topic

#1 RisingStars

RisingStars

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 03 November 2008 - 12:23 AM

sorry guys im here again, but i have no idea how this happened, or when it happened. Nomally i know, but this is strange.
Here's what i cleaned up with MBAM
Malwarebytes' Anti-Malware 1.30
Database version: 1358
Windows 5.1.2600 Service Pack 3

11/2/2008 8:59:06 PM
mbam-log-2008-11-02 (20-59-06).txt

Scan type: Quick Scan
Objects scanned: 56220
Time elapsed: 6 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Common\helper.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common\helper.dll (Trojan.BHO) -> Delete on reboot.

Here's OT viewit

OTViewIt logfile created on: 11/2/2008 9:22:32 PM - Run 3
OTViewIt by OldTimer - Version 1.0.17.0 Folder = C:\Documents and Settings\phillip chan\Desktop\Michael's Stuff
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.30% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 64.73 Gb Free Space | 43.45% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D8NXKPD1
Current User Name: phillip chan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/01/22 21:19:34 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
[2007/01/22 21:19:28 | 00,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
[2007/09/13 17:49:48 | 00,202,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
[2007/10/01 14:50:08 | 00,214,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
[2005/11/17 00:33:52 | 01,160,800 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
[2007/10/06 19:22:52 | 01,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/11/05 08:22:16 | 00,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[2007/01/22 21:19:26 | 00,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
[2007/09/27 13:20:18 | 16,844,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2006/12/06 22:30:42 | 00,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
[2006/07/25 17:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2007/05/23 11:13:38 | 00,139,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
[2007/09/17 08:07:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/04/13 16:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2006/11/22 13:42:44 | 00,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
[2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe
[2006/12/15 12:36:28 | 00,750,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
[2008/08/22 21:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/10/19 16:52:46 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\phillip chan\Desktop\Michael's Stuff\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/07/25 17:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2007/01/22 21:19:28 | 00,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE -- (ccEvtMgr [Auto | Running])
[2007/01/16 12:52:26 | 00,072,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\CCPWDSVC.EXE -- (ccISPwdSvc [Auto | Stopped])
[2007/09/13 17:49:48 | 00,202,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE -- (ccProxy [Auto | Running])
[2007/01/22 21:19:34 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE -- (ccSetMgr [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/01/16 10:25:28 | 00,045,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\COMHOST.EXE -- (comHost [On_Demand | Stopped])
[2007/03/19 09:44:44 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2004/10/22 00:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/10/20 20:27:31 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
[2006/07/25 17:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
[2007/03/12 17:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [On_Demand | Stopped])
[2007/05/23 11:13:38 | 00,139,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE -- (navapsvc [Auto | Running])
[2006/12/15 12:36:28 | 00,750,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService [On_Demand | Running])
[2007/09/17 08:07:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2008/09/11 13:51:18 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])
[2006/11/05 08:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2006/11/05 08:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
[2005/08/02 13:18:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
[2005/11/17 00:32:56 | 00,198,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan [On_Demand | Stopped])
[2007/10/01 14:50:08 | 00,214,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [Auto | Running])
[2005/11/17 00:33:52 | 01,160,800 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])
[2006/09/14 11:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2007/10/06 19:22:52 | 01,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
[2005/01/28 10:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Stopped])

