Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Pro and a HiJackThis LOG


  • This topic is locked This topic is locked
15 replies to this topic

#1 Lifeguard1

Lifeguard1

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 24 November 2008 - 11:20 AM

So here I am at last. I was infected with AntivirusPro and this is one persistent SOB virus. Anyway, after numeros hours, scans, file deletions, etc...I am at a point where I can go no further without some sort of expert help. The computer was initially very locked up and could hardly even boot the thing let alone use. Now it is relatively stable and was even able to install the latest version of Kaspersky AV AND even get a virus signature file update (believe me, this was no easy task!). To make a long story short, I am unable to access any sites that have anything to do with antivirus in internet explorer. So if someone would be so kind, please help me through the last stages of this clean up and I will be most grateful.

Here is a copy of the hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:14, on 24/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\Copy of avp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Brad J. Matushewski\Desktop\Anti-Virus Tools\ComboFix.exe
C:\Documents and Settings\Brad J. Matushewski\Desktop\Anti-Virus Tools\ComboFix.exe
C:\Documents and Settings\Brad J. Matushewski\Desktop\Anti-Virus Tools\FUComboFix.exe
C:\Documents and Settings\Brad J. Matushewski\Desktop\Anti-Virus Tools\FUCFix.exe
C:\Documents and Settings\Brad J. Matushewski\Desktop\Anti-Virus Tools\FUCFix.exe
C:\Documents and Settings\Brad J. Matushewski\Desktop\Anti-Virus Tools\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [\\PNL-Brad\EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P35 "\\PNL-Brad\EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX500 on PNL-Brad] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P41 "Auto EPSON Stylus Photo RX500 on PNL-Brad" /O22 "\\PNL-BRAD\Epson_RX500" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-21-2613221422-2995679846-3473112937-500\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-2613221422-2995679846-3473112937-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-21-2613221422-2995679846-3473112937-500 Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Administrator')
O4 - S-1-5-21-2613221422-2995679846-3473112937-500 User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Administrator')
O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - Global Startup: AcomData PushButton Manager.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Palo Alto Software Update Manager 9.0.lnk = C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: tisspwiz.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n020p/EN/install/gtdownlr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187876080375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187876065046
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab?
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs: karna.dat
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Copy of avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\Copy of avp.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8fc1a7d79d2e9) (gupdate1c8fc1a7d79d2e9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 16750 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:51 AM

Posted 24 November 2008 - 04:34 PM

Hello! :thumbsup:
My name is Sam and I will be helping you.

I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back here in your next reply.


===================


Please download random's system information tool (RSIT) and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Lifeguard1

Lifeguard1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 25 November 2008 - 12:30 PM

Hi Sam - thanks for you help on this one.

I ran SDFix (log included below), but I was unable to run RSIT. I have HiJackThis on the desktop but when attempting to run RSIT I get a pop-up error titled, "Auolt Error"; Line -1: Error: Subscript used with non-Array variable.


SDFix: Version 1.240
Run by Brad J. Matushewski on 25/11/2008 at 11:53

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\TDSSarxx.dll - Deleted
C:\WINDOWS\system32\TDSSvoql.dll - Deleted
C:\WINDOWS\system32\TDSScfbv.dll - Deleted
C:\WINDOWS\system32\TDSSdxcp.dll - Deleted
C:\WINDOWS\system32\TDSSmtve.dat - Deleted
C:\WINDOWS\system32\TDSSkkai.log - Deleted


Could Not Remove C:\WINDOWS\system32\TDSSoity.dll
Could Not Remove C:\WINDOWS\system32\tdssmain.dll
Could Not Remove C:\WINDOWS\system32\tdssmain.dll
Could Not Remove C:\WINDOWS\system32\tdssmain.dll



Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 12:11:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSmhct.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSmhct.sys"
"TDSSl"="\systemroot\system32\TDSSoity.dll"
"tdssservers"="\systemroot\system32\TDSSmtve.dat"
"tdssmain"="\systemroot\system32\TDSSarxx.dll"
"tdsslog"="\systemroot\system32\TDSSvoql.dll"
"tdssadw"="\systemroot\system32\TDSScfbv.dll"
"tdssinit"="\systemroot\system32\TDSSdxcp.dll"
"tdssurls"="\systemroot\system32\TDSSnmxp.log"
"tdsspanels"="\systemroot\system32\TDSSsahc.dll"
"tdsserrors"="\systemroot\system32\TDSSxhyf.log"
"TDSSproc"="\systemroot\system32\TDSSkkai.log"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSmhct.sys"
"group"="file system"

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\TDSSmhct.sys 60416 bytes executable
C:\WINDOWS\system32\tdssmain.dll 29696 bytes executable
C:\WINDOWS\system32\TDSSoity.dll 35840 bytes executable
C:\WINDOWS\Temp\TDSS27c6.tmp 35840 bytes executable
C:\WINDOWS\Temp\TDSS3de9.tmp 60416 bytes executable
C:\WINDOWS\Temp\TDSS430a.tmp 35840 bytes executable
C:\WINDOWS\Temp\TDSS458b.tmp 29696 bytes executable
C:\WINDOWS\Temp\TDSS4b09.tmp 31232 bytes executable
C:\WINDOWS\Temp\TDSS4ea3.tmp 73728 bytes executable
C:\WINDOWS\Temp\TDSS73c3.tmp 527 bytes
C:\WINDOWS\Temp\TDSS7eef.tmp 60416 bytes executable
C:\WINDOWS\Temp\TDSS81ec.tmp 35840 bytes executable
C:\WINDOWS\Temp\TDSS825a.tmp 60416 bytes executable
C:\WINDOWS\Temp\TDSS914e.tmp 35840 bytes executable
C:\WINDOWS\Temp\TDSS9797.tmp 527 bytes
C:\WINDOWS\Temp\TDSS9862.tmp 29696 bytes executable
C:\WINDOWS\Temp\TDSSa795.tmp 60416 bytes executable
C:\WINDOWS\Temp\TDSSb263.tmp 35840 bytes executable
C:\WINDOWS\Temp\TDSSb754.tmp 29696 bytes executable
C:\WINDOWS\Temp\TDSSc34b.tmp 31232 bytes executable
C:\WINDOWS\Temp\TDSSc3e7.tmp 527 bytes
C:\WINDOWS\Temp\TDSSc965.tmp 73728 bytes executable
C:\WINDOWS\Temp\TDSScb69.tmp 60416 bytes executable
C:\WINDOWS\Temp\TDSScbc7.tmp 73728 bytes executable
C:\WINDOWS\Temp\TDSSd329.tmp 35840 bytes executable
C:\WINDOWS\Temp\TDSSda5d.tmp 29696 bytes executable
C:\WINDOWS\Temp\TDSSe162.tmp 31232 bytes executable
C:\WINDOWS\Temp\TDSSe7ea.tmp 527 bytes
C:\WINDOWS\Temp\TDSSfd08.tmp 73728 bytes executable
C:\WINDOWS\Temp\TDSSb58f.tmp 31232 bytes executable
C:\Documents and Settings\Brad J. Matushewski\Local Settings\Temp\TDSSe27b.tmp 122880 bytes executable
C:\Documents and Settings\Brad J. Matushewski\Local Settings\Temp\TDSSe29a.tmp 617472 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 32


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\drivers\\svchost.exe"="C:\\WINDOWS\\system32\\drivers\\svchost.exe:*:Disabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

C:\WINDOWS\system32\TDSSoity.dll Found
C:\WINDOWS\system32\tdssmain.dll Found
C:\WINDOWS\system32\tdssmain.dll Found
C:\WINDOWS\system32\tdssmain.dll Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 16 Jan 2008 124 ...H. --- "C:\WINDOWS\WINRDF40.SYS"
Mon 19 Sep 2005 788,568 A..H. --- "C:\ConnectKOL\fscommand\client.exe"
Fri 25 Apr 2003 12,424,594 A..H. --- "C:\ConnectKOL\fscommand\MSIE62K.EXE"
Fri 25 Apr 2003 23,250,289 A..H. --- "C:\ConnectKOL\fscommand\MSIE698.EXE"
Wed 5 Jul 2006 16 ...H. --- "C:\WINDOWS\system32\wkcrj9z.dll"
Mon 19 Sep 2005 77,824 A..H. --- "C:\ConnectKOL\fscommand\comps\acs\AcsInstN.dll"
Mon 19 Sep 2005 6,961,146 A..H. --- "C:\ConnectKOL\fscommand\comps\acs\acsnet.zip"
Mon 19 Sep 2005 3,058,888 A..H. --- "C:\ConnectKOL\fscommand\comps\acs\acssetup.exe"
Mon 19 Sep 2005 307,289 A..H. --- "C:\ConnectKOL\fscommand\comps\asp\aspcheck.dll"
Mon 19 Sep 2005 7,083,361 A..H. --- "C:\ConnectKOL\fscommand\comps\asp\aspsetup.exe"
Wed 21 Sep 2005 1,960,296 A..H. --- "C:\ConnectKOL\fscommand\comps\autoit\autoit-v3.zip"
Mon 19 Sep 2005 550,488 A..H. --- "C:\ConnectKOL\fscommand\comps\deskbar\deskbr.exe"
Mon 19 Sep 2005 553,984 A..H. --- "C:\ConnectKOL\fscommand\comps\flash\FlashAX.exe"
Mon 19 Sep 2005 2,242,759 A..H. --- "C:\ConnectKOL\fscommand\comps\fw\nisale.exe"
Mon 19 Sep 2005 24,064 A..H. --- "C:\ConnectKOL\fscommand\comps\fw\NISChk.dll"
Mon 19 Sep 2005 57,344 A..H. --- "C:\ConnectKOL\fscommand\comps\ocp\ocpchk.dll"
Mon 19 Sep 2005 748,728 A..H. --- "C:\ConnectKOL\fscommand\comps\ocp\ocpinst.exe"
Mon 19 Sep 2005 7,515,304 A..H. --- "C:\ConnectKOL\fscommand\comps\qt\qt.exe"
Mon 19 Sep 2005 86,016 A..H. --- "C:\ConnectKOL\fscommand\comps\qt\QTInsInf.dll"
Mon 19 Sep 2005 45,056 A..H. --- "C:\ConnectKOL\fscommand\comps\rp\RealChk.dll"
Mon 19 Sep 2005 5,111,296 A..H. --- "C:\ConnectKOL\fscommand\comps\rp\RealPl8.EXE"
Mon 19 Sep 2005 4,378,673 A..H. --- "C:\ConnectKOL\fscommand\comps\rp\real_upd.exe"
Mon 19 Sep 2005 360,448 A..H. --- "C:\ConnectKOL\fscommand\comps\rp\rp9codec.exe"
Mon 19 Sep 2005 40,960 A..H. --- "C:\ConnectKOL\fscommand\comps\sysinfo\SiNdInst.dll"
Mon 19 Sep 2005 473,736 A..H. --- "C:\ConnectKOL\fscommand\comps\sysinfo\SinfInst.exe"
Mon 19 Sep 2005 12,288 A..H. --- "C:\ConnectKOL\fscommand\comps\tb\tbinst.dll"
Mon 19 Sep 2005 516,032 A..H. --- "C:\ConnectKOL\fscommand\comps\tb\tbsetup.exe"
Mon 19 Sep 2005 597,080 A..H. --- "C:\ConnectKOL\fscommand\comps\toolbar\toolbr.exe"
Mon 19 Sep 2005 590,688 A..H. --- "C:\ConnectKOL\fscommand\comps\tpspd\TSsetup.exe"
Mon 19 Sep 2005 57,344 A..H. --- "C:\ConnectKOL\fscommand\comps\tpspd\tsverchk.dll"
Mon 19 Sep 2005 49,152 A..H. --- "C:\ConnectKOL\fscommand\comps\vwpt\AOLVPChk.dll"
Mon 19 Sep 2005 61,440 A..H. --- "C:\ConnectKOL\fscommand\comps\vwpt\VPPrePop.exe"
Mon 19 Sep 2005 3,858,056 A..H. --- "C:\ConnectKOL\fscommand\comps\vwpt\Vwpt.exe"
Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Brad J. Matushewski\Application Data\U3\temp\Launchpad Removal.exe"
Mon 19 Sep 2005 788,568 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\client.exe"
Fri 25 Apr 2003 12,424,594 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\MSIE62K.EXE"
Fri 25 Apr 2003 23,250,289 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\MSIE698.EXE"
Mon 19 Sep 2005 788,568 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\client.exe"
Fri 25 Apr 2003 12,424,594 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\MSIE62K.EXE"
Fri 25 Apr 2003 23,250,289 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\MSIE698.EXE"
Mon 19 Sep 2005 77,824 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\acs\AcsInstN.dll"
Mon 19 Sep 2005 6,961,146 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\acs\acsnet.zip"
Mon 19 Sep 2005 3,058,888 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\acs\acssetup.exe"
Mon 19 Sep 2005 307,289 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\asp\aspcheck.dll"
Mon 19 Sep 2005 7,083,361 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\asp\aspsetup.exe"
Wed 21 Sep 2005 1,960,296 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\autoit\autoit-v3.zip"
Mon 19 Sep 2005 550,488 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\deskbar\deskbr.exe"
Mon 19 Sep 2005 553,984 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\flash\FlashAX.exe"
Mon 19 Sep 2005 2,242,759 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\fw\nisale.exe"
Mon 19 Sep 2005 24,064 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\fw\NISChk.dll"
Mon 19 Sep 2005 57,344 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\ocp\ocpchk.dll"
Mon 19 Sep 2005 748,728 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\ocp\ocpinst.exe"
Mon 19 Sep 2005 7,515,304 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\qt\qt.exe"
Mon 19 Sep 2005 86,016 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\qt\QTInsInf.dll"
Mon 19 Sep 2005 45,056 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\rp\RealChk.dll"
Mon 19 Sep 2005 5,111,296 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\rp\RealPl8.EXE"
Mon 19 Sep 2005 4,378,673 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\rp\real_upd.exe"
Mon 19 Sep 2005 360,448 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\rp\rp9codec.exe"
Mon 19 Sep 2005 40,960 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\sysinfo\SiNdInst.dll"
Mon 19 Sep 2005 473,736 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\sysinfo\SinfInst.exe"
Mon 19 Sep 2005 12,288 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\tb\tbinst.dll"
Mon 19 Sep 2005 516,032 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\tb\tbsetup.exe"
Mon 19 Sep 2005 597,080 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\toolbar\toolbr.exe"
Mon 19 Sep 2005 590,688 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\tpspd\TSsetup.exe"
Mon 19 Sep 2005 57,344 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\tpspd\tsverchk.dll"
Mon 19 Sep 2005 49,152 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\vwpt\AOLVPChk.dll"
Mon 19 Sep 2005 61,440 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\vwpt\VPPrePop.exe"
Mon 19 Sep 2005 3,858,056 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\vwpt\Vwpt.exe"
Mon 19 Sep 2005 77,824 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\acs\AcsInstN.dll"
Mon 19 Sep 2005 6,961,146 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\acs\acsnet.zip"
Mon 19 Sep 2005 3,058,888 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\acs\acssetup.exe"
Mon 19 Sep 2005 307,289 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\asp\aspcheck.dll"
Mon 19 Sep 2005 7,083,361 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\asp\aspsetup.exe"
Wed 21 Sep 2005 1,960,296 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\autoit\autoit-v3.zip"
Mon 19 Sep 2005 550,488 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\deskbar\deskbr.exe"
Mon 19 Sep 2005 553,984 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\flash\FlashAX.exe"
Mon 19 Sep 2005 2,242,759 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\fw\nisale.exe"
Mon 19 Sep 2005 24,064 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\fw\NISChk.dll"
Mon 19 Sep 2005 57,344 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\ocp\ocpchk.dll"
Mon 19 Sep 2005 748,728 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\ocp\ocpinst.exe"
Mon 19 Sep 2005 7,515,304 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\qt\qt.exe"
Mon 19 Sep 2005 86,016 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\qt\QTInsInf.dll"
Mon 19 Sep 2005 45,056 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\rp\RealChk.dll"
Mon 19 Sep 2005 5,111,296 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\rp\RealPl8.EXE"
Mon 19 Sep 2005 4,378,673 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\rp\real_upd.exe"
Mon 19 Sep 2005 360,448 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\rp\rp9codec.exe"
Mon 19 Sep 2005 40,960 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\sysinfo\SiNdInst.dll"
Mon 19 Sep 2005 473,736 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\sysinfo\SinfInst.exe"
Mon 19 Sep 2005 12,288 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\tb\tbinst.dll"
Mon 19 Sep 2005 516,032 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\tb\tbsetup.exe"
Mon 19 Sep 2005 597,080 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\toolbar\toolbr.exe"
Mon 19 Sep 2005 590,688 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\tpspd\TSsetup.exe"
Mon 19 Sep 2005 57,344 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\tpspd\tsverchk.dll"
Mon 19 Sep 2005 49,152 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\vwpt\AOLVPChk.dll"
Mon 19 Sep 2005 61,440 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\vwpt\VPPrePop.exe"
Mon 19 Sep 2005 3,858,056 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\vwpt\Vwpt.exe"

Finished!

