Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijackthis and computer help


  • This topic is locked This topic is locked
66 replies to this topic

#1 sunnybo

sunnybo

  • Members
  • 313 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 10 January 2009 - 02:53 PM

This is my old topic im trying to link it to my new topic. ok. My computer has a backdoor and a p2p and some other adware and spyware. http://www.bleepingcomputer.com/forums/t/185475/hijackthis-log-help/

Here is a new dds and highjackthis log. ok.


DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 14:15:27.50 on Sat 01/10/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.42 [GMT -5:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)
FW: CA Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_central
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
TB: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [LogitechGalleryRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\VetRedir.dll
Notify: igfxcui - igfxsrvc.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\blj949pl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-holiday-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_central
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-holiday-ab-en-us&query=
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-07 11:47 --d----- c:\windows\bin
2009-01-07 11:44 --d----- c:\program files\common files\Motive
2009-01-07 11:42 --d----- c:\program files\Verizon Broadband Firefox Toolbar
2009-01-07 11:42 --d----- c:\program files\verizon_broad
2009-01-07 11:42 --d----- c:\docume~1\owner\applic~1\verizon_broad
2009-01-07 11:32 --d----- c:\program files\Verizon
2009-01-05 04:52 0 a------- c:\windows\RussSqr.INI
2009-01-04 05:38 --d----- c:\program files\Ricochet Lost Worlds
2009-01-04 05:38 61,440 a------- c:\windows\system32\Big Kahuna Reef 2.scr
2009-01-04 05:38 --d----- c:\program files\Big Kahuna Reef 2
2009-01-04 04:34 --d----- c:\program files\Cartoon Network All-Stars
2009-01-02 12:46 --d----- C:\BigTuna
2008-12-25 19:37 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-25 19:37 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-23 02:54 161,792 a------- c:\windows\SWREG.exe
2008-12-23 02:54 98,816 a------- c:\windows\sed.exe
2008-12-23 02:30 --d----- C:\Rooter$
2008-12-20 21:50 21 a------- c:\windows\atid.ini
2008-12-20 21:50 --d----- c:\program files\common files\Software Update Utility
2008-12-20 21:49 --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2008-12-20 21:49 --d----- c:\docume~1\alluse~1\applic~1\acccore

==================== Find3M ====================

2009-01-08 21:57 158,466 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-01-08 21:57 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-01-08 21:57 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-01-08 21:57 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-01-08 21:57 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-01-08 21:57 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-01-08 21:57 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-01-08 21:57 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2008-12-20 18:21 31 a------- c:\documents and settings\owner\jagex_runescape_preferences.dat
2008-10-28 17:36 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-10-28 17:36 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-10-28 17:35 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-10-28 17:35 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-10-28 17:35 684,032 a------- c:\windows\system32\DivX.dll
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2006-03-15 14:19 212,992 a------- c:\windows\inf\wg311v3\CopyWHQLDriver.exe
2006-01-26 17:55 280,576 a------- c:\windows\inf\wg311v3\WG311v3.sys
2005-10-06 15:17 280,576 a------- c:\windows\inf\wg311v3\WG311v3XP.sys
2005-08-21 04:26 0 ac-sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 14:18:37.71 ===============


the attach file is attached. Thanks

here a hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:55 PM, on 1/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 8954 bytes

I hope i get some help. Thanks.

Attached Files



BC AdBot (Login to Remove)

 


#2 sunnybo

sunnybo
  • Topic Starter

  • Members
  • 313 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 12 January 2009 - 04:06 PM

i did this so far. i hope someone gets to me soon.