========== Driver Services ==========

[2001/08/17 10:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 10:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 10:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 10:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2001/08/17 10:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 10:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2007/08/02 09:32:26 | 00,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr [On_Demand | Running])
[2006/08/18 10:17:46 | 00,035,096 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
[2006/08/18 10:17:40 | 00,032,472 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2006/08/11 07:35:18 | 00,012,920 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2006/08/18 10:18:08 | 00,009,400 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM [Auto | Running])
[2006/08/18 10:17:38 | 00,104,472 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2006/08/18 10:17:42 | 00,026,008 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2006/08/18 10:17:38 | 00,014,520 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2006/08/11 07:35:16 | 00,028,184 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
[2006/08/18 10:17:44 | 00,094,648 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2006/08/18 10:17:44 | 00,097,848 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2006/07/21 08:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2006/08/11 08:05:58 | 00,051,768 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2006/10/05 14:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2007/02/25 09:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2001/08/17 09:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2007/07/22 17:36:42 | 00,254,872 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])
[2007/09/18 00:00:00 | 00,395,312 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2007/09/21 00:00:00 | 00,112,688 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2008/04/13 08:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007/03/07 20:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2007/03/07 20:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2007/03/07 20:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2007/06/20 15:45:24 | 00,304,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iastor.sys -- (iaStor [Boot | Stopped])
[2007/10/02 15:32:14 | 04,613,120 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/04/13 10:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2001/08/17 10:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2007/11/14 01:00:00 | 00,081,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071216.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2007/11/14 01:00:00 | 00,865,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071216.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2008/04/13 10:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2005/08/02 13:10:13 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
[2007/09/17 08:07:00 | 06,853,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/08/04 02:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/07/24 00:00:00 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 10:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 10:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 10:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2005/11/17 00:32:56 | 00,334,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT [On_Demand | Running])
[2005/11/17 00:32:56 | 00,053,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
[2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 10:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 11:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2007/04/09 19:44:52 | 00,391,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2001/08/17 11:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 11:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2007/10/01 14:48:56 | 00,012,680 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008/05/30 22:37:44 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2007/10/01 14:49:04 | 00,098,184 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2007/10/01 14:49:16 | 00,031,624 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])
[2007/11/06 08:07:07 | 00,158,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080116.003\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])
[2007/09/14 14:45:11 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
[2007/10/01 14:49:10 | 00,028,040 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])
[2007/10/01 14:49:20 | 00,023,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2007/10/01 14:49:26 | 00,189,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2001/08/17 11:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 11:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2001/08/17 10:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2004/08/04 02:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070915
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070915

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070915
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070915

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (266614 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
9235 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (HKLM) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"DeathAdder"=C:\Program Files\Razer\DeathAdder\razerhid.exe ()
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" (Roxio)
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
"URLLSTCK.exe"=C:\Program Files\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoActiveDesktop"=0
"NoSaveSettings"=0
"ClassicShell"=0
"NoThemesTab"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispBackgroundPage"=0
"NoDispScrSavPage"=0
"NoDispAppearancePage"=0
"NoColorChoice"=0
"NoSizeChoice"=0
"NoDispCPL"=0
"NoVisualStyleChoice"=0
"NoDispSettingsPage"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim.exe [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
turbotax.com: https in Trusted sites
45 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Facebo...toUploader5.cab -- Reg Error: Key does not exist or could not be opened.
{4E218431-2F07-40BD-A9D3-035324C1F13F}: http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB -- DyynoX Class
{54BE6B6F-3056-470B-97E1-BB92E051B6C4}: http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab -- Reg Error: Key does not exist or could not be opened.
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1221627720921 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.3
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10