Attached Files


Edited by Buckeye_Sam, 25 November 2008 - 01:36 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:51 AM

Posted 25 November 2008 - 01:48 PM

No worried with RSIT. I can see what we're dealing with now.
In order to facilitate me reviewing your logs, please copy and paste them directly into your posts instead of attaching them.

1. Please download The Avenger2 by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
TDSSserv

Files to delete:
C:\WINDOWS\system32\drivers\TDSSmhct.sys
C:\WINDOWS\system32\TDSSoity.dll
C:\WINDOWS\system32\tdssmain.dll 
C:\WINDOWS\system32\TDSSoity.dll 
C:\WINDOWS\Temp\TDSS27c6.tmp 
C:\WINDOWS\Temp\TDSS3de9.tmp 
C:\WINDOWS\Temp\TDSS430a.tmp 
C:\WINDOWS\Temp\TDSS458b.tmp 
C:\WINDOWS\Temp\TDSS4b09.tmp 
C:\WINDOWS\Temp\TDSS4ea3.tmp 
C:\WINDOWS\Temp\TDSS73c3.tmp 
C:\WINDOWS\Temp\TDSS7eef.tmp 
C:\WINDOWS\Temp\TDSS81ec.tmp 
C:\WINDOWS\Temp\TDSS825a.tmp 
C:\WINDOWS\Temp\TDSS914e.tmp 
C:\WINDOWS\Temp\TDSS9797.tmp 
C:\WINDOWS\Temp\TDSS9862.tmp 
C:\WINDOWS\Temp\TDSSa795.tmp 
C:\WINDOWS\Temp\TDSSb263.tmp 
C:\WINDOWS\Temp\TDSSb754.tmp 
C:\WINDOWS\Temp\TDSSc34b.tmp 
C:\WINDOWS\Temp\TDSSc3e7.tmp 
C:\WINDOWS\Temp\TDSSc965.tmp 
C:\WINDOWS\Temp\TDSScb69.tmp 
C:\WINDOWS\Temp\TDSScbc7.tmp 
C:\WINDOWS\Temp\TDSSd329.tmp 
C:\WINDOWS\Temp\TDSSda5d.tmp 
C:\WINDOWS\Temp\TDSSe162.tmp 
C:\WINDOWS\Temp\TDSSe7ea.tmp 
C:\WINDOWS\Temp\TDSSfd08.tmp 
C:\WINDOWS\Temp\TDSSb58f.tmp 
C:\Documents and Settings\Brad J. Matushewski\Local Settings\Temp\TDSSe27b.tmp 
C:\Documents and Settings\Brad J. Matushewski\Local Settings\Temp\TDSSe29a.tmp


Registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSjcxe.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSjcxe.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.


Please run SDFix once again and post the resulting log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Lifeguard1

Lifeguard1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 25 November 2008 - 02:38 PM

SDFix Log:

SDFix: Version 1.240
Run by Brad J. Matushewski on 25/11/2008 at 14:17

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\TDSSMTVE.dat - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 14:27:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\drivers\\svchost.exe"="C:\\WINDOWS\\system32\\drivers\\svchost.exe:*:Disabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 16 Jan 2008 124 ...H. --- "C:\WINDOWS\WINRDF40.SYS"
Mon 19 Sep 2005 788,568 A..H. --- "C:\ConnectKOL\fscommand\client.exe"
Fri 25 Apr 2003 12,424,594 A..H. --- "C:\ConnectKOL\fscommand\MSIE62K.EXE"
Fri 25 Apr 2003 23,250,289 A..H. --- "C:\ConnectKOL\fscommand\MSIE698.EXE"
Wed 5 Jul 2006 16 ...H. --- "C:\WINDOWS\system32\wkcrj9z.dll"
Mon 19 Sep 2005 77,824 A..H. --- "C:\ConnectKOL\fscommand\comps\acs\AcsInstN.dll"
Mon 19 Sep 2005 6,961,146 A..H. --- "C:\ConnectKOL\fscommand\comps\acs\acsnet.zip"
Mon 19 Sep 2005 3,058,888 A..H. --- "C:\ConnectKOL\fscommand\comps\acs\acssetup.exe"
Mon 19 Sep 2005 307,289 A..H. --- "C:\ConnectKOL\fscommand\comps\asp\aspcheck.dll"
Mon 19 Sep 2005 7,083,361 A..H. --- "C:\ConnectKOL\fscommand\comps\asp\aspsetup.exe"
Wed 21 Sep 2005 1,960,296 A..H. --- "C:\ConnectKOL\fscommand\comps\autoit\autoit-v3.zip"
Mon 19 Sep 2005 550,488 A..H. --- "C:\ConnectKOL\fscommand\comps\deskbar\deskbr.exe"
Mon 19 Sep 2005 553,984 A..H. --- "C:\ConnectKOL\fscommand\comps\flash\FlashAX.exe"
Mon 19 Sep 2005 2,242,759 A..H. --- "C:\ConnectKOL\fscommand\comps\fw\nisale.exe"
Mon 19 Sep 2005 24,064 A..H. --- "C:\ConnectKOL\fscommand\comps\fw\NISChk.dll"
Mon 19 Sep 2005 57,344 A..H. --- "C:\ConnectKOL\fscommand\comps\ocp\ocpchk.dll"
Mon 19 Sep 2005 748,728 A..H. --- "C:\ConnectKOL\fscommand\comps\ocp\ocpinst.exe"
Mon 19 Sep 2005 7,515,304 A..H. --- "C:\ConnectKOL\fscommand\comps\qt\qt.exe"
Mon 19 Sep 2005 86,016 A..H. --- "C:\ConnectKOL\fscommand\comps\qt\QTInsInf.dll"
Mon 19 Sep 2005 45,056 A..H. --- "C:\ConnectKOL\fscommand\comps\rp\RealChk.dll"
Mon 19 Sep 2005 5,111,296 A..H. --- "C:\ConnectKOL\fscommand\comps\rp\RealPl8.EXE"
Mon 19 Sep 2005 4,378,673 A..H. --- "C:\ConnectKOL\fscommand\comps\rp\real_upd.exe"
Mon 19 Sep 2005 360,448 A..H. --- "C:\ConnectKOL\fscommand\comps\rp\rp9codec.exe"
Mon 19 Sep 2005 40,960 A..H. --- "C:\ConnectKOL\fscommand\comps\sysinfo\SiNdInst.dll"
Mon 19 Sep 2005 473,736 A..H. --- "C:\ConnectKOL\fscommand\comps\sysinfo\SinfInst.exe"
Mon 19 Sep 2005 12,288 A..H. --- "C:\ConnectKOL\fscommand\comps\tb\tbinst.dll"
Mon 19 Sep 2005 516,032 A..H. --- "C:\ConnectKOL\fscommand\comps\tb\tbsetup.exe"
Mon 19 Sep 2005 597,080 A..H. --- "C:\ConnectKOL\fscommand\comps\toolbar\toolbr.exe"
Mon 19 Sep 2005 590,688 A..H. --- "C:\ConnectKOL\fscommand\comps\tpspd\TSsetup.exe"
Mon 19 Sep 2005 57,344 A..H. --- "C:\ConnectKOL\fscommand\comps\tpspd\tsverchk.dll"
Mon 19 Sep 2005 49,152 A..H. --- "C:\ConnectKOL\fscommand\comps\vwpt\AOLVPChk.dll"
Mon 19 Sep 2005 61,440 A..H. --- "C:\ConnectKOL\fscommand\comps\vwpt\VPPrePop.exe"
Mon 19 Sep 2005 3,858,056 A..H. --- "C:\ConnectKOL\fscommand\comps\vwpt\Vwpt.exe"
Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Brad J. Matushewski\Application Data\U3\temp\Launchpad Removal.exe"
Mon 19 Sep 2005 788,568 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\client.exe"
Fri 25 Apr 2003 12,424,594 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\MSIE62K.EXE"
Fri 25 Apr 2003 23,250,289 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\MSIE698.EXE"
Mon 19 Sep 2005 788,568 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\client.exe"
Fri 25 Apr 2003 12,424,594 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\MSIE62K.EXE"
Fri 25 Apr 2003 23,250,289 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\MSIE698.EXE"
Mon 19 Sep 2005 77,824 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\acs\AcsInstN.dll"
Mon 19 Sep 2005 6,961,146 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\acs\acsnet.zip"
Mon 19 Sep 2005 3,058,888 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\acs\acssetup.exe"
Mon 19 Sep 2005 307,289 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\asp\aspcheck.dll"
Mon 19 Sep 2005 7,083,361 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\asp\aspsetup.exe"
Wed 21 Sep 2005 1,960,296 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\autoit\autoit-v3.zip"
Mon 19 Sep 2005 550,488 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\deskbar\deskbr.exe"
Mon 19 Sep 2005 553,984 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\flash\FlashAX.exe"
Mon 19 Sep 2005 2,242,759 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\fw\nisale.exe"
Mon 19 Sep 2005 24,064 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\fw\NISChk.dll"
Mon 19 Sep 2005 57,344 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\ocp\ocpchk.dll"
Mon 19 Sep 2005 748,728 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\ocp\ocpinst.exe"
Mon 19 Sep 2005 7,515,304 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\qt\qt.exe"
Mon 19 Sep 2005 86,016 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\qt\QTInsInf.dll"
Mon 19 Sep 2005 45,056 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\rp\RealChk.dll"
Mon 19 Sep 2005 5,111,296 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\rp\RealPl8.EXE"
Mon 19 Sep 2005 4,378,673 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\rp\real_upd.exe"
Mon 19 Sep 2005 360,448 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\rp\rp9codec.exe"
Mon 19 Sep 2005 40,960 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\sysinfo\SiNdInst.dll"
Mon 19 Sep 2005 473,736 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\sysinfo\SinfInst.exe"
Mon 19 Sep 2005 12,288 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\tb\tbinst.dll"
Mon 19 Sep 2005 516,032 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\tb\tbsetup.exe"
Mon 19 Sep 2005 597,080 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\toolbar\toolbr.exe"
Mon 19 Sep 2005 590,688 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\tpspd\TSsetup.exe"
Mon 19 Sep 2005 57,344 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\tpspd\tsverchk.dll"
Mon 19 Sep 2005 49,152 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\vwpt\AOLVPChk.dll"
Mon 19 Sep 2005 61,440 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\vwpt\VPPrePop.exe"
Mon 19 Sep 2005 3,858,056 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_EN\fscommand\comps\vwpt\Vwpt.exe"
Mon 19 Sep 2005 77,824 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\acs\AcsInstN.dll"
Mon 19 Sep 2005 6,961,146 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\acs\acsnet.zip"
Mon 19 Sep 2005 3,058,888 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\acs\acssetup.exe"
Mon 19 Sep 2005 307,289 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\asp\aspcheck.dll"
Mon 19 Sep 2005 7,083,361 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\asp\aspsetup.exe"
Wed 21 Sep 2005 1,960,296 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\autoit\autoit-v3.zip"
Mon 19 Sep 2005 550,488 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\deskbar\deskbr.exe"
Mon 19 Sep 2005 553,984 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\flash\FlashAX.exe"
Mon 19 Sep 2005 2,242,759 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\fw\nisale.exe"
Mon 19 Sep 2005 24,064 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\fw\NISChk.dll"
Mon 19 Sep 2005 57,344 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\ocp\ocpchk.dll"
Mon 19 Sep 2005 748,728 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\ocp\ocpinst.exe"
Mon 19 Sep 2005 7,515,304 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\qt\qt.exe"
Mon 19 Sep 2005 86,016 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\qt\QTInsInf.dll"
Mon 19 Sep 2005 45,056 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\rp\RealChk.dll"
Mon 19 Sep 2005 5,111,296 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\rp\RealPl8.EXE"
Mon 19 Sep 2005 4,378,673 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\rp\real_upd.exe"
Mon 19 Sep 2005 360,448 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\rp\rp9codec.exe"
Mon 19 Sep 2005 40,960 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\sysinfo\SiNdInst.dll"
Mon 19 Sep 2005 473,736 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\sysinfo\SinfInst.exe"
Mon 19 Sep 2005 12,288 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\tb\tbinst.dll"
Mon 19 Sep 2005 516,032 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\tb\tbsetup.exe"
Mon 19 Sep 2005 597,080 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\toolbar\toolbr.exe"
Mon 19 Sep 2005 590,688 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\tpspd\TSsetup.exe"
Mon 19 Sep 2005 57,344 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\tpspd\tsverchk.dll"
Mon 19 Sep 2005 49,152 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\vwpt\AOLVPChk.dll"
Mon 19 Sep 2005 61,440 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\vwpt\VPPrePop.exe"
Mon 19 Sep 2005 3,858,056 A..H. --- "C:\TOSHIBA\AOLKOL\KOL\KOL_FR\fscommand\comps\vwpt\Vwpt.exe"

Finished!