Scanning Report
Sunday, January 11, 2009 23:58:23 - 01:52:29

Computer name: YOUR-C8BH3JAGLT
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\
Result: 0 malware found
Statistics
Scanned:

* Files: 29803
* System: 3586
* Not scanned: 8

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 0
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

Options
Scanning engines:

* F-Secure USS: 2.40.0
* F-Secure Hydra: 2.8.8110, 2009-01-11
* F-Secure AVP: 7.0.171, 2009-01-11
* F-Secure Pegasus: 1.20.0, 2008-11-17
* F-Secure Blacklight: 0.0.0

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

#3 sunnybo

sunnybo
  • Topic Starter

  • Members
  • 313 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 12 January 2009 - 04:15 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-12 16:10:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (26%) free of 34 GB
Total RAM: 247 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:25 PM, on 1/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 8896 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ParetoLogic Registration.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8398-26FADCF27386}]
Verizon Broadband Toolbar - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL [2008-05-30 1991680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-21 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-22 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-11-21 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-25 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-21 251504]
{A057A204-BACC-4D26-8398-26FADCF27386} - Verizon Broadband Toolbar - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL [2008-05-30 1991680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-04-02 151597]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-03-04 19968]
"LogitechGalleryRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2004-06-01 458752]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2004-05-21 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2004-06-01 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2004-06-01 217088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-25 136600]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2007-09-28 936960]
"VerizonServicepoint.exe"=C:\Program Files\Verizon\VSP\VerizonServicepoint.exe [2008-09-16 2065648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2004-06-01 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe [1998-05-07 52736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2004-04-02 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-02-06 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-04-02 151597]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2008-11-05 4347120]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NETGEAR WG311v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\WINDOWS\system32\UmxWnp.Dll [2007-05-18 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-01-11 23:47:56 ----D---- C:\fsaua.data
2009-01-10 14:19:39 ----SHD---- C:\RECYCLER
2009-01-10 14:19:34 ----HD---- C:\WINDOWS\PIF
2009-01-07 11:47:16 ----D---- C:\WINDOWS\bin
2009-01-07 11:44:09 ----D---- C:\Program Files\Common Files\Motive
2009-01-07 11:42:34 ----D---- C:\Program Files\Verizon Broadband Firefox Toolbar
2009-01-07 11:42:28 ----D---- C:\Program Files\verizon_broad
2009-01-07 11:42:28 ----D---- C:\Documents and Settings\Owner\Application Data\verizon_broad
2009-01-07 11:32:16 ----D---- C:\Program Files\Verizon
2009-01-06 05:37:55 ----A---- C:\ComboFix.txt
2009-01-05 04:52:38 ----A---- C:\WINDOWS\RussSqr.INI
2009-01-04 05:38:54 ----D---- C:\Program Files\Ricochet Lost Worlds
2009-01-04 05:38:30 ----D---- C:\Program Files\Big Kahuna Reef 2
2009-01-04 04:34:44 ----D---- C:\Program Files\Cartoon Network All-Stars
2009-01-02 12:46:12 ----D---- C:\BigTuna
2008-12-25 19:37:17 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-25 19:37:17 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-25 19:37:17 ----A---- C:\WINDOWS\system32\java.exe
2008-12-25 19:37:17 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-23 15:27:52 ----D---- C:\WINDOWS\temp
2008-12-23 14:58:22 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\zip.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\VFIND.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\SWSC.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\SWREG.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\sed.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\grep.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\fdsv.exe