========== (O17) DNS Name Servers ==========

{16A74A24-022E-4BF8-BE8A-65BABF59DD7B} (Servers: | Description: Intel® 82562V-2 10/100 Network Connection)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 10:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7db1cca8-7aed-11dd-bb30-001aa096c65f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7db1cca8-7aed-11dd-bb30-001aa096c65f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7db1cca8-7aed-11dd-bb30-001aa096c65f}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008/11/02 18:27:06 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2008/11/02 18:27:05 | 00,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2008/11/02 18:27:04 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2008/11/02 18:27:04 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2008/11/02 18:27:03 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2008/11/02 18:27:02 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2008/11/02 18:27:01 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2008/11/02 18:27:00 | 00,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2008/11/02 18:27:00 | 00,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2008/11/02 18:26:59 | 00,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2008/11/02 18:26:58 | 00,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2008/11/02 18:26:58 | 00,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2008/11/02 18:26:57 | 00,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2008/11/02 18:26:56 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2008/11/02 18:26:55 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2008/11/02 18:26:54 | 00,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2008/11/02 18:26:50 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2008/11/02 18:26:49 | 00,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2008/11/02 18:26:48 | 00,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2008/11/02 18:26:48 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2008/11/02 18:26:47 | 00,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2008/11/02 18:26:45 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2008/11/02 18:26:43 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2008/11/02 18:26:41 | 00,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2008/11/02 18:26:41 | 00,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2008/11/02 18:26:40 | 00,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2008/11/02 18:26:40 | 00,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2008/11/02 18:26:39 | 00,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2008/11/02 18:26:39 | 00,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2008/11/02 18:26:38 | 00,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2008/11/02 18:26:37 | 00,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2008/11/02 18:26:36 | 00,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2008/11/02 18:26:34 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2008/11/02 18:26:34 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2008/11/02 18:26:34 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2008/11/02 18:26:34 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2008/11/02 18:26:33 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2008/11/02 18:26:32 | 00,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2008/11/02 18:26:31 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2008/11/02 18:26:31 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2008/11/02 18:26:30 | 00,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2008/11/02 18:26:29 | 00,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2008/11/02 18:26:28 | 00,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2008/11/02 18:26:28 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2008/11/02 18:26:27 | 00,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2008/11/02 18:26:27 | 00,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2008/11/02 18:26:26 | 00,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2008/11/02 18:26:25 | 00,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2008/11/02 18:26:24 | 00,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2008/11/02 18:26:24 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2008/11/02 18:26:24 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2008/11/02 18:26:23 | 00,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2008/11/02 18:26:23 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2008/11/02 18:26:22 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2008/11/02 18:26:22 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2008/11/02 18:26:21 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2008/11/02 18:26:21 | 00,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2008/11/02 18:26:21 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2008/11/02 18:26:20 | 00,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2008/11/02 18:26:20 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2008/11/02 18:26:06 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2008/11/02 18:26:05 | 00,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2008/11/02 18:26:04 | 00,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2008/11/02 18:26:04 | 00,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2008/11/02 18:26:03 | 00,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2008/11/02 18:26:03 | 00,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2008/11/02 18:26:03 | 00,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2008/11/02 18:26:02 | 00,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2008/11/02 18:26:02 | 00,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2008/11/02 18:26:01 | 00,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2008/11/02 18:26:01 | 00,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2008/11/02 18:26:00 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2008/11/02 18:26:00 | 00,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2008/11/02 18:25:59 | 00,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2008/11/02 18:25:59 | 00,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2008/11/02 18:25:59 | 00,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2008/11/02 18:25:58 | 00,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2008/11/02 18:25:58 | 00,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2008/11/02 18:25:57 | 00,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2008/11/02 18:25:57 | 00,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2008/11/02 18:25:56 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2008/11/02 18:25:56 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2008/11/02 18:25:56 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2008/11/02 18:25:55 | 00,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2008/11/02 18:25:54 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2008/11/02 18:25:53 | 00,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2008/11/02 18:25:53 | 00,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2008/11/02 18:25:52 | 00,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2008/11/02 18:25:52 | 00,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2008/11/02 18:25:51 | 00,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2008/11/02 18:25:51 | 00,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2008/11/02 18:25:51 | 00,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2008/11/02 18:25:50 | 00,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2008/11/02 18:25:50 | 00,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2008/11/02 18:25:49 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2008/11/02 18:25:48 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2008/11/02 18:25:47 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2008/11/02 18:25:47 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2008/11/02 18:25:46 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2008/11/02 18:25:46 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2008/11/02 18:25:46 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2008/11/02 18:25:45 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2008/11/02 18:25:45 | 00,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2008/11/02 18:25:44 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2008/11/02 18:25:42 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2008/11/02 18:25:41 | 00,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2008/11/02 18:25:39 | 00,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2008/11/02 18:25:39 | 00,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2008/11/02 18:25:39 | 00,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2008/11/02 18:25:38 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2008/11/02 18:25:37 | 00,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2008/11/02 18:25:37 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2008/11/02 18:25:33 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2008/11/02 18:25:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2008/11/02 18:25:31 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2008/11/02 18:25:31 | 00,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2008/11/02 18:25:31 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2008/11/02 18:25:30 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2008/11/02 18:25:30 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2008/11/02 18:25:30 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2008/11/02 18:25:30 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2008/11/02 18:25:29 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2008/11/02 18:25:28 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2008/11/02 18:25:27 | 00,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2008/11/02 18:25:27 | 00,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2008/11/02 18:25:27 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2008/11/02 18:25:26 | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2008/11/02 18:25:26 | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2008/11/02 18:25:26 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2008/11/02 18:25:26 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2008/11/02 18:25:25 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2008/11/02 18:25:25 | 00,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2008/11/02 18:25:25 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2008/11/02 18:25:07 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2008/11/02 16:21:04 | 00,014,539 | ---- | C] () -- C:\Documents and Settings\phillip chan\Desktop\aerospace_speech.rtf
[2008/10/29 16:22:31 | 02,443,790 | ---- | C] () -- C:\Documents and Settings\phillip chan\Desktop\BoA_-_Eat_You_Up.mp3
[2008/10/26 20:12:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\phillip chan\Desktop\Jimmy's Girls
[2008/10/21 18:35:36 | 03,147,992 | ---- | C] () -- C:\Documents and Settings\phillip chan\Desktop\ep08.mp3
[2008/10/20 21:12:52 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/20 21:12:29 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/20 21:12:29 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/20 21:12:29 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/20 21:10:15 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/20 20:27:49 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2008/10/20 20:26:22 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/10/20 19:43:58 | 76,502,424 | ---- | C] () -- C:\Documents and Settings\phillip chan\Desktop\jdk-6u10-windows-i586-p.exe
[2008/10/20 08:49:32 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2008/10/19 20:52:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common
[2008/10/15 23:12:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\phillip chan\Desktop\April Snow
[2008/10/14 10:52:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2008/10/13 10:56:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\phillip chan\Desktop\temp
[2008/10/13 09:35:42 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/10/12 18:29:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\phillip chan\Application Data\Malwarebytes
[2008/10/12 18:29:40 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/12 18:29:39 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/12 18:29:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/12 18:29:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