Avenger Log:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Tue Nov 25 14:01:02 2008

14:00:58: Warning: Skipping potentially dangerous line:
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys" (Registry key deletion mode)
14:01:02: Error: Execution aborted by user!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSmhct.sys
Start Type: 1 (System)

Rootkit scan completed.


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\TDSSserv" not found!
Deletion of driver "TDSSserv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\drivers\TDSSmhct.sys" deleted successfully.
File "C:\WINDOWS\system32\TDSSoity.dll" deleted successfully.
File "C:\WINDOWS\system32\tdssmain.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\TDSSoity.dll" not found!
Deletion of file "C:\WINDOWS\system32\TDSSoity.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\Temp\TDSS27c6.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSS3de9.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSS430a.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSS458b.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSS4b09.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSS4ea3.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSS73c3.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSS7eef.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSS81ec.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSS825a.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSS914e.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSS9797.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSS9862.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSSa795.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSSb263.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSSb754.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSSc34b.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSSc3e7.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSSc965.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSScb69.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSScbc7.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSSd329.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSSda5d.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSSe162.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSSe7ea.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSSfd08.tmp" deleted successfully.
File "C:\WINDOWS\Temp\TDSSb58f.tmp" deleted successfully.
File "C:\Documents and Settings\Brad J. Matushewski\Local Settings\Temp\TDSSe27b.tmp" deleted successfully.
File "C:\Documents and Settings\Brad J. Matushewski\Local Settings\Temp\TDSSe29a.tmp" deleted successfully.

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSjcxe.sys" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSjcxe.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSjcxe.sys" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSjcxe.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:51 AM

Posted 25 November 2008 - 02:42 PM

Well done! :thumbsup:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Try running RSIT once again to see if you can get a log from it now.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Lifeguard1

Lifeguard1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 25 November 2008 - 03:28 PM

Yes - I have been using MalWareBytes right from the beginning after I was infected. It was a real effort just to get it to install but I managed to do so...after installing (initially) it was being blocked from running. I have run it a few times already in the process uncluding one last time just now. Here is the log:


Malwarebytes' Anti-Malware 1.30
Database version: 1423
Windows 5.1.2600 Service Pack 3

25/11/2008 15:23:28
mbam-log-2008-11-25 (15-23-28).txt

Scan type: Quick Scan
Objects scanned: 70370
Time elapsed: 7 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Soooo...I hope this means that I am completely free from this virus...it was a nasty one!

#8 Lifeguard1

Lifeguard1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 25 November 2008 - 03:39 PM

I was unable to run RSIT (same error), but I noticed that it did end up producing a HiJackThis Log (below). Additionally, I also noticed that I am unable to open the Windows Security Centre by double clicking it in the task bar???

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33:37, on 25/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\Copy of avp.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Brad J. Matushewski\Desktop\RSIT.exe
C:\Documents and Settings\Brad J. Matushewski\Desktop\Brad J. Matushewski.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [\\PNL-Brad\EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P35 "\\PNL-Brad\EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX500 on PNL-Brad] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P41 "Auto EPSON Stylus Photo RX500 on PNL-Brad" /O22 "\\PNL-BRAD\Epson_RX500" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\Copy of avp.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - Global Startup: AcomData PushButton Manager.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Palo Alto Software Update Manager 9.0.lnk = C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: tisspwiz.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n020p/EN/install/gtdownlr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187876080375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187876065046
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab?
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs: karna.dat
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Copy of avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\Copy of avp.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8fc1a7d79d2e9) (gupdate1c8fc1a7d79d2e9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 16069 bytes

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:51 AM

Posted 26 November 2008 - 02:10 PM

Let's try this instead.
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Lifeguard1

Lifeguard1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 28 November 2008 - 01:23 AM

Here are the logs....
Log 1 (OTViewIt):

OTViewIt logfile created on: 28/11/2008 01:15:35 - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Brad J. Matushewski\Desktop\Anti-Virus Tools
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.98 Mb Total Physical Memory | 231.60 Mb Available Physical Memory | 22.84% Memory free
2.38 Gb Paging File | 1.56 Gb Available in Paging File | 65.39% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 7.31 Gb Free Space | 18.71% Space Free | Partition Type: NTFS
Drive D: | 7.45 Gb Total Space | 1.07 Gb Free Space | 14.32% Space Free | Partition Type: FAT32
Drive E: | 2.63 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 952.19 Mb Total Space | 821.17 Mb Free Space | 86.24% Space Free | Partition Type: FAT
Drive G: | 3.78 Gb Total Space | 2.70 Gb Free Space | 71.52% Space Free | Partition Type: FAT32
Drive H: | 232.83 Gb Total Space | 16.98 Gb Free Space | 7.29% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive X: | 72.48 Gb Total Space | 1.52 Gb Free Space | 2.10% Space Free | Partition Type: NTFS

Computer Name: BRAD-LAPTOP
Current User Name: Brad J. Matushewski
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/08/02 00:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2006/08/02 00:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2007/10/19 12:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
[2008/07/29 20:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
[2005/01/17 18:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
[2004/08/27 11:33:00 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 16:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2008/10/07 16:17:01 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2007/10/19 12:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[2008/08/30 09:43:23 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[2008/02/26 21:08:50 | 29,183,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
[2006/08/02 00:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2003/11/12 12:46:34 | 00,049,152 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe
[2007/02/10 04:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
[2007/02/10 04:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
[2006/02/07 19:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
[2000/02/14 17:36:22 | 00,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE
[2007/02/05 14:34:38 | 00,300,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe
[2005/08/05 16:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2005/08/05 16:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2006/05/04 17:59:16 | 16,206,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2005/12/12 18:50:02 | 00,088,204 | ---- | M] (Agere Systems) -- C:\WINDOWS\agrsmmsg.exe
[2006/03/16 15:58:50 | 00,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
[2005/08/05 16:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2005/10/06 08:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
[2005/04/26 19:13:20 | 00,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
[2006/02/02 15:11:38 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
[2006/08/25 16:47:12 | 00,356,352 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
[2005/08/16 14:23:12 | 00,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
[2004/08/17 14:37:44 | 00,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
[2006/03/02 03:02:08 | 00,761,948 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2006/08/02 00:38:30 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2006/03/02 02:50:52 | 00,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
[2006/08/02 00:32:44 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2006/03/22 23:17:04 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
[2006/03/22 23:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2006/03/22 23:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2006/05/19 14:13:38 | 00,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
[2005/05/31 20:59:58 | 00,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
[2006/08/02 00:27:54 | 00,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
[2006/09/01 14:57:48 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
[2000/02/14 17:36:22 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WFXSNT40.EXE
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2004/04/13 17:36:44 | 01,470,464 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
[2006/01/17 12:03:06 | 00,053,248 | ---- | M] (Musicmatch Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[2008/01/11 19:54:31 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[2006/06/28 06:46:30 | 00,622,592 | ---- | M] () -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
[2006/06/27 09:30:30 | 00,339,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
[2007/10/25 15:33:22 | 00,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[2007/10/25 15:37:32 | 02,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
[2003/06/02 03:00:00 | 00,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2K1.EXE
[2006/05/08 17:52:04 | 00,204,800 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
[2003/06/02 03:00:00 | 00,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2K1.EXE
[2008/07/29 20:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
[2004/12/30 03:32:20 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2007/12/03 06:37:17 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/01/07 14:24:10 | 00,401,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[2008/11/25 14:56:55 | 00,342,336 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
[2008/01/03 17:28:08 | 01,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe
[2007/10/25 15:32:58 | 00,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
[2004/07/15 11:56:56 | 00,581,632 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KEM.exe
[2006/09/05 15:55:24 | 00,122,880 | ---- | M] (Palo Alto Software) -- C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe
[2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2004/08/27 11:37:00 | 00,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
[2004/06/08 12:31:38 | 00,029,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
[2007/02/05 14:40:46 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
[2008/05/21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
[2002/01/07 14:24:48 | 00,032,855 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\NoteSync Forms\InkForm.exe
[2007/02/05 14:32:28 | 00,182,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchprotocolhost.exe
[2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/02/05 14:31:10 | 00,076,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchfilterhost.exe
[2008/11/28 01:13:39 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad J. Matushewski\Desktop\Anti-Virus Tools\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/29 20:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP [Auto | Running])
[2005/01/17 18:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/07/29 20:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\Copy of avp.exe -- (Copy of avp [Auto | Stopped])
[2004/08/27 11:33:00 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 16:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2006/08/02 00:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2007/12/03 06:37:17 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
[2006/10/20 20:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/08/30 09:43:23 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c8fc1a7d79d2e9 [Auto | Stopped])
[2008/10/07 16:17:01 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/10/30 02:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2007/10/19 12:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
[2007/10/19 12:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
[2007/10/19 12:21:16 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
[2005/08/05 16:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2008/02/26 21:08:50 | 29,183,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])
[2005/10/14 05:50:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
[2006/12/02 05:17:54 | 02,805,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80 [Disabled | Stopped])
[2006/10/30 02:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/08/02 00:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2003/11/12 12:46:34 | 00,049,152 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher [Auto | Running])
[2006/08/02 00:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2007/02/10 04:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
[2007/02/10 04:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
[2006/02/07 19:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV [Auto | Running])
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2000/02/14 17:36:22 | 00,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc [Auto | Running])
[2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2007/02/05 14:34:38 | 00,300,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2008/11/21 19:52:39 | 00,054,624 | ---- | M] () -- C:\WINDOWS\system32\24eD3.sys -- (24eD3 [On_Demand | Stopped])
[2008/11/20 18:14:13 | 00,054,624 | ---- | M] () -- C:\WINDOWS\system32\3c0B9.sys -- (3c0B9 [On_Demand | Stopped])
[2008/11/22 21:50:14 | 00,054,624 | ---- | M] () -- C:\WINDOWS\system32\5d3B6.sys -- (5d3B6 [On_Demand | Stopped])
[2008/11/21 17:45:38 | 00,054,624 | ---- | M] () -- C:\WINDOWS\system32\654BC.sys -- (654BC [On_Demand | Stopped])
[2008/11/20 20:58:31 | 00,054,624 | ---- | M] () -- C:\WINDOWS\system32\739B5.sys -- (739B5 [On_Demand | Stopped])
[2008/11/21 22:42:45 | 00,054,624 | ---- | M] () -- C:\WINDOWS\system32\7a0BB.sys -- (7a0BB [On_Demand | Stopped])
[2008/11/21 13:27:09 | 00,054,624 | ---- | M] () -- C:\WINDOWS\system32\7d4C0.sys -- (7d4C0 [On_Demand | Stopped])
[2006/11/03 02:45:52 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2005/12/12 20:08:44 | 01,124,097 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2003/12/04 11:33:20 | 00,011,264 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k [On_Demand | Running])
[2004/10/15 11:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
[2006/01/18 21:44:46 | 00,053,248 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf [On_Demand | Stopped])
[2006/01/19 02:17:38 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2007/03/07 18:51:00 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2007/03/07 18:51:00 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2004/04/13 17:37:56 | 00,285,824 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
[2005/10/06 08:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2005/08/25 15:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2005/10/06 08:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
[2005/10/06 08:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2005/10/06 08:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2005/10/06 08:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2005/08/25 15:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
[2005/10/06 08:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2005/10/06 08:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2005/09/12 06:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2005/08/12 08:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2004/04/13 17:32:50 | 00,140,416 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp [System | Running])
[2004/04/13 17:37:30 | 00,023,680 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K [On_Demand | Running])
[2006/01/12 02:27:48 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2007/10/11 21:01:06 | 00,023,832 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])
[2007/03/08 17:18:00 | 00,008,320 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb [On_Demand | Stopped])
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/03/22 23:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2006/05/04 18:13:52 | 04,271,616 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])
[2003/09/11 02:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2008/07/21 18:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
[2008/01/29 18:29:38 | 00,032,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
[2008/11/22 17:16:37 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2008/04/30 18:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5 [On_Demand | Running])
[2004/06/08 12:36:28 | 00,013,105 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
[2004/06/08 12:34:48 | 00,024,637 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe [On_Demand | Stopped])
[2004/06/08 12:35:26 | 00,038,081 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK [On_Demand | Stopped])
[2004/06/08 12:35:08 | 00,071,533 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMOUKE.sys -- (LMouKE [On_Demand | Stopped])
[2004/06/08 12:36:20 | 00,014,975 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd [On_Demand | Stopped])
[2007/10/19 12:16:30 | 02,109,976 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap [On_Demand | Stopped])
[2007/10/11 17:59:02 | 02,142,488 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv [On_Demand | Stopped])
[2007/10/11 20:59:12 | 01,920,920 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt [On_Demand | Stopped])
[2007/10/11 17:59:24 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
[2007/10/11 21:00:42 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
[2007/10/11 21:00:54 | 03,647,384 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC [On_Demand | Stopped])
[2005/06/01 14:33:00 | 00,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf [System | Running])
[2004/04/13 17:29:22 | 00,023,680 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K [On_Demand | Stopped])
[2007/06/18 13:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem [On_Demand | Stopped])
[2003/01/29 16:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio [Auto | Running])
[2006/07/25 21:39:32 | 01,707,776 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32 [On_Demand | Stopped])
[2007/09/26 06:01:00 | 02,236,032 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32 [On_Demand | Running])
[2007/12/04 16:10:30 | 00,016,640 | R--- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Running])
[2005/01/31 05:19:20 | 00,007,104 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter [On_Demand | Stopped])
[2003/09/19 04:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
[2005/01/31 05:26:06 | 00,912,768 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0 [On_Demand | Stopped])
[2002/09/16 17:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
[2004/08/10 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/04/13 17:23:58 | 00,117,248 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k [System | Running])
[2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/08/02 01:27:48 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2008/04/13 13:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 13:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys -- (sffdisk [On_Demand | Stopped])
[2008/04/13 13:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2001/08/17 12:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam [On_Demand | Running])
[2006/03/02 02:46:54 | 00,191,968 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2002/01/24 14:43:40 | 00,006,528 | ---- | M] () -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv [On_Demand | Stopped])
[2005/11/29 21:12:00 | 00,162,560 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
[2005/09/09 17:47:10 | 00,009,344 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec [On_Demand | Stopped])
[2005/10/20 17:03:42 | 00,006,144 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD [On_Demand | Running])
[2006/05/30 19:42:52 | 00,045,696 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs [On_Demand | Running])
[2004/04/13 17:29:44 | 00,198,528 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr [System | Running])
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
[2001/05/05 15:34:24 | 00,031,273 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WCEUSBSH.SYS -- (wceusbsh [On_Demand | Stopped])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://www.google.com/ie
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.google.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://www.google.com

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Secondary Start Pages"=
"Start Page"=http://sympatico.msn.ca/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-2613221422-2995679846-3473112937-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Secondary Start Pages"=
"Start Page"=http://sympatico.msn.ca/