2008-12-23 02:53:09 ----D---- C:\WINDOWS\ERDNT
2008-12-23 02:53:09 ----AD---- C:\Qoobox
2008-12-23 02:35:00 ----A---- C:\Rooter.txt
2008-12-23 02:30:58 ----D---- C:\Rooter$
2008-12-22 18:02:24 ----D---- C:\Program Files\Mozilla Firefox
2008-12-22 12:56:01 ----D---- C:\rsit
2008-12-20 21:50:28 ----A---- C:\WINDOWS\atid.ini
2008-12-20 21:50:01 ----D---- C:\Program Files\Common Files\Software Update Utility
2008-12-20 21:49:29 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-20 21:49:21 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-12-20 03:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-10 03:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 03:05:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 03:04:20 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-10 03:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 03:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 03:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-10 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-12-09 17:05:33 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-09 17:05:03 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-12-09 17:01:31 ----D---- C:\Program Files\Windows Media Connect 2
2008-12-09 17:00:47 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-12-09 16:56:05 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-12-09 16:53:15 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-09 16:52:15 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-12-09 12:51:57 ----D---- C:\Program Files\NETGEAR
2008-12-06 20:57:08 ----D---- C:\Documents and Settings\Owner\Application Data\WinMX Music
2008-12-06 20:54:39 ----D---- C:\Program Files\WinMX Music
2008-12-01 15:26:13 ----RA---- C:\WINDOWS\system32\InstMed.exe
2008-12-01 15:25:52 ----A---- C:\WINDOWS\system32\lvcoinst.ini
2008-12-01 15:25:52 ----A---- C:\WINDOWS\system32\lvcoinst.dll
2008-12-01 15:25:51 ----A---- C:\WINDOWS\system32\LVUI2RC.dll
2008-12-01 15:25:51 ----A---- C:\WINDOWS\system32\LVUI2.dll
2008-12-01 15:25:51 ----A---- C:\WINDOWS\system32\lvcodec2.dll
2008-11-30 21:22:57 ----D---- C:\Documents and Settings\Owner\Application Data\FotoWire
2008-11-30 21:22:55 ----D---- C:\Program Files\Common Files\FotoWire
2008-11-26 03:01:36 ----D---- C:\WINDOWS\ie7updates
2008-11-25 11:59:48 ----HD---- C:\WINDOWS\msdownld.tmp
2008-11-25 11:57:57 ----D---- C:\WINDOWS\WBEM
2008-11-25 11:51:38 ----HDC---- C:\WINDOWS\ie7
2008-11-25 11:49:16 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-25 11:42:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-23 21:00:54 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-11-23 21:00:52 ----D---- C:\Program Files\NOS
2008-11-22 21:28:47 ----D---- C:\CA
2008-11-21 07:57:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-21 07:57:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-21 07:56:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-21 07:56:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-21 07:55:25 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-21 07:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-21 07:54:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-21 07:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-21 07:48:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-21 07:48:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-21 07:47:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-21 07:46:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-21 07:46:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-21 07:46:03 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-21 07:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-21 07:45:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-21 07:42:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-21 02:54:08 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-11-20 22:34:42 ----D---- C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-11-11 20:34:00 ----D---- C:\Documents and Settings\Owner\Application Data\Media Player Classic
2008-11-06 16:05:10 ----D---- C:\Program Files\Common Files\Oberon Media
2008-11-05 19:20:15 ----D---- C:\Documents and Settings\All Users\Application Data\Shockwave
2008-10-28 17:36:00 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-10-28 17:36:00 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-10-28 17:35:58 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-10-28 17:35:58 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-10-28 17:35:56 ----A---- C:\WINDOWS\system32\DivX.dll