========== Files - Modified Within 30 Days ==========

[161 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/11/02 21:00:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/02 21:00:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/02 20:59:52 | 05,304,134 | -H-- | M] () -- C:\Documents and Settings\phillip chan\Local Settings\Application Data\IconCache.db
[2008/11/02 20:19:14 | 00,014,539 | ---- | M] () -- C:\Documents and Settings\phillip chan\Desktop\aerospace_speech.rtf
[2008/11/02 18:23:50 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/02 18:16:25 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\phillip chan\Desktop\Steam.lnk
[2008/11/02 10:27:11 | 00,066,560 | ---- | M] () -- C:\Documents and Settings\phillip chan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/02 10:23:56 | 00,479,920 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/02 10:23:56 | 00,408,000 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/02 10:23:56 | 00,064,404 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/31 20:55:01 | 00,000,562 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - phillip chan.job
[2008/10/29 16:22:35 | 02,443,790 | ---- | M] () -- C:\Documents and Settings\phillip chan\Desktop\BoA_-_Eat_You_Up.mp3
[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/20 21:18:20 | 00,163,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/20 21:16:27 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/20 20:25:58 | 76,502,424 | ---- | M] () -- C:\Documents and Settings\phillip chan\Desktop\jdk-6u10-windows-i586-p.exe
[2008/10/15 08:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 08:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/14 09:43:38 | 00,266,614 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/13 14:19:23 | 00,000,563 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/13 14:19:23 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/13 14:19:23 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/10/07 11:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/06 15:23:24 | 06,012,928 | ---- | M] () -- C:\Documents and Settings\phillip chan\Desktop\Natasha_Bedingfield_-_Angel.mp3