[HKEY_USERS\S-1-5-21-2613221422-2995679846-3473112937-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2613221422-2995679846-3473112937-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-2613221422-2995679846-3473112937-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\PNL-Brad\EPSON Stylus Photo RX500"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P35 "\\PNL-Brad\EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500" (SEIKO EPSON CORPORATION)
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AGRSMMSG"=AGRSMMSG.exe (Agere Systems)
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"Auto EPSON Stylus Photo RX500 on PNL-Brad"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P41 "Auto EPSON Stylus Photo RX500 on PNL-Brad" /O22 "\\PNL-BRAD\Epson_RX500" /M "Stylus Photo RX500" (SEIKO EPSON CORPORATION)
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" (Kaspersky Lab)
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN ()
"CFSServ.exe"=CFSServ.exe -NoClient File not found
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun (Brother Industries, Ltd.)
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
"HotSync"="C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers File not found
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech Inc.)
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" (Musicmatch Inc.)
"NDSTray.exe"=NDSTray.exe File not found
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg ()
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" (Roxio)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"TFncKy"=TFncKy.exe File not found
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
"TPSMain"=TPSMain.exe (TOSHIBA Corporation)
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
"WinFaxAppPortStarter"=wfxsnt40.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
"Evidence Eliminator"=C:\Program Files\Evidence Eliminator\ee.exe /m File not found
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (Microsoft Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart (OLYMPUS IMAGING CORP.)
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2613221422-2995679846-3473112937-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
"Evidence Eliminator"=C:\Program Files\Evidence Eliminator\ee.exe /m File not found
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (Microsoft Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart (OLYMPUS IMAGING CORP.)
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)

========== (O4) Startup Folders ==========

[2002/01/21 04:48:22 | 00,000,298 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\IEHOME.BAT
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AcomData PushButton Manager.lnk =
[2008/01/03 17:28:08 | 01,392,640 | R--- | M] (PalmSource, Inc) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
[2004/07/15 11:56:56 | 00,581,632 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
[2006/09/05 15:55:24 | 00,122,880 | ---- | M] (Palo Alto Software) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk = C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe
[2004/08/27 11:37:00 | 00,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tisspwiz.lnk = C:\Program Files\Trend Micro\Internet Security\tisspwiz.exe
[2007/02/05 14:40:46 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
[2002/01/21 04:48:22 | 00,000,298 | ---- | M] () -- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\IEHOME.BAT

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoLowDiskSpaceChecks"=1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2613221422-2995679846-3473112937-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoLowDiskSpaceChecks"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2613221422-2995679846-3473112937-1005\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: Button: Web traffic protection statistics -- %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll [2008/07/29 20:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 17:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 17:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Button: Create Mobile Favorite -- %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [2002/01/07 14:22:58 | 00,127,064 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Menu: Create Mobile Favorite... -- %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [2002/01/07 14:22:58 | 00,127,064 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2613221422-2995679846-3473112937-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Facebo...toUploader5.cab -- Facebook Photo Uploader 5
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{25365FF3-2746-4230-9DA7-163CCA318309}: http://inst.c-wss.com/n020p/EN/install/gtdownlr.cab -- Automatic Driver Installation Control
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}: http://upload.facebook.com/controls/Facebo...toUploader3.cab -- Facebook Photo Uploader 4 Control
{5F8469B4-B055-49DD-83F7-62B522420ECC}: http://upload.facebook.com/controls/Facebo...otoUploader.cab -- Facebook Photo Uploader Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/microsoftu...b?1187876080375 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1187876065046 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{BCBC9371-595D-11D4-A96D-00105A1CEF6C}: http://hgtv.view22.com/view22/app/view22rte.cab -- View22RTE Class
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_07
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_09
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{F137B9BA-89EA-4B04-9C67-2074A9DF61FD}: http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab? -- Photo Upload Plugin Class
{F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8}: https://secure.gopetslive.com/dev/GoPetsWeb.cab -- GoPetsWeb Control
Microsoft XML Parser for Java: file:///C:/WINDOWS/Java/classes/xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{3D1DF064-5FFA-43F8-9E19-3C74AF53806E} (Servers: | Description: Intel® PRO/100 VE Network Connection)
{4307474F-CF9B-4FEB-B9A3-8B61884FF03A} (Servers: | Description: )
{B76628CD-7D68-4D9D-A199-3926F1F03F8C} (Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection)
{DEF353E8-E5B0-4EF2-BD2C-F08A34E7EE5D} (Servers: | Description: 1394 Net Adapter)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=karna.dattewayMetr
>File not found --

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"UPnPMonitor"={e57ce738-33e8-4c51-8354-bb4de9d215d1} (HKLM) -- c:\WINDOWS\I386\upnpui.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}" (HKLM) -- C:\Program Files\Symantec\WinFax\WFXSEH32.DLL (Symantec Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/01/29 18:10:26 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{286b30a2-2487-11dd-a30d-001302d2e377}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{286b30a2-2487-11dd-a30d-001302d2e377}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{286b30a2-2487-11dd-a30d-001302d2e377}\Shell\AutoRun\command]
""=D:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{371f10ae-670e-11dd-a3a2-001302d2e377}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{371f10ae-670e-11dd-a3a2-001302d2e377}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{371f10ae-670e-11dd-a3a2-001302d2e377}\Shell\AutoRun\command]
""=D:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e5d1e58-b9be-11dd-a4f8-001302d2e377}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e5d1e58-b9be-11dd-a4f8-001302d2e377}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e5d1e58-b9be-11dd-a4f8-001302d2e377}\Shell\AutoRun\command]
""=D:\DPFMate.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e15f95d4-da4b-11dc-a2a1-0018de4ba501}\Shell\AutoRun\command]
""=D:\Setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008/11/28 00:43:38 | 01,997,896 | ---- | C] () -- C:\Documents and Settings\Brad J. Matushewski\Desktop\Landlord Stuff.zip
[2008/11/25 14:22:59 | 10,633,09312 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/25 14:04:28 | 03,433,504 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/11/25 14:04:28 | 00,483,360 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/11/25 14:04:28 | 00,028,952 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/11/25 14:04:28 | 00,002,732 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/11/25 14:03:54 | 00,000,000 | ---D | C] -- C:\Avenger
[2008/11/25 13:57:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad J. Matushewski\Desktop\avenger
[2008/11/25 12:19:50 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Brad J. Matushewski\Desktop\Brad J. Matushewski.exe
[2008/11/25 12:19:33 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Brad J. Matushewski\Desktop\HiJackThis.exe
[2008/11/25 12:18:58 | 00,000,000 | ---D | C] -- C:\rsit
[2008/11/25 12:17:17 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\Brad J. Matushewski\Desktop\RSIT.exe
[2008/11/25 11:34:50 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/11/24 11:47:15 | 00,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/24 10:56:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad J. Matushewski\Desktop\Anti-Virus Tools
[2008/11/23 20:28:05 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/23 20:18:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/11/22 21:55:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad J. Matushewski\Application Data\Malwarebytes
[2008/11/22 21:50:14 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\5d3B6.sys
[2008/11/22 21:50:10 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\e9bB5.mht
[2008/11/22 17:18:08 | 00,096,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/11/22 17:18:08 | 00,087,855 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/11/22 17:17:27 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2008/11/22 17:17:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2008/11/22 17:16:37 | 00,213,008 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/11/22 17:09:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/11/22 15:36:15 | 00,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2008/11/22 14:28:20 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\9a2B5.mht
[2008/11/22 13:55:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad J. Matushewski\Desktop\Attempt
[2008/11/21 22:42:45 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\7a0BB.sys
[2008/11/21 22:42:41 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\fddBA.mht
[2008/11/21 19:53:25 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/21 19:53:22 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/11/21 19:53:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/21 19:53:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/21 19:52:40 | 00,128,352 | ---- | C] () -- C:\WINDOWS\System32\24eD3.dll
[2008/11/21 19:52:39 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\24eD3.sys
[2008/11/21 19:52:37 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\ba3D2.mht
[2008/11/21 17:53:22 | 02,373,088 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam.exe
[2008/11/21 17:45:38 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\654BC.sys
[2008/11/21 17:45:35 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\f20BB.mht
[2008/11/21 13:27:09 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\7d4C0.sys
[2008/11/21 13:03:51 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\aabBB.mht
[2008/11/20 20:58:31 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\739B5.sys
[2008/11/20 20:58:26 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\449B4.mht
[2008/11/20 18:14:13 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\3c0B9.sys
[2008/11/20 18:14:10 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\75eB8.mht
[2008/11/20 15:44:49 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2008/11/20 14:48:27 | 00,019,751 | ---- | C] () -- C:\WINDOWS\uvaviv.inf
[2008/11/20 14:48:27 | 00,019,517 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\igewul.dl
[2008/11/20 14:48:27 | 00,018,699 | ---- | C] () -- C:\Documents and Settings\Brad J. Matushewski\Local Settings\Application Data\pysejycit.com
[2008/11/20 14:48:27 | 00,018,492 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oparyl.pif
[2008/11/20 14:48:27 | 00,018,478 | ---- | C] () -- C:\Documents and Settings\Brad J. Matushewski\Application Data\lyzonufitex.com
[2008/11/20 14:48:27 | 00,018,331 | ---- | C] () -- C:\WINDOWS\iqymolo.exe
[2008/11/20 14:48:27 | 00,017,174 | ---- | C] () -- C:\Documents and Settings\Brad J. Matushewski\Application Data\evov.lib
[2008/11/20 14:48:27 | 00,014,475 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\qehajawe.lib
[2008/11/20 14:48:27 | 00,014,413 | ---- | C] () -- C:\Program Files\Common Files\ewerewaq.bin
[2008/11/20 14:48:27 | 00,012,895 | ---- | C] () -- C:\Program Files\Common Files\nepotaxif.sys
[2008/11/20 14:48:27 | 00,012,479 | ---- | C] () -- C:\Documents and Settings\Brad J. Matushewski\Application Data\ymyf.bin
[2008/11/20 14:48:27 | 00,010,240 | ---- | C] () -- C:\WINDOWS\ilefohelo.dat
[2008/11/20 14:48:26 | 00,019,859 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\qyca.dll
[2008/11/20 14:48:26 | 00,019,661 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\resikogabu.ban
[2008/11/20 14:48:26 | 00,019,382 | ---- | C] () -- C:\WINDOWS\omurasilok.exe
[2008/11/20 14:48:26 | 00,018,654 | ---- | C] () -- C:\WINDOWS\ulapawufi.pif
[2008/11/20 14:48:26 | 00,017,676 | ---- | C] () -- C:\WINDOWS\lykirohufi.scr
[2008/11/20 14:48:26 | 00,017,047 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qitatotuma.pif
[2008/11/20 14:48:26 | 00,016,447 | ---- | C] () -- C:\Documents and Settings\Brad J. Matushewski\Local Settings\Application Data\awinuhu.dl
[2008/11/20 14:48:26 | 00,016,140 | ---- | C] () -- C:\WINDOWS\gagev.pif
[2008/11/20 14:48:26 | 00,016,106 | ---- | C] () -- C:\Program Files\Common Files\ajobugiw.inf
[2008/11/20 14:48:26 | 00,015,504 | ---- | C] () -- C:\WINDOWS\System32\xikosiceq.dat
[2008/11/20 14:48:26 | 00,015,189 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ronudakam._dl
[2008/11/20 14:48:26 | 00,014,896 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\otuc._sy
[2008/11/20 14:48:26 | 00,014,674 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\upamurija.ban
[2008/11/20 14:48:26 | 00,014,531 | ---- | C] () -- C:\Program Files\Common Files\bypic.lib
[2008/11/20 14:48:26 | 00,011,713 | ---- | C] () -- C:\WINDOWS\hopere.sys
[2008/11/20 14:48:26 | 00,011,143 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jypymile.dat
[2008/11/20 14:48:26 | 00,010,556 | ---- | C] () -- C:\WINDOWS\ebete.dat
[2008/11/19 12:36:02 | 00,000,605 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tisspwiz.lnk
[2008/11/19 12:24:35 | 00,018,806 | ---- | C] () -- C:\Documents and Settings\Brad J. Matushewski\Local Settings\Application Data\gahujif.pif
[2008/11/18 18:00:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad J. Matushewski\Desktop\Promo
[2008/11/17 22:04:17 | 00,017,119 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\godedyc.dat
[2008/11/17 22:04:17 | 00,016,241 | ---- | C] () -- C:\WINDOWS\System32\vixuwonydo.com
[2008/11/17 22:04:17 | 00,015,775 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mygexa.inf
[2008/11/17 22:04:17 | 00,015,132 | ---- | C] () -- C:\Documents and Settings\Brad J. Matushewski\Application Data\esuhih.scr
[2008/11/17 22:04:17 | 00,012,891 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\daracypufa.lib
[2008/11/17 22:04:17 | 00,012,610 | ---- | C] () -- C:\Documents and Settings\Brad J. Matushewski\Local Settings\Application Data\moku.dll
[2008/11/17 22:04:17 | 00,010,645 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ewoqiso.scr
[2008/11/17 22:04:16 | 00,019,877 | ---- | C] () -- C:\WINDOWS\betowucit.ban
[2008/11/17 22:04:16 | 00,019,709 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ovyr.reg
[2008/11/17 22:04:16 | 00,019,468 | ---- | C] () -- C:\Documents and Settings\Brad J. Matushewski\Application Data\yliroju.lib
[2008/11/17 22:04:16 | 00,018,603 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ivebo.bat
[2008/11/17 22:04:16 | 00,018,380 | ---- | C] () -- C:\Program Files\Common Files\womytat.lib
[2008/11/17 22:04:16 | 00,018,127 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\wynozyna._sy
[2008/11/17 22:04:16 | 00,017,989 | ---- | C] () -- C:\Documents and Settings\Brad J. Matushewski\Local Settings\Application Data\igyv.lib
[2008/11/17 22:04:16 | 00,017,545 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fiqezaq.db
[2008/11/17 22:04:16 | 00,017,430 | ---- | C] () -- C:\Documents and Settings\Brad J. Matushewski\Local Settings\Application Data\wocomo.exe
[2008/11/17 22:04:16 | 00,017,044 | ---- | C] () -- C:\WINDOWS\boxecubu.db
[2008/11/17 22:04:16 | 00,016,557 | ---- | C] () -- C:\Documents and Settings\Brad J. Matushewski\Application Data\havyzoca.bin
[2008/11/17 22:04:16 | 00,015,316 | ---- | C] () -- C:\Documents and Settings\Brad J. Matushewski\Application Data\bywyqypyv.com
[2008/11/17 22:04:16 | 00,015,010 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ipez._dl
[2008/11/17 22:04:16 | 00,014,347 | ---- | C] () -- C:\Program Files\Common Files\ixyfyhysi.vbs
[2008/11/17 22:04:16 | 00,013,846 | ---- | C] () -- C:\WINDOWS\ycel.bat
[2008/11/17 22:04:16 | 00,013,166 | ---- | C] () -- C:\WINDOWS\ucaryvog.reg
[2008/11/17 22:04:16 | 00,012,248 | ---- | C] () -- C:\WINDOWS\System32\redepa.ban
[2008/11/17 22:04:16 | 00,011,815 | ---- | C] () -- C:\Documents and Settings\Brad J. Matushewski\Local Settings\Application Data\dyvegabe._sy
[2008/11/17 22:04:16 | 00,011,308 | ---- | C] () -- C:\Program Files\Common Files\kixibohycy._dl
[2008/11/17 22:04:16 | 00,010,753 | ---- | C] () -- C:\Program Files\Common Files\amazypixyd.sys
[2008/11/17 22:04:16 | 00,010,640 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\lefexo.sys
[2008/11/17 22:04:16 | 00,010,238 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\amobypulyw.dl
[2008/11/16 19:23:33 | 00,030,954 | ---- | C] () -- C:\Documents and Settings\Brad J. Matushewski\Desktop\Take-Home Assignment.pdf
[2008/11/13 21:23:06 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/13 21:22:30 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/11/10 12:50:58 | 01,655,774 | ---- | C] () -- C:\Documents and Settings\Brad J. Matushewski\Desktop\PB100424.JPG
[2008/11/02 19:24:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2008/11/28 01:15:15 | 00,483,360 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/11/28 01:15:15 | 00,002,732 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/11/28 01:14:52 | 03,433,504 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/11/28 01:14:37 | 00,028,952 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/11/28 01:00:25 | 10,534,912 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Desktop\Animals and Tissues_v2002.mdb
[2008/11/28 00:43:26 | 01,997,896 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Desktop\Landlord Stuff.zip
[2008/11/28 00:12:04 | 00,000,218 | ---- | M] () -- C:\WINDOWS\System32\wvr6vaq.tgz
[2008/11/28 00:12:04 | 00,000,204 | ---- | M] () -- C:\WINDOWS\System32\wvr6vaq.dll
[2008/11/28 00:12:04 | 00,000,114 | ---- | M] () -- C:\WINDOWS\System32\prsgrc.tgz
[2008/11/28 00:12:04 | 00,000,100 | ---- | M] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/11/28 00:12:04 | 00,000,086 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2008/11/27 09:41:22 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/27 09:40:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/27 09:40:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/27 09:40:49 | 10,633,09312 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/26 20:35:42 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/11/26 20:35:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/11/26 13:08:15 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/11/26 13:08:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/11/25 15:41:35 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/11/25 15:41:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/11/25 15:11:15 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/11/25 15:11:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/11/25 14:17:53 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/11/25 14:07:35 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/11/25 14:07:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/11/25 14:01:17 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/11/25 14:01:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/11/25 13:07:50 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/11/25 13:07:50 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/11/25 11:46:40 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/11/25 11:37:38 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Desktop\RSIT.exe
[2008/11/24 11:47:15 | 00,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/24 11:12:26 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\My Documents\My Wallet.wlt
[2008/11/23 20:28:05 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/23 19:35:33 | 00,071,680 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/23 19:19:18 | 00,096,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/11/22 21:50:14 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\5d3B6.sys
[2008/11/22 21:50:10 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\e9bB5.mht
[2008/11/22 17:18:08 | 00,087,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/11/22 17:16:37 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/11/22 15:36:30 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\tmvsthfud.bin
[2008/11/22 15:36:29 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\tmvsthfss.bin
[2008/11/22 14:28:20 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\9a2B5.mht
[2008/11/22 13:54:14 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Brad J. Matushewski\Desktop\HiJackThis.exe
[2008/11/22 13:54:14 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Brad J. Matushewski\Desktop\Brad J. Matushewski.exe
[2008/11/21 22:42:45 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\7a0BB.sys
[2008/11/21 22:42:41 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\fddBA.mht
[2008/11/21 22:03:45 | 01,612,078 | -H-- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Local Settings\Application Data\IconCache.db
[2008/11/21 20:49:05 | 00,002,463 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AcomData PushButton Manager.lnk
[2008/11/21 19:52:40 | 00,128,352 | ---- | M] () -- C:\WINDOWS\System32\24eD3.dll
[2008/11/21 19:52:39 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\24eD3.sys
[2008/11/21 19:52:37 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\ba3D2.mht
[2008/11/21 17:45:38 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\654BC.sys
[2008/11/21 17:45:36 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\f20BB.mht
[2008/11/21 16:41:56 | 02,373,088 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam.exe
[2008/11/21 13:27:09 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\7d4C0.sys
[2008/11/21 13:03:51 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\aabBB.mht
[2008/11/20 20:58:31 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\739B5.sys
[2008/11/20 20:58:26 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\449B4.mht
[2008/11/20 18:14:13 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\3c0B9.sys
[2008/11/20 18:14:11 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\75eB8.mht
[2008/11/20 14:48:27 | 00,019,751 | ---- | M] () -- C:\WINDOWS\uvaviv.inf
[2008/11/20 14:48:27 | 00,019,517 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\igewul.dl
[2008/11/20 14:48:27 | 00,018,699 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Local Settings\Application Data\pysejycit.com
[2008/11/20 14:48:27 | 00,018,492 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\oparyl.pif
[2008/11/20 14:48:27 | 00,018,478 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Application Data\lyzonufitex.com
[2008/11/20 14:48:27 | 00,018,331 | ---- | M] () -- C:\WINDOWS\iqymolo.exe
[2008/11/20 14:48:27 | 00,017,174 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Application Data\evov.lib
[2008/11/20 14:48:27 | 00,014,475 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\qehajawe.lib
[2008/11/20 14:48:27 | 00,014,413 | ---- | M] () -- C:\Program Files\Common Files\ewerewaq.bin
[2008/11/20 14:48:27 | 00,012,895 | ---- | M] () -- C:\Program Files\Common Files\nepotaxif.sys
[2008/11/20 14:48:27 | 00,012,479 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Application Data\ymyf.bin
[2008/11/20 14:48:27 | 00,010,240 | ---- | M] () -- C:\WINDOWS\ilefohelo.dat
[2008/11/20 14:48:26 | 00,019,859 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\qyca.dll
[2008/11/20 14:48:26 | 00,019,661 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\resikogabu.ban
[2008/11/20 14:48:26 | 00,019,382 | ---- | M] () -- C:\WINDOWS\omurasilok.exe
[2008/11/20 14:48:26 | 00,018,654 | ---- | M] () -- C:\WINDOWS\ulapawufi.pif
[2008/11/20 14:48:26 | 00,017,676 | ---- | M] () -- C:\WINDOWS\lykirohufi.scr
[2008/11/20 14:48:26 | 00,017,047 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\qitatotuma.pif
[2008/11/20 14:48:26 | 00,016,447 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Local Settings\Application Data\awinuhu.dl
[2008/11/20 14:48:26 | 00,016,140 | ---- | M] () -- C:\WINDOWS\gagev.pif
[2008/11/20 14:48:26 | 00,016,106 | ---- | M] () -- C:\Program Files\Common Files\ajobugiw.inf
[2008/11/20 14:48:26 | 00,015,504 | ---- | M] () -- C:\WINDOWS\System32\xikosiceq.dat
[2008/11/20 14:48:26 | 00,015,189 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ronudakam._dl
[2008/11/20 14:48:26 | 00,014,896 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\otuc._sy
[2008/11/20 14:48:26 | 00,014,674 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\upamurija.ban
[2008/11/20 14:48:26 | 00,014,531 | ---- | M] () -- C:\Program Files\Common Files\bypic.lib
[2008/11/20 14:48:26 | 00,011,713 | ---- | M] () -- C:\WINDOWS\hopere.sys
[2008/11/20 14:48:26 | 00,011,143 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\jypymile.dat
[2008/11/20 14:48:26 | 00,010,556 | ---- | M] () -- C:\WINDOWS\ebete.dat
[2008/11/19 12:36:02 | 00,000,605 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tisspwiz.lnk
[2008/11/19 12:24:35 | 00,018,806 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Local Settings\Application Data\gahujif.pif
[2008/11/17 22:04:17 | 00,017,119 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\godedyc.dat
[2008/11/17 22:04:17 | 00,016,241 | ---- | M] () -- C:\WINDOWS\System32\vixuwonydo.com
[2008/11/17 22:04:17 | 00,015,775 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mygexa.inf
[2008/11/17 22:04:17 | 00,015,132 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Application Data\esuhih.scr
[2008/11/17 22:04:17 | 00,012,891 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\daracypufa.lib
[2008/11/17 22:04:17 | 00,012,610 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Local Settings\Application Data\moku.dll
[2008/11/17 22:04:17 | 00,010,645 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ewoqiso.scr
[2008/11/17 22:04:16 | 00,019,877 | ---- | M] () -- C:\WINDOWS\betowucit.ban
[2008/11/17 22:04:16 | 00,019,709 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ovyr.reg
[2008/11/17 22:04:16 | 00,019,468 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Application Data\yliroju.lib
[2008/11/17 22:04:16 | 00,018,603 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ivebo.bat
[2008/11/17 22:04:16 | 00,018,380 | ---- | M] () -- C:\Program Files\Common Files\womytat.lib
[2008/11/17 22:04:16 | 00,018,127 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\wynozyna._sy
[2008/11/17 22:04:16 | 00,017,989 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Local Settings\Application Data\igyv.lib
[2008/11/17 22:04:16 | 00,017,545 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\fiqezaq.db
[2008/11/17 22:04:16 | 00,017,430 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Local Settings\Application Data\wocomo.exe
[2008/11/17 22:04:16 | 00,017,044 | ---- | M] () -- C:\WINDOWS\boxecubu.db
[2008/11/17 22:04:16 | 00,016,557 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Application Data\havyzoca.bin
[2008/11/17 22:04:16 | 00,015,316 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Application Data\bywyqypyv.com
[2008/11/17 22:04:16 | 00,015,010 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ipez._dl
[2008/11/17 22:04:16 | 00,014,347 | ---- | M] () -- C:\Program Files\Common Files\ixyfyhysi.vbs
[2008/11/17 22:04:16 | 00,013,846 | ---- | M] () -- C:\WINDOWS\ycel.bat
[2008/11/17 22:04:16 | 00,013,166 | ---- | M] () -- C:\WINDOWS\ucaryvog.reg
[2008/11/17 22:04:16 | 00,012,248 | ---- | M] () -- C:\WINDOWS\System32\redepa.ban
[2008/11/17 22:04:16 | 00,011,815 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Local Settings\Application Data\dyvegabe._sy
[2008/11/17 22:04:16 | 00,011,308 | ---- | M] () -- C:\Program Files\Common Files\kixibohycy._dl
[2008/11/17 22:04:16 | 00,010,753 | ---- | M] () -- C:\Program Files\Common Files\amazypixyd.sys
[2008/11/17 22:04:16 | 00,010,640 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\lefexo.sys
[2008/11/17 22:04:16 | 00,010,238 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\amobypulyw.dl
[2008/11/16 19:23:33 | 00,030,954 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Desktop\Take-Home Assignment.pdf
[2008/11/11 11:35:39 | 00,000,596 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\My Documents\My Sharing Folders.lnk
[2008/11/10 13:54:50 | 01,655,774 | ---- | M] () -- C:\Documents and Settings\Brad J. Matushewski\Desktop\PB100424.JPG
[2008/11/10 13:14:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/11/10 13:14:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/11/09 22:32:53 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/11/09 22:32:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/11/08 10:57:03 | 00,000,435 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2008/11/07 16:07:22 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/11/07 16:07:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/11/07 12:16:20 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/11/07 12:16:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/11/06 15:51:26 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/11/06 15:51:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/11/06 08:08:23 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/11/06 08:08:23 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/11/05 20:57:10 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/11/05 20:57:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2008/11/05 15:26:25 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/11/05 15:26:25 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/11/03 21:05:22 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/11/03 21:05:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/11/03 19:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/11/03 15:41:50 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/11/03 15:41:50 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/11/03 13:10:28 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/11/03 13:10:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/11/03 08:15:09 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/11/03 08:15:09 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/11/03 06:43:24 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/11/03 06:43:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/11/02 08:27:40 | 00,621,564 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
< End of report >



Log 2 (Extras)

OTViewIt Extras logfile created on: 28/11/2008 01:15:35 - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Brad J. Matushewski\Desktop\Anti-Virus Tools
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.98 Mb Total Physical Memory | 231.60 Mb Available Physical Memory | 22.84% Memory free
2.38 Gb Paging File | 1.56 Gb Available in Paging File | 65.39% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 7.31 Gb Free Space | 18.71% Space Free | Partition Type: NTFS
Drive D: | 7.45 Gb Total Space | 1.07 Gb Free Space | 14.32% Space Free | Partition Type: FAT32
Drive E: | 2.63 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 952.19 Mb Total Space | 821.17 Mb Free Space | 86.24% Space Free | Partition Type: FAT
Drive G: | 3.78 Gb Total Space | 2.70 Gb Free Space | 71.52% Space Free | Partition Type: FAT32
Drive H: | 232.83 Gb Total Space | 16.98 Gb Free Space | 7.29% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive X: | 72.48 Gb Total Space | 1.52 Gb Free Space | 2.10% Space Free | Partition Type: NTFS