OTViewIt Extras logfile created on: 11/2/2008 9:22:32 PM - Run 3
OTViewIt by OldTimer - Version 1.0.17.0 Folder = C:\Documents and Settings\phillip chan\Desktop\Michael's Stuff
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.30% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 64.73 Gb Free Space | 43.45% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D8NXKPD1
Current User Name: phillip chan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/06 20:28:27 | 00,219,952 | ---- | M] () -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2006/08/25 14:46:38 | 05,423,104 | R--- | M] (Monolith Productions, Inc.) -- C:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR
[2006/08/25 14:54:04 | 05,431,296 | R--- | M] (Monolith Productions, Inc.) -- C:\Program Files\Sierra\FEAR\FEARMP.exe:*:Enabled:FEAR
[2008/03/05 22:29:49 | 10,343,712 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
[2007/10/22 18:56:52 | 03,597,600 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
[2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2008/09/11 13:51:18 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
[2008/09/11 13:51:26 | 00,107,832 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2008/04/13 16:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
msdaipp: [HKLM - No CLSID value]
[2008/04/13 16:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 16:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Professional
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}"=Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}"=Symantec KB-DocID:2003093015493306
"{0D397393-9B50-4c52-84D5-77E344289F87}"=Roxio Creator Data
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}"=ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}"=Norton Internet Security
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{281ECE39-F043-492B-8337-F2E546B5604A}"=PowerDVD
"{2B653229-9854-4989-B780-D978F5F13EAB}"=FEAR
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}"=SymNet
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}"=CC_ccProxyExt
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}"=Scan
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}"=Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{30738666-9805-4926-A78F-91DA33B6C437}"=ccPxyCore
"{32A3A4F4-B792-11D6-A78A-00B0D0160100}"=Java™ SE Development Kit 6 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}"=Sonic Activation Module
"{3B29A786-5803-4E9E-9B58-3014A5B4E519}"=Norton AntiSpam
"{449F3A9E-9903-4a0d-A209-08030D45A935}"=Norton Internet Security
"{48185814-A224-447a-81DA-71BD20580E1B}"=Norton Internet Security
"{543E938C-BDC4-4933-A612-01293996845F}"=UnloadSupport
"{5677563D-0CB1-485F-9E18-C5025306BB3F}"=Norton AntiSpam
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}"=Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}"=Intel® PRO Network Connections 12.1.12.0
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}"=Norton Protection Center
"{83FFCFC7-88C6-41c6-8752-958A45325C82}"=Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}"=Roxio Creator BDAV Plugin
"{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}"=HP Photosmart All-In-One Software 9.0
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}"=Garena
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}"=AGEIA PhysX v7.11.13
"{998D6972-F58E-479D-9248-8F179E55AE38}"=Java DB 10.4.1.3
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}"=Norton Internet Security
"{AC76BA86-7AD7-1033-7B44-A70800000002}"=Adobe Reader 7.0.8
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}"=Magic Online III
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}"=AIO_Scan
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}"=MSRedist
"{C6F5B6CF-609C-428E-876F-CA83176C021B}"=Norton AntiVirus 2006
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D45EC259-4A19-4656-B588-C2C360DD18EA}"=Half-Life® 2
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}"=Roxio MyDVD DE
"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}"=C4200_doccd
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E2662C24-B31E-4349-A084-32EB76E8B760}"=BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}"=PS_AIO_Software_min
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}"=Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}"=Norton Internet Security
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}"=Norton WMI Update
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}"=Toolbox
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}"=DeathAdder™ Mouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1"=WC3Banlist
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}"=32 Bit HP CIO Components Installer
"{F64306A5-4C32-41bb-B153-53986527FAB4}"=Norton WMI Update
"{FFB4DD53-28B7-4981-BFF0-9BD801F61095}"=Norton Internet Security
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AOL Instant Messenger"=AOL Instant Messenger
"AutoHotkey"=AutoHotkey 1.0.47.04
"Combined Community Codec Pack_is1"=Combined Community Codec Pack 2008-01-24
"DotA Client Build b1.8 (Final Beta)_is1"=DotA Client Build b1.8 (Final Beta)
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Insurgency"=Insurgency ( Remove only)
"InsurgencyMod"=Insurgency: Modern Infantry Combat
"LiveUpdate"=LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (2.0.0.17)"=Mozilla Firefox (2.0.0.17)
"Natural Selection_is1"=Natural Selection 3.2
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PeerGuardian_is1"=PeerGuardian 2.0
"RealAlt_is1"=Real Alternative 1.60
"Steam App 10"=Counter-Strike
"Steam App 20"=Team Fortress Classic
"Steam App 215"=Source SDK Base
"Steam App 320"=Half-Life 2: Deathmatch
"Steam App 70"=Half-Life
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}"=Norton Internet Security 2006 (Symantec Corporation)
"Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2
"TurboTax Deluxe 2007"=TurboTax Deluxe 2007
"VLC media player"=VideoLAN VLC media player 0.8.6c
"WinAVI Video Converter_is1"=WinAVI Video Converter
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinPcapInst"=WinPcap 3.1
"WinRAR archiver"=WinRAR archiver
"World of Warcraft"=World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Neoteris_Host_Checker"=Juniper Networks Host Checker
"uTorrent"=µTorrent
"Warcraft III"=Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/31/2008 4:47:59 AM | Computer Name = D8NXKPD1 | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.6089.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 10/31/2008 3:30:49 PM | Computer Name = D8NXKPD1 | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.6089.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 11/1/2008 6:41:58 PM | Computer Name = D8NXKPD1 | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, faulting module datacache.dll,
version 0.0.0.0, fault address 0x0000b423.