Computer Name: BRAD-LAPTOP
Current User Name: Brad J. Matushewski
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=1
""=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/05/21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2002/01/07 14:24:10 | 00,401,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:Connection Manager
[2002/01/07 14:23:22 | 00,872,535 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application
[2004/04/30 01:07:00 | 00,122,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/11/25 14:56:55 | 00,342,336 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
[2008/09/26 18:44:20 | 00,634,672 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
File not found -- C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2002/01/07 14:25:22 | 00,077,908 | ---- | M] (Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\aatp.dll (mctp:{d7b95390-b1c5-11d0-b111-0080c712fe82} (HKLM) [mctp: Asynchronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 12:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/23 11:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 20:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{008D69EB-70FF-46AB-9C75-924620DF191A}"=TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}"=mLogView
"{10B3936F-0E93-4431-8E7B-3FEA5DAC88C3}"=Garmin Communicator Plugin
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}"=TOSHIBA Assist
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{20585CDC-114E-4372-986A-0686B1A37A30}"=Business Plan Pro 2007
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}"=Microsoft SQL Server 2005 Tools Express Edition
"{291A772C-FFB9-4681-B720-AB2A0A620896}"=Adobe Reader for Pocket PC 2.0
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}"=Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2B069FDB-5308-4F72-B9B4-2939B00BF553}"=Brother HL-5250DN
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}"=TOSHIBA PC Diagnostic Tool
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}"=Logitech SetPoint
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}"=InterVideo WinDVD Creator 2
"{31492759-0E89-46B5-9770-F6E5808E3017}"=xImage
"{31A38B62-9168-4052-920A-F1405F43FEA8}"=Mathcad 2001 Professional
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150070}"=J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{324C61EA-256E-4DFD-BF2C-6D6E5A1271A0}"=Microsoft Visual Studio 2005 Tools for the Microsoft Office System - ENU
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}"=MVision
"{362BFFCD-8274-11D8-97C8-000129760CBE}"=MediaLife
"{36592557-65CE-4A4D-9970-764F17E0AFD3}"=MSI v2 to redistribute Rigs of Rods
"{366FFC89-C800-4366-B903-B9C4314109A5}"=Garmin WebUpdater
"{388E4B09-3E71-4649-8921-F44A3A2954A7}"=Microsoft Visual Studio 2005 Tools for Office Runtime
"{38B9A4E1-4482-44D9-AC14-64F70938CCB5}"=Garmin MapSource
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}"=Virtual Earth 3D (Beta)
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}"=mIWA
"{3EB255B0-0707-4A8E-8044-B4B51A36CEDA}"=AcomData PushButton Manager v1.10
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}"=TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{43224D30-5941-47A4-9AD7-9250EE794396}"=SigmaPlot 10.0
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}"=TIPCI
"{44D4AF75-6870-41F5-9181-662EA05507E1}"=Microsoft Document Explorer 2005
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}"=TOSHIBA SD Memory Card Format
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{5301C483-40FB-4F94-B56E-D7D5A114D2F6}"=Garmin City Navigator North America NT v8
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}"=Microsoft SQL Server Setup Support Files (English)
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}"=MapSource
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}"=TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}"=TOSHIBA Hotkey Utility
"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}"=Kaspersky Anti-Virus 2009
"{69BE47C2-36FE-4397-8199-85D8EAE69982}"=TOSHIBA TouchPad ON/Off Utility
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}"=PartitionMagic
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{73B69C5C-87D6-471E-B695-0BD736C4B644}"=Retrospect 6.5
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}"=Avanquest update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}"=TOSHIBA Utilities
"{78D78311-B12C-11DD-BC49-005056806466}"=Google Earth Plugin
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}"=TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}"=mHelp
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}"=Musicmatch® Jukebox
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}"=Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}"=mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}"=mDrWiFi
"{9176251A-4CC1-4DDB-B343-B487195EB397}"=Windows Live Writer
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD for TOSHIBA
"{922D9CCA-4317-425F-9AA5-94829DF8BA6D}"=Motorola Software Update
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}"=Logitech QuickCam
"{94658027-9F16-4509-BBD7-A59FE57C3023}"=mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow!
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}"=Google SketchUp 6
"{9941F0AA-B903-4AF4-A055-83A9815CC011}"=Sonic Encoders
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}"=Brother MFL-Pro Suite
"{9CC89556-3578-48DD-8408-04E66EBEF401}"=mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}"=DVD-RAM Driver
"{9E491AB7-4589-48CA-9CBB-874CB2788391}"=Studio 9
"{9F308117-9B2F-45EB-9FAF-B59CD8339673}"=MapSource - Topo Canada v2
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}"=CD/DVD Drive Acoustic Silencer
"{A0F584A7-B0C2-4D90-9580-15456B9CF63C}"=MapSource - Trip & Waypoint Manager v2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}"=TOSHIBA Controls
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}"=AvantGo Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"=Google Update
"{AC76BA86-1033-0000-BA7E-000000000003}"=Adobe Acrobat 8 Standard
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}"=Google SketchUp 6
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}"=Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}"=TOSHIBA ConfigFree
"{BEF726DD-4037-4214-8C6A-E625C02D2870}"=Logitech Audio Echo Cancellation Component
"{C24C3F25-CC7F-41D5-B03D-24F8059BABAD}"=Garmin USB Drivers
"{C45F4811-31D5-4786-801D-F79CD06EDD85}"=SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB4544EA-C189-41FE-9E3A-76591DDB852B}"=Roxio Easy Media Creator 7
"{CB49B376-1136-44B4-83FA-036334B59937}"=OLYMPUS Master 2
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}"=Bluetooth Stack for Windows by Toshiba
"{D2BD3C8F-9D7F-472B-BDF9-7309A5CB813A}"=Motorola Driver Installation 3.5.0
"{E81667C6-2856-46D6-ABEA-6A2F42166779}"=mCore
"{E8F728D0-C3F0-42EB-BBC2-C4A38A577CB1}"=Motorola Phone Tools
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}"=Microsoft SQL Server VSS Writer
"{EA516024-D84D-41F1-814F-83175A6188F2}"=Logitech Video Enumerator
"{EBCBA952-DA46-4687-9784-D8B4E25A6B14}"=Passwords Plus
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}"=TOSHIBA Speech System Applications
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}"=QuickTime
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}"=Microsoft SQL Server Native Client
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}"=Palm Desktop by ACCESS
"0BF49E9448DA0DFB69DB9D673379652AB9087171"=Windows Driver Package - Intel net (09/26/2007 11.5.0.32)
"5D81FBED6E61194F43FF1556F43BD8309BA44634"=Windows Driver Package - Intel (NETw4x32) net (09/26/2007 11.5.0.32)
"AceReader"=AceReader
"Adobe Acrobat 8 Standard"=Adobe Acrobat 8.1.2 Standard
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"B3EE3001-DC24-4cd1-8743-5692C716659F"=Otto
"CANONBJ_Deinstall_CNMCP4B.DLL"=Canon i850
"Chart5 for Windows"=Chart5 for Windows
"CodeBaby Player (Remove Only)1.0.2.19"=CodeBaby Player (Remove Only) 1.0.2.19
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"EFD65E7CD7A28D00217941F33C5CA55964F96136"=Windows Driver Package - Intel (w29n51) net (07/25/2007 9.0.4.37)
"Google Updater"=Google Updater
"GpxView"=GpxView
"GSAK (Geocaching Swiss Army Knife)_is1"=GSAK 7.2.3.26 (patch)
"GSAK_is1"=GSAK 7.2.3.35 (Final)
"HijackThis"=HijackThis 2.0.2
"Hollywood FX 5"=Pinnacle Hollywood FX 5
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"IFA Essentials"=IFA Essentials
"Ilium Software eWallet_is1"=eWallet 6.1 Professional Edition (Palm OS handheld)
"InstallShield_{291A772C-FFB9-4681-B720-AB2A0A620896}"=Adobe Reader for Pocket PC 2.0
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}"=TOSHIBA PC Diagnostic Tool
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}"=Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}"=PowerQuest PartitionMagic 8.0
"InstallShield_{9F308117-9B2F-45EB-9FAF-B59CD8339673}"=MapSource - Topo Canada v2
"InstallShield_{A0F584A7-B0C2-4D90-9580-15456B9CF63C}"=MapSource - Trip & Waypoint Manager v2
"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}"=Kaspersky Anti-Virus 2009
"ISI ResearchSoft - Export Helper"=ISI ResearchSoft - Export Helper
"legacyqcam_10.51"=Logitech Legacy USB Camera Driver Package
"LiveAdvisor"=LiveAdvisor (Symantec Corporation)
"LiveUpdate"=LiveUpdate
"Logitech Print Service"=Logitech Print Service
"lvdrivers_11.50"=Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"MapSource"=MapSource
"Mathcad 2001 Online Documentation"=Mathcad 2001 Online Documentation
"MatlabR2007b"=MATLAB R2007b
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Microsoft Document Explorer 2005"=Microsoft Document Explorer 2005
"Microsoft SQL Server 2005"=Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime"=Microsoft Visual Studio 2005 Tools for Office Runtime
"Microsoft Visual Studio 2005 Tools for the Microsoft Office System - ENU"=Microsoft Visual Studio 2005 Tools for the Microsoft Office System - ENU
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Pocket PC Connection Wizard"=Pocket PC Connection Wizard
"Power Saver"=TOSHIBA Power Saver
"ProInst"=Intel® PROSet/Wireless Software
"PROPLUS"=Microsoft Office Professional Plus 2007
"PROSet"=Intel® PRO Network Connections Drivers
"RealArcade 1.2"=RealArcade
"Reference Manager 10"=Reference Manager 10
"Rigs of Rods"=Rigs of Rods 0.33d
"SMC Barricade Print Server Monitor"=SMC Barricade Print Server Monitor
"SPSS for Windows 11.0"=SPSS 11.0.1 for Windows
"ST6UNST #1"=Marks Management
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"TOSHIBA Software Modem"=TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver"=Toshiba Tbiosdrv Driver
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC"=Windows Imaging Component
"Winamp"=Winamp
"Windows CE Services"=Microsoft ActiveSync 3.5
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinFax"=Symantec WinFax PRO 10.0
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Xvid_is1"=Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Reader for Palm OS"=Adobe Reader for Palm OS, 3.05
"BitTorrent"=BitTorrent
"BitTorrent DNA"=DNA

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2613221422-2995679846-3473112937-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Reader for Palm OS"=Adobe Reader for Palm OS, 3.05
"BitTorrent"=BitTorrent
"BitTorrent DNA"=DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/11/2008 14:06:12 | Computer Name = BRAD-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 12.0.6316.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/11/2008 20:59:47 | Computer Name = BRAD-LAPTOP | Source = MSSQL$SQLEXPRESS | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to
object/counter names. SQL Server performance counters are disabled.

Error - 26/11/2008 20:59:47 | Computer Name = BRAD-LAPTOP | Source = MSSQL$SQLEXPRESS | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
sqlctr.ini for this instance, and ensure that the instance login account has correct
registry permissions.

Error - 26/11/2008 21:29:11 | Computer Name = BRAD-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 12.0.6316.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 27/11/2008 10:41:02 | Computer Name = BRAD-LAPTOP | Source = MSSQL$SQLEXPRESS | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to
object/counter names. SQL Server performance counters are disabled.

Error - 27/11/2008 10:41:02 | Computer Name = BRAD-LAPTOP | Source = MSSQL$SQLEXPRESS | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
sqlctr.ini for this instance, and ensure that the instance login account has correct
registry permissions.

Error - 27/11/2008 20:49:38 | Computer Name = BRAD-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 12.0.6316.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 27/11/2008 20:52:07 | Computer Name = BRAD-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 12.0.6316.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 27/11/2008 21:03:37 | Computer Name = BRAD-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 12.0.6316.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 27/11/2008 21:15:34 | Computer Name = BRAD-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 12.0.6316.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 10/04/2007 22:03:08 | Computer Name = SPIDEY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2360
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 17/09/2007 10:40:13 | Computer Name = BRAD-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 7396
seconds with 300 seconds of active time. This session ended with a crash.

Error - 17/09/2007 21:56:55 | Computer Name = BRAD-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2419
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 21/11/2007 07:35:18 | Computer Name = BRAD-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/12/2007 22:34:36 | Computer Name = BRAD-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02/01/2008 10:23:40 | Computer Name = BRAD-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 114
seconds with 60 seconds of active time. This session ended with a crash.

Error - 18/01/2008 15:02:39 | Computer Name = BRAD-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2428
seconds with 900 seconds of active time. This session ended with a crash.

Error - 28/05/2008 15:23:37 | Computer Name = BRAD-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1647
seconds with 480 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 19/11/2008 19:11:17 | Computer Name = BRAD-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2147500053

Error - 19/11/2008 21:11:24 | Computer Name = BRAD-LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate1c8fc1a7d79d2e9) service to connect.

Error - 19/11/2008 21:11:24 | Computer Name = BRAD-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate1c8fc1a7d79d2e9) service failed
to start due to the following error: %%1053

Error - 19/11/2008 21:13:24 | Computer Name = BRAD-LAPTOP | Source = Service Control Manager | ID = 7022
Description = The Trend Micro Personal Firewall service hung on starting.

Error - 19/11/2008 21:13:34 | Computer Name = BRAD-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2147500053

Error - 19/11/2008 21:15:30 | Computer Name = BRAD-LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate1c8fc1a7d79d2e9) service to connect.

Error - 19/11/2008 21:15:30 | Computer Name = BRAD-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate1c8fc1a7d79d2e9) service failed
to start due to the following error: %%1053

Error - 24/11/2008 17:57:41 | Computer Name = BRAD-LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate1c8fc1a7d79d2e9) service to connect.

Error - 24/11/2008 17:57:41 | Computer Name = BRAD-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate1c8fc1a7d79d2e9) service failed
to start due to the following error: %%1053

Error - 24/11/2008 17:57:48 | Computer Name = BRAD-LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep


< End of report >

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:51 AM

Posted 29 November 2008 - 10:23 AM

Other than the issue with your security center, how is your computer behaving now?



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Lifeguard1

Lifeguard1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 30 November 2008 - 09:53 AM

Computer is running great otherwise...it is stable once again and seems to be running smooth.

Thanks!

Here is the log:
ComboFix 08-11-29.03 - Brad J. Matushewski 2008-11-30 9:35:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.417 [GMT -5:00]
Running from: c:\documents and settings\Brad J. Matushewski\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Brad J. Matushewski\Local Settings\Temporary Internet Files\sywovi.com
c:\documents and settings\Brad J. Matushewski\Local Settings\Temporary Internet Files\xykofe.db
c:\program files\INSTALL.LOG
c:\windows\system32\prsgrc.dll
c:\windows\system32\wvr6vaq.dll
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))))))
.

2008-11-25 14:04 . 2008-11-30 09:41 3,476,512 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-25 14:04 . 2008-11-30 09:41 540,704 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-25 14:04 . 2008-11-30 09:41 29,288 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-25 14:04 . 2008-11-30 09:41 2,928 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-25 12:18 . 2008-11-25 12:18 <DIR> d-------- C:\rsit
2008-11-25 11:34 . 2008-11-25 14:32 <DIR> d-------- C:\SDFix
2008-11-23 20:28 . 2008-11-23 20:28 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-23 20:18 . 2008-11-23 20:18 <DIR> d-------- c:\windows\ERUNT
2008-11-22 21:55 . 2008-11-22 21:55 <DIR> d-------- c:\documents and settings\Brad J. Matushewski\Application Data\Malwarebytes
2008-11-22 21:50 . 2008-11-22 21:50 2,335,270 --a------ c:\windows\system32\e9bB5.mht
2008-11-22 21:50 . 2008-11-22 21:50 54,624 --a------ c:\windows\system32\5d3B6.sys
2008-11-22 17:18 . 2008-11-23 19:19 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-11-22 17:18 . 2008-11-22 17:18 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-11-22 17:17 . 2008-11-22 17:17 <DIR> d-------- c:\program files\Kaspersky Lab
2008-11-22 17:17 . 2008-11-30 09:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-22 17:09 . 2008-11-22 17:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-22 15:36 . 2008-11-22 20:48 <DIR> d-------- C:\Malwarebytes' Anti-Malware
2008-11-22 14:28 . 2008-11-22 14:28 2,335,270 --a------ c:\windows\system32\9a2B5.mht
2008-11-21 22:42 . 2008-11-21 22:42 2,335,270 --a------ c:\windows\system32\fddBA.mht
2008-11-21 22:42 . 2008-11-21 22:42 54,624 --a------ c:\windows\system32\7a0BB.sys
2008-11-21 19:53 . 2008-11-21 21:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-21 19:53 . 2008-11-21 19:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-21 19:53 . 2008-10-22 16:27 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-21 19:53 . 2008-10-22 16:27 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-21 19:52 . 2008-11-21 19:52 2,335,270 --a------ c:\windows\system32\ba3D2.mht
2008-11-21 19:52 . 2008-04-13 19:11 706,048 --a------ c:\windows\system32\aa0D4.tmp
2008-11-21 19:52 . 2008-11-21 19:52 128,352 --a------ c:\windows\system32\24eD3.dll
2008-11-21 19:52 . 2008-11-21 19:52 54,624 --a------ c:\windows\system32\24eD3.sys
2008-11-21 17:53 . 2008-11-21 16:41 2,373,088 --a------ C:\mbam.exe
2008-11-21 17:45 . 2008-11-21 17:45 2,335,270 --a------ c:\windows\system32\f20BB.mht
2008-11-21 17:45 . 2008-11-21 17:45 54,624 --a------ c:\windows\system32\654BC.sys
2008-11-21 13:27 . 2008-04-13 19:11 706,048 --a------ c:\windows\system32\431C1.tmp
2008-11-21 13:27 . 2008-11-21 13:27 54,624 --a------ c:\windows\system32\7d4C0.sys
2008-11-21 13:03 . 2008-11-21 13:03 2,335,270 --a------ c:\windows\system32\aabBB.mht
2008-11-20 20:58 . 2008-11-20 20:58 2,335,270 --a------ c:\windows\system32\449B4.mht
2008-11-20 20:58 . 2008-11-20 20:58 54,624 --a------ c:\windows\system32\739B5.sys
2008-11-20 18:14 . 2008-11-20 18:14 2,335,270 --a------ c:\windows\system32\75eB8.mht
2008-11-20 18:14 . 2008-11-20 18:14 54,624 --a------ c:\windows\system32\3c0B9.sys
2008-11-20 14:48 . 2008-11-20 14:48 19,751 --a------ c:\windows\uvaviv.inf
2008-11-20 14:48 . 2008-11-20 14:48 19,382 --a------ c:\windows\omurasilok.exe
2008-11-20 14:48 . 2008-11-20 14:48 18,654 --a------ c:\windows\ulapawufi.pif
2008-11-20 14:48 . 2008-11-20 14:48 18,492 --a------ c:\documents and settings\All Users\Application Data\oparyl.pif
2008-11-20 14:48 . 2008-11-20 14:48 18,478 --a------ c:\documents and settings\Brad J. Matushewski\Application Data\lyzonufitex.com
2008-11-20 14:48 . 2008-11-20 14:48 18,331 --a------ c:\windows\iqymolo.exe
2008-11-20 14:48 . 2008-11-20 14:48 17,676 --a------ c:\windows\lykirohufi.scr
2008-11-20 14:48 . 2008-11-20 14:48 17,047 --a------ c:\documents and settings\All Users\Application Data\qitatotuma.pif
2008-11-20 14:48 . 2008-11-20 14:48 16,140 --a------ c:\windows\gagev.pif
2008-11-20 14:48 . 2008-11-20 14:48 15,504 --a------ c:\windows\system32\xikosiceq.dat
2008-11-20 14:48 . 2008-11-20 14:48 14,413 --a------ c:\program files\Common Files\ewerewaq.bin
2008-11-20 14:48 . 2008-11-20 14:48 12,895 --a------ c:\program files\Common Files\nepotaxif.sys
2008-11-20 14:48 . 2008-11-20 14:48 12,479 --a------ c:\documents and settings\Brad J. Matushewski\Application Data\ymyf.bin
2008-11-20 14:48 . 2008-11-20 14:48 11,713 --a------ c:\windows\hopere.sys
2008-11-20 14:48 . 2008-11-20 14:48 11,143 --a------ c:\documents and settings\All Users\Application Data\jypymile.dat
2008-11-20 14:48 . 2008-11-20 14:48 10,556 --a------ c:\windows\ebete.dat
2008-11-20 14:48 . 2008-11-20 14:48 10,240 --a------ c:\windows\ilefohelo.dat
2008-11-17 22:04 . 2008-11-17 22:04 19,877 --a------ c:\windows\betowucit.ban
2008-11-17 22:04 . 2008-11-17 22:04 19,709 --a------ c:\documents and settings\All Users\Application Data\ovyr.reg
2008-11-17 22:04 . 2008-11-17 22:04 17,119 --a------ c:\documents and settings\All Users\Application Data\godedyc.dat
2008-11-17 22:04 . 2008-11-17 22:04 17,044 --a------ c:\windows\boxecubu.db
2008-11-17 22:04 . 2008-11-17 22:04 16,557 --a------ c:\documents and settings\Brad J. Matushewski\Application Data\havyzoca.bin
2008-11-17 22:04 . 2008-11-17 22:04 16,241 --a------ c:\windows\system32\vixuwonydo.com
2008-11-17 22:04 . 2008-11-17 22:04 15,316 --a------ c:\documents and settings\Brad J. Matushewski\Application Data\bywyqypyv.com
2008-11-17 22:04 . 2008-11-17 22:04 15,132 --a------ c:\documents and settings\Brad J. Matushewski\Application Data\esuhih.scr
2008-11-17 22:04 . 2008-11-17 22:04 14,347 --a------ c:\program files\Common Files\ixyfyhysi.vbs
2008-11-17 22:04 . 2008-11-17 22:04 13,846 --a------ c:\windows\ycel.bat
2008-11-17 22:04 . 2008-11-17 22:04 13,166 --a------ c:\windows\ucaryvog.reg
2008-11-17 22:04 . 2008-11-17 22:04 12,248 --a------ c:\windows\system32\redepa.ban
2008-11-17 22:04 . 2008-11-17 22:04 10,753 --a------ c:\program files\Common Files\amazypixyd.sys
2008-11-17 22:04 . 2008-11-17 22:04 10,645 --a------ c:\documents and settings\All Users\Application Data\ewoqiso.scr
2008-11-13 21:23 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 21:22 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-02 19:24 . 2008-11-02 19:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\PopCap
2008-10-23 18:32 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-19 20:22 . 2008-10-19 20:22 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-19 20:22 . 2008-10-19 20:22 1,409 --a------ c:\windows\QTFont.for
2008-10-16 06:05 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-16 06:05 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-16 06:04 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 06:04 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 06:04 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 06:04 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-10 14:27 . 2008-10-10 14:27 439,133 --a------ C:\London

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 14:45 --------- d-----w c:\program files\DNA
2008-11-30 14:45 --------- d-----w c:\documents and settings\Brad J. Matushewski\Application Data\DNA
2008-11-30 14:31 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-28 06:14 --------- d-----w c:\program files\palmOne
2008-11-25 20:25 --------- d-----w c:\documents and settings\Brad J. Matushewski\Application Data\BitTorrent
2008-11-24 15:57 --------- d-----w c:\program files\Java
2008-11-22 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Trend Micro
2008-11-20 21:45 --------- d-----w c:\program files\RegClean
2008-11-20 19:48 16,106 ----a-w c:\program files\Common Files\ajobugiw.inf
2008-11-20 19:48 14,531 ----a-w c:\program files\Common Files\bypic.lib
2008-11-19 19:08 --------- d-----w c:\program files\Trend Micro
2008-11-19 17:28 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-18 03:04 18,380 ----a-w c:\program files\Common Files\womytat.lib
2008-11-18 03:04 11,308 ----a-w c:\program files\Common Files\kixibohycy._dl
2008-11-15 12:42 --------- d-----w c:\program files\Google
2008-10-24 11:21 455,296 ------w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 01:34 --------- d-----w c:\program files\Virtual Earth 3D
2008-10-17 10:56 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2008-10-17 10:56 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2008-08-28 13:14 10,752 ----a-w c:\windows\DCEBoot.exe
2007-09-06 20:53 92,064 ----a-w c:\documents and settings\Brad J. Matushewski\mqdmmdm.sys
2007-09-06 20:53 9,232 ----a-w c:\documents and settings\Brad J. Matushewski\mqdmmdfl.sys
2007-09-06 20:53 79,328 ----a-w c:\documents and settings\Brad J. Matushewski\mqdmserd.sys
2007-09-06 20:53 66,656 ----a-w c:\documents and settings\Brad J. Matushewski\mqdmbus.sys
2007-09-06 20:53 6,208 ----a-w c:\documents and settings\Brad J. Matushewski\mqdmcmnt.sys
2007-09-06 20:53 5,936 ----a-w c:\documents and settings\Brad J. Matushewski\mqdmwhnt.sys
2007-09-06 20:53 4,048 ----a-w c:\documents and settings\Brad J. Matushewski\mqdmcr.sys
2007-09-06 20:53 25,600 ----a-w c:\documents and settings\Brad J. Matushewski\usbsermptxp.sys
2007-09-06 20:53 22,768 ----a-w c:\documents and settings\Brad J. Matushewski\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-02-22 95536]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2002-01-07 401496]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-25 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-17 184320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 1470464]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 53248]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"\\PNL-Brad\EPSON Stylus Photo RX500"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" [2003-06-02 99840]
"Auto EPSON Stylus Photo RX500 on PNL-Brad"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" [2003-06-02 99840]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 c:\windows\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 c:\windows\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe]
"CFSServ.exe"="CFSServ.exe" [BU]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2000-02-14 c:\windows\system32\WFXSNT40.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
IEHOME.LNK - c:\documents and settings\Default User\Local Settings\Temp\iehome.bat [2006-11-03 298]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 wfxsvc;WinFax PRO;c:\windows\system32\WFXSVC.EXE [2006-11-02 129536]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S0 crplrcdy;crplrcdy;c:\windows\system32\drivers\bvrt.sys []
S0 daoirefq;daoirefq;c:\windows\system32\drivers\vucahkgu.sys []
S2 Copy of avp;Copy of avp;"c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\Copy of avp.exe" -r [2008-11-22 206088]
S2 gupdate1c8fc1a7d79d2e9;Google Update Service (gupdate1c8fc1a7d79d2e9);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2008-08-11 133104]
S3 113B5;113B5;\??\c:\windows\system32\113B5.sys []
S3 216B9;216B9;\??\c:\windows\system32\216B9.sys []
S3 24eD3;24eD3;\??\c:\windows\system32\24eD3.sys [2008-11-21 54624]
S3 3c0B9;3c0B9;\??\c:\windows\system32\3c0B9.sys [2008-11-20 54624]
S3 503B7;503B7;\??\c:\windows\system32\503B7.sys []
S3 5d3B6;5d3B6;\??\c:\windows\system32\5d3B6.sys [2008-11-22 54624]
S3 654BC;654BC;\??\c:\windows\system32\654BC.sys [2008-11-21 54624]
S3 739B5;739B5;\??\c:\windows\system32\739B5.sys [2008-11-20 54624]
S3 7a0BB;7a0BB;\??\c:\windows\system32\7a0BB.sys [2008-11-21 54624]
S3 7a3D6;7a3D6;\??\c:\windows\system32\7a3D6.sys []
S3 7d4C0;7d4C0;\??\c:\windows\system32\7d4C0.sys [2008-11-21 54624]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [2006-12-02 2805000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{286b30a2-2487-11dd-a30d-001302d2e377}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{371f10ae-670e-11dd-a3a2-001302d2e377}]
\Shell\AutoRun\command - D:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e5d1e58-b9be-11dd-a4f8-001302d2e377}]
\Shell\AutoRun\command - D:\DPFMate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e15f95d4-da4b-11dc-a2a1-0018de4ba501}]
\Shell\AutoRun\command - D:\Setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-30 09:43]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Evidence Eliminator - c:\program files\Evidence Eliminator\ee.exe
HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://sympatico.msn.ca/
mStart Page = hxxp://www.google.com
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\MICROS~3\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\MICROS~3\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\MICROS~3\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\MICROS~3\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\progra~1\MICROS~3\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\progra~1\MICROS~3\CENetFlt.dll

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\system32\atl.dll - c:\windows\system32\shfolder.dll
c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
c:\windows\system32\DXFLib.dll
c:\windows\system32\devil.dll
c:\windows\system32\opcode.dll
c:\windows\Downloaded Program Files\View22RTE.dll
O16 -: {BCBC9371-595D-11D4-A96D-00105A1CEF6C}
hxxp://hgtv.view22.com/view22/app/view22rte.cab
c:\windows\Downloaded Program Files\v22.inf

c:\windows\Downloaded Program Files\GoPetsWeb.ocx - O16 -: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8}
hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
c:\windows\Downloaded Program Files\GoPetsWeb.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 09:44:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6652)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dantz\Retrospect\retrorun.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\searchindexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\program files\Toshiba\ConfigFree\CFSServ.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\palmOne\Hotsync.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Logitech\SetPoint\KEM.exe
c:\program files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe
c:\program files\Logitech\SetPoint\KHALMNPR.exe
c:\windows\system32\RAMASST.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-11-30 9:49:22 - machine was rebooted [Brad J. Matushewski]
ComboFix-quarantined-files.txt 2008-11-30 14:48:56

Pre-Run: 7,639,564,288 bytes free
Post-Run: 7,566,798,848 bytes free

355 --- E O F --- 2008-11-14 03:40:53

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:51 AM

Posted 30 November 2008 - 10:16 AM

Still a bunch of malware files in your log.


Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Driver::
crplrcdy
daoirefq
113B5
216B9
24eD3 
3c0B9 
503B7
5d3B6
654BC
739B5
7a0BB
7a3D6
7d4C0

File::
c:\windows\system32\24eD3.sys
c:\windows\system32\3c0B9.sys
c:\windows\system32\5d3B6.sys
c:\windows\system32\654BC.sys
c:\windows\system32\739B5.sys
c:\windows\system32\7a0BB.sys
c:\documents and settings\Administrator\Start Menu\Programs\Startup\IEHOME.LNK
c:\documents and settings\Default User\Local Settings\Temp\iehome.bat
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\drivers\logiflt.iad
c:\windows\DCEBoot.exe
c:\windows\uvaviv.inf
c:\windows\omurasilok.exe
c:\windows\ulapawufi.pif
c:\documents and settings\All Users\Application Data\oparyl.pif
c:\documents and settings\Brad J. Matushewski\Application Data\lyzonufitex.com
c:\windows\iqymolo.exe
c:\windows\lykirohufi.scr
c:\documents and settings\All Users\Application Data\qitatotuma.pif
c:\windows\gagev.pif
c:\windows\system32\xikosiceq.dat
c:\program files\Common Files\ewerewaq.bin
c:\program files\Common Files\nepotaxif.sys
c:\documents and settings\Brad J. Matushewski\Application Data\ymyf.bin
c:\windows\hopere.sys
c:\documents and settings\All Users\Application Data\jypymile.dat
c:\windows\ebete.dat
c:\windows\ilefohelo.dat
c:\windows\betowucit.ban
c:\documents and settings\All Users\Application Data\ovyr.reg
c:\documents and settings\All Users\Application Data\godedyc.dat
c:\windows\boxecubu.db
c:\documents and settings\Brad J. Matushewski\Application Data\havyzoca.bin
c:\windows\system32\vixuwonydo.com
c:\documents and settings\Brad J. Matushewski\Application Data\bywyqypyv.com
c:\documents and settings\Brad J. Matushewski\Application Data\esuhih.scr
c:\program files\Common Files\ixyfyhysi.vbs
c:\windows\ycel.bat
c:\windows\ucaryvog.reg
c:\windows\system32\redepa.ban
c:\program files\Common Files\amazypixyd.sys
c:\documents and settings\All Users\Application Data\ewoqiso.scr
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 Lifeguard1

Lifeguard1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 09 December 2008 - 03:57 PM

Here you go:

ComboFix 08-11-23.02 - Brad J. Matushewski 2008-12-09 15:51:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.428 [GMT -5:00]
Running from: c:\documents and settings\Brad J. Matushewski\Desktop\Anti-Virus Tools\ComboFix.exe
Command switches used :: c:\documents and settings\Brad J. Matushewski\Desktop\CFScript.txt
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
c:\documents and settings\Administrator\Start Menu\Programs\Startup\IEHOME.LNK
c:\documents and settings\All Users\Application Data\ewoqiso.scr
c:\documents and settings\All Users\Application Data\godedyc.dat
c:\documents and settings\All Users\Application Data\jypymile.dat
c:\documents and settings\All Users\Application Data\oparyl.pif
c:\documents and settings\All Users\Application Data\ovyr.reg
c:\documents and settings\All Users\Application Data\qitatotuma.pif
c:\documents and settings\Brad J. Matushewski\Application Data\bywyqypyv.com
c:\documents and settings\Brad J. Matushewski\Application Data\esuhih.scr
c:\documents and settings\Brad J. Matushewski\Application Data\havyzoca.bin
c:\documents and settings\Brad J. Matushewski\Application Data\lyzonufitex.com
c:\documents and settings\Brad J. Matushewski\Application Data\ymyf.bin
c:\documents and settings\Default User\Local Settings\Temp\iehome.bat
c:\program files\Common Files\amazypixyd.sys
c:\program files\Common Files\ewerewaq.bin
c:\program files\Common Files\ixyfyhysi.vbs
c:\program files\Common Files\nepotaxif.sys
c:\windows\betowucit.ban
c:\windows\boxecubu.db
c:\windows\DCEBoot.exe
c:\windows\ebete.dat
c:\windows\gagev.pif
c:\windows\hopere.sys
c:\windows\ilefohelo.dat
c:\windows\iqymolo.exe
c:\windows\lykirohufi.scr
c:\windows\omurasilok.exe
c:\windows\system32\24eD3.sys
c:\windows\system32\3c0B9.sys
c:\windows\system32\5d3B6.sys
c:\windows\system32\654BC.sys
c:\windows\system32\739B5.sys
c:\windows\system32\7a0BB.sys
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\redepa.ban
c:\windows\system32\vixuwonydo.com
c:\windows\system32\xikosiceq.dat
c:\windows\ucaryvog.reg
c:\windows\ulapawufi.pif
c:\windows\uvaviv.inf
c:\windows\ycel.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\IEHOME.LNK
c:\documents and settings\All Users\Application Data\ewoqiso.scr
c:\documents and settings\All Users\Application Data\godedyc.dat
c:\documents and settings\All Users\Application Data\jypymile.dat
c:\documents and settings\All Users\Application Data\oparyl.pif
c:\documents and settings\All Users\Application Data\ovyr.reg
c:\documents and settings\All Users\Application Data\qitatotuma.pif
c:\documents and settings\Brad J. Matushewski\Application Data\bywyqypyv.com
c:\documents and settings\Brad J. Matushewski\Application Data\esuhih.scr
c:\documents and settings\Brad J. Matushewski\Application Data\havyzoca.bin
c:\documents and settings\Brad J. Matushewski\Application Data\lyzonufitex.com
c:\documents and settings\Brad J. Matushewski\Application Data\ymyf.bin
c:\documents and settings\Default User\Local Settings\Temp\iehome.bat
c:\program files\Common Files\amazypixyd.sys
c:\program files\Common Files\ewerewaq.bin
c:\program files\Common Files\ixyfyhysi.vbs
c:\program files\Common Files\nepotaxif.sys
c:\windows\betowucit.ban
c:\windows\boxecubu.db
c:\windows\DCEBoot.exe
c:\windows\ebete.dat
c:\windows\gagev.pif
c:\windows\hopere.sys
c:\windows\ilefohelo.dat
c:\windows\iqymolo.exe
c:\windows\lykirohufi.scr
c:\windows\omurasilok.exe
c:\windows\system32\24eD3.sys
c:\windows\system32\3c0B9.sys
c:\windows\system32\5d3B6.sys
c:\windows\system32\654BC.sys
c:\windows\system32\739B5.sys
c:\windows\system32\7a0BB.sys
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\redepa.ban
c:\windows\system32\vixuwonydo.com
c:\windows\system32\xikosiceq.dat
c:\windows\ucaryvog.reg
c:\windows\ulapawufi.pif
c:\windows\uvaviv.inf
c:\windows\ycel.bat

.
((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
.

2008-11-30 22:07 . 2008-11-30 22:07 0 --a------ c:\windows\system32\wvr6vaq.dll
2008-11-25 14:04 . 2008-12-09 14:52 3,806,240 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-25 14:04 . 2008-12-09 14:52 589,856 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-25 14:04 . 2008-12-09 14:52 31,864 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-25 14:04 . 2008-12-09 14:52 3,096 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-25 12:18 . 2008-11-25 12:18 <DIR> d-------- C:\rsit
2008-11-25 11:34 . 2008-11-25 14:32 <DIR> d-------- C:\SDFix
2008-11-23 20:28 . 2008-11-23 20:28 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-23 20:18 . 2008-11-23 20:18 <DIR> d-------- c:\windows\ERUNT
2008-11-22 21:55 . 2008-11-22 21:55 <DIR> d-------- c:\documents and settings\Brad J. Matushewski\Application Data\Malwarebytes
2008-11-22 21:50 . 2008-11-22 21:50 2,335,270 --a------ c:\windows\system32\e9bB5.mht
2008-11-22 17:18 . 2008-11-23 19:19 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-11-22 17:18 . 2008-11-22 17:18 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-11-22 17:17 . 2008-11-22 17:17 <DIR> d-------- c:\program files\Kaspersky Lab
2008-11-22 17:17 . 2008-12-09 15:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-22 17:09 . 2008-11-22 17:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-22 15:36 . 2008-11-22 20:48 <DIR> d-------- C:\Malwarebytes' Anti-Malware
2008-11-22 14:28 . 2008-11-22 14:28 2,335,270 --a------ c:\windows\system32\9a2B5.mht
2008-11-21 22:42 . 2008-11-21 22:42 2,335,270 --a------ c:\windows\system32\fddBA.mht
2008-11-21 19:53 . 2008-11-21 21:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-21 19:53 . 2008-11-21 19:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-21 19:53 . 2008-10-22 16:27 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-21 19:53 . 2008-10-22 16:27 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-21 19:52 . 2008-11-21 19:52 2,335,270 --a------ c:\windows\system32\ba3D2.mht
2008-11-21 19:52 . 2008-04-13 19:11 706,048 --a------ c:\windows\system32\aa0D4.tmp
2008-11-21 19:52 . 2008-11-21 19:52 128,352 --a------ c:\windows\system32\24eD3.dll
2008-11-21 17:53 . 2008-11-21 16:41 2,373,088 --a------ C:\mbam.exe
2008-11-21 17:45 . 2008-11-21 17:45 2,335,270 --a------ c:\windows\system32\f20BB.mht
2008-11-21 13:27 . 2008-04-13 19:11 706,048 --a------ c:\windows\system32\431C1.tmp
2008-11-21 13:27 . 2008-11-21 13:27 54,624 --a------ c:\windows\system32\7d4C0.sys
2008-11-21 13:03 . 2008-11-21 13:03 2,335,270 --a------ c:\windows\system32\aabBB.mht
2008-11-20 20:58 . 2008-11-20 20:58 2,335,270 --a------ c:\windows\system32\449B4.mht
2008-11-20 18:14 . 2008-11-20 18:14 2,335,270 --a------ c:\windows\system32\75eB8.mht
2008-11-13 21:23 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 21:22 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 20:48 --------- d-----w c:\documents and settings\Brad J. Matushewski\Application Data\DNA
2008-12-09 20:46 --------- d-----w c:\documents and settings\Brad J. Matushewski\Application Data\BitTorrent
2008-12-09 20:08 --------- d-----w c:\program files\DNA
2008-12-09 02:35 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-08 17:03 --------- d-----w c:\program files\palmOne
2008-12-05 01:22 --------- d-----w c:\program files\Google
2008-11-24 15:57 --------- d-----w c:\program files\Java
2008-11-22 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Trend Micro
2008-11-20 21:45 --------- d-----w c:\program files\RegClean
2008-11-20 19:48 16,106 ----a-w c:\program files\Common Files\ajobugiw.inf
2008-11-20 19:48 14,531 ----a-w c:\program files\Common Files\bypic.lib
2008-11-19 19:08 --------- d-----w c:\program files\Trend Micro
2008-11-19 17:28 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-18 03:04 18,380 ----a-w c:\program files\Common Files\womytat.lib
2008-11-18 03:04 11,308 ----a-w c:\program files\Common Files\kixibohycy._dl
2008-11-03 00:24 --------- d-----w c:\documents and settings\All Users\Application Data\PopCap
2008-10-24 11:21 455,296 ------w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 01:34 --------- d-----w c:\program files\Virtual Earth 3D
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2007-09-06 20:53 92,064 ----a-w c:\documents and settings\Brad J. Matushewski\mqdmmdm.sys
2007-09-06 20:53 9,232 ----a-w c:\documents and settings\Brad J. Matushewski\mqdmmdfl.sys
2007-09-06 20:53 79,328 ----a-w c:\documents and settings\Brad J. Matushewski\mqdmserd.sys
2007-09-06 20:53 66,656 ----a-w c:\documents and settings\Brad J. Matushewski\mqdmbus.sys
2007-09-06 20:53 6,208 ----a-w c:\documents and settings\Brad J. Matushewski\mqdmcmnt.sys
2007-09-06 20:53 5,936 ----a-w c:\documents and settings\Brad J. Matushewski\mqdmwhnt.sys
2007-09-06 20:53 4,048 ----a-w c:\documents and settings\Brad J. Matushewski\mqdmcr.sys
2007-09-06 20:53 25,600 ----a-w c:\documents and settings\Brad J. Matushewski\usbsermptxp.sys
2007-09-06 20:53 22,768 ----a-w c:\documents and settings\Brad J. Matushewski\usbsermpt.sys
2008-09-01 13:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090120080902\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-30_ 9.48.18.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-05 01:23:07 10,134 ----a-r c:\windows\Installer\{CB5EE15E-BFBD-11DD-9851-005056806466}\ARPPRODUCTICON.exe
+ 2008-12-05 01:23:07 26,694 ----a-r c:\windows\Installer\{CB5EE15E-BFBD-11DD-9851-005056806466}\UNINST_Uninstall_G_BCEEAF790189405A8B93BFE1E41FCD64.exe
- 2008-11-30 14:42:39 16,384 ------w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-09 20:07:51 16,384 ------w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-30 14:42:39 32,768 ------w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-09 20:07:51 32,768 ------w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-11-30 14:42:39 32,768 ------w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-09 20:07:51 32,768 ------w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-02-22 95536]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2002-01-07 401496]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-25 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-17 184320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 1470464]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 53248]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"\\PNL-Brad\EPSON Stylus Photo RX500"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" [2003-06-02 99840]
"Auto EPSON Stylus Photo RX500 on PNL-Brad"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" [2003-06-02 99840]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 c:\windows\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 c:\windows\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe]
"CFSServ.exe"="CFSServ.exe" [BU]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2000-02-14 c:\windows\system32\WFXSNT40.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 wfxsvc;WinFax PRO;c:\windows\system32\WFXSVC.EXE [2006-11-02 129536]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S0 crplrcdy;crplrcdy;c:\windows\system32\drivers\bvrt.sys []
S0 daoirefq;daoirefq;c:\windows\system32\drivers\vucahkgu.sys []
S2 Copy of avp;Copy of avp;"c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\Copy of avp.exe" -r [2008-11-22 206088]
S2 gupdate1c8fc1a7d79d2e9;Google Update Service (gupdate1c8fc1a7d79d2e9);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2008-08-11 133104]
S3 113B5;113B5;\??\c:\windows\system32\113B5.sys []
S3 216B9;216B9;\??\c:\windows\system32\216B9.sys []
S3 24eD3;24eD3;\??\c:\windows\system32\24eD3.sys []
S3 3c0B9;3c0B9;\??\c:\windows\system32\3c0B9.sys []
S3 503B7;503B7;\??\c:\windows\system32\503B7.sys []
S3 5d3B6;5d3B6;\??\c:\windows\system32\5d3B6.sys []
S3 654BC;654BC;\??\c:\windows\system32\654BC.sys []
S3 739B5;739B5;\??\c:\windows\system32\739B5.sys []
S3 7a0BB;7a0BB;\??\c:\windows\system32\7a0BB.sys []
S3 7a3D6;7a3D6;\??\c:\windows\system32\7a3D6.sys []
S3 7d4C0;7d4C0;\??\c:\windows\system32\7d4C0.sys [2008-11-21 54624]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;c:\windows\system32\Drivers\BrSerIf.sys [2007-09-02 53248]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;c:\windows\system32\Drivers\BrUsbSer.sys [2007-09-02 11904]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [2006-12-02 2805000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{286b30a2-2487-11dd-a30d-001302d2e377}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{371f10ae-670e-11dd-a3a2-001302d2e377}]
\Shell\AutoRun\command - D:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e5d1e58-b9be-11dd-a4f8-001302d2e377}]
\Shell\AutoRun\command - D:\DPFMate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e15f95d4-da4b-11dc-a2a1-0018de4ba501}]
\Shell\AutoRun\command - D:\Setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-12-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-30 09:43]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 15:52:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1492)
c:\windows\system32\WgaLogon.dll
.
Completion time: 2008-12-09 15:54:56
ComboFix-quarantined-files.txt 2008-12-09 20:53:54
ComboFix2.txt 2008-11-30 14:49:23

Pre-Run: 7,686,225,920 bytes free
Post-Run: 7,684,018,176 bytes free

317 --- E O F --- 2008-11-14 03:40:53

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:51 AM

Posted 09 December 2008 - 04:02 PM

We need to get the updated version of Combofix.

Follow this process to uninstall Combofix. It will also restore a few settings and remove quarantined items.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image


===============


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3


Go ahead and run Combofix and post the log in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users