Error - 11/2/2008 5:43:26 PM | Computer Name = D8NXKPD1 | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, faulting module datacache.dll,
version 0.0.0.0, fault address 0x0000b423.

Error - 11/2/2008 9:49:36 PM | Computer Name = D8NXKPD1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module _helper.dll, version 3.0.1.5, fault address 0x0000cb35.

Error - 11/2/2008 9:51:10 PM | Computer Name = D8NXKPD1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module _helper.dll, version 3.0.1.5, fault address 0x0000cb35.

Error - 11/2/2008 10:22:26 PM | Computer Name = D8NXKPD1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module helper.dll, version 3.0.1.5, fault address 0x0000c235.

Error - 11/2/2008 10:28:06 PM | Computer Name = D8NXKPD1 | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.6089.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 11/3/2008 12:30:34 AM | Computer Name = D8NXKPD1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module helper.dll, version 3.0.1.5, fault address 0x000085a0.

Error - 11/3/2008 12:44:11 AM | Computer Name = D8NXKPD1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module helper.dll, version 3.0.1.5, fault address 0x0000c235.

[ System Events ]
Error - 11/3/2008 1:02:14 AM | Computer Name = D8NXKPD1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/3/2008 1:02:33 AM | Computer Name = D8NXKPD1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/3/2008 1:03:20 AM | Computer Name = D8NXKPD1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/3/2008 1:10:48 AM | Computer Name = D8NXKPD1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/3/2008 1:11:37 AM | Computer Name = D8NXKPD1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/3/2008 1:12:54 AM | Computer Name = D8NXKPD1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/3/2008 1:12:59 AM | Computer Name = D8NXKPD1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/3/2008 1:19:54 AM | Computer Name = D8NXKPD1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/3/2008 1:21:02 AM | Computer Name = D8NXKPD1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/3/2008 1:22:23 AM | Computer Name = D8NXKPD1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >


i appreciate the help, and let me know if i need to run any more scans.

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 PM

Posted 09 November 2008 - 12:08 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

That Browser Helper Object that MBAM detected was Adware.CasinoClient.

CasinoClient is an adware program that tracks a user's browsing activities by logging the keywords typed in Web-based search engines, such as Google. The keywords are sent back to the controlling server like www.consumeralertsystem.com. It creates icons on your desktop which link to sites that contain adware. It also displays pop-up ads at random intervals.


I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTScanIt
Download OTScanIt2 by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • Check the Scan all users box.
  • Under the Additional Scans bar, click "Extras". Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


In your next reply include:
-the OTScanIt log (attached)
-the Kaspersky log (pasted directly into your reply)

Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 RisingStars

RisingStars
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 09 November 2008 - 09:39 PM

KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, November 9, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 09, 2008 23:00:10
Records in database: 1377332


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Files scanned 110536
Threat name 3
Infected objects 3
Suspicious objects 0
Duration of the scan 01:36:43

File name Threat name Threats count
C:\_OTMoveIt\MovedFiles\08122008_125235\WINDOWS\system32\LPHCLDUJ0E78E.0XE Infected: Trojan-Downloader.Win32.Small.zgj 1

C:\_OTMoveIt\MovedFiles\10202008_094449\Program Files\DotA Gaming Network\dprotect.dc Infected: Packed.Win32.Black.a 1

C:\_OTMoveIt\MovedFiles\10202008_094449\WINDOWS\System32\MSZIPTOOLS.0LL Infected: Trojan-Downloader.Win32.Agent.ajeq 1

The selected area was scanned.

Attached Files



#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 PM

Posted 10 November 2008 - 08:10 AM

Hello.

Your logs look clean.

That piece of adware probably came bundled with a download. MBAM removed it completely.

With Regards,
The Panda

#5 RisingStars

RisingStars
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 10 November 2008 - 01:19 PM

thanks for the help.

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 PM

Posted 10 November 2008 - 05:07 PM

Hello.

Let's reset your system restore and you are good to go.

Set New System Restore Point
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click System Restor.
  • Choose the radio button marked "Create a Restore Point" on the first screen then click Next. Give the R.P. a name then click Create. The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type:
    cleanmgr
  • Click OK.
  • Click the More Options Tab.
  • Click Clean Up in the System Restore section to remove all previous restore points except the newly created one.

Do you have any further questions or concerns?

With Regards,
The Panda

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 PM

Posted 15 November 2008 - 09:54 AM

Hello.

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users