======List of files/folders modified in the last 3 months======

2009-01-12 16:10:22 ----D---- C:\WINDOWS\Prefetch
2009-01-12 14:46:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-12 12:18:34 ----D---- C:\Documents and Settings\All Users\Application Data\Motive
2009-01-12 09:42:28 ----D---- C:\WINDOWS\system32
2009-01-12 00:07:45 ----D---- C:\WINDOWS\CAVTemp
2009-01-11 23:57:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-11 23:47:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-11 10:37:24 ----D---- C:\WINDOWS
2009-01-08 21:58:27 ----D---- C:\Program Files
2009-01-07 12:07:10 ----D---- C:\Documents and Settings\Owner\Application Data\Motive
2009-01-07 11:44:09 ----D---- C:\Program Files\Common Files
2009-01-06 05:38:53 ----D---- C:\WINDOWS\system32\drivers
2009-01-06 05:31:06 ----A---- C:\WINDOWS\system.ini
2009-01-01 13:52:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-25 19:39:50 ----SHD---- C:\WINDOWS\Installer
2008-12-25 19:36:12 ----D---- C:\Program Files\Java
2008-12-23 23:47:42 ----D---- C:\WINDOWS\AppPatch
2008-12-23 16:22:09 ----D---- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-12-23 08:54:29 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-23 08:44:50 ----D---- C:\WINDOWS\Minidump
2008-12-22 18:03:37 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-12-22 13:10:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-20 21:53:47 ----D---- C:\Program Files\AIM6
2008-12-20 21:52:19 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-12-20 03:01:38 ----HD---- C:\WINDOWS\inf
2008-12-19 01:02:06 ----A---- C:\WINDOWS\imsins.BAK
2008-12-19 01:00:57 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 03:06:43 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-10 03:06:18 ----D---- C:\Program Files\Internet Explorer
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 17:02:46 ----A---- C:\WINDOWS\win.ini
2008-12-09 17:01:29 ----D---- C:\Program Files\Windows Media Player
2008-12-09 17:01:13 ----D---- C:\WINDOWS\Help
2008-12-09 12:52:49 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-09 12:52:37 ----D---- C:\OEMSettings
2008-12-08 19:09:09 ----D---- C:\Program Files\THQ
2008-12-05 10:38:23 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-03 17:29:00 ----D---- C:\Program Files\Oberon Media
2008-12-03 10:59:12 ----D---- C:\Program Files\Logitech
2008-12-01 23:41:11 ----D---- C:\Documents and Settings\Owner\Application Data\DivX
2008-12-01 15:36:40 ----D---- C:\WINDOWS\twain_32
2008-12-01 15:25:33 ----D---- C:\Program Files\Common Files\Logitech
2008-11-27 22:03:50 ----D---- C:\WINDOWS\system32\Restore
2008-11-27 03:02:17 ----D---- C:\WINDOWS\system32\en-us
2008-11-25 11:58:19 ----D---- C:\WINDOWS\system32\config
2008-11-25 11:57:35 ----D---- C:\WINDOWS\Media
2008-11-25 11:35:02 ----D---- C:\Program Files\DivX
2008-11-23 21:54:30 ----D---- C:\Program Files\Google
2008-11-22 14:11:33 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-21 22:50:58 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-21 18:41:38 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-21 18:39:24 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-11-21 07:57:22 ----D---- C:\Program Files\Messenger
2008-11-21 07:46:05 ----D---- C:\WINDOWS\WinSxS
2008-11-17 08:45:55 ----D---- C:\Program Files\Project64 1.6
2008-11-11 21:03:03 ----D---- C:\Documents and Settings\Owner\Application Data\Winamp
2008-11-11 18:22:28 ----A---- C:\WINDOWS\cdplayer.ini
2008-11-11 13:07:57 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-11-05 19:19:27 ----D---- C:\Program Files\Shockwave.com
2008-11-05 17:06:42 ----D---- C:\Program Files\The Learning Company
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 08:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 08:11:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:04:53 ----A---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KmxAgent;KmxAgent; C:\WINDOWS\System32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile; C:\WINDOWS\System32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw; C:\WINDOWS\System32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2004-01-02 11520]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-06-05 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2007-08-20 21512]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2007-08-20 26376]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2007-08-20 32264]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2007-08-20 21128]
R2 KmxCF;KmxCF; C:\WINDOWS\System32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx; C:\WINDOWS\System32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 usbhub;DSC Composite USB Device; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
R3 KmxCfg;KmxCfg; C:\WINDOWS\System32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-03-04 25214]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-03-04 37804]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\Drivers\LMouFlt2.sys [2003-03-04 73134]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-30 23808]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-06-05 108368]
S2 Ca533av;Mega DV(Video); C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-21 515803]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 L8042PR2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\l8042pr2.sys [2003-03-04 53870]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-05-27 19968]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2004-05-27 201728]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2004-01-02 432000]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBCamera;DSC Still Image Capture (CA533A); C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-12-04 11144]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2004-02-04 134144]
S3 W8335XP;NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys [2005-10-06 280576]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2007-08-20 144960]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-01-04 280080]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-25 152984]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2007-10-18 145936]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2007-08-20 242952]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2007-08-16 214280]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-22 137200]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 189704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-07-06 466944]

-----------------EOF-----------------

#4 sunnybo

sunnybo
  • Topic Starter

  • Members
  • 313 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 14 January 2009 - 05:10 PM

i was wondering when and if im gonna get some help please. thanks alot. i know your busy.

#5 sunnybo

sunnybo
  • Topic Starter

  • Members
  • 313 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 14 January 2009 - 05:12 PM

this is another log ive done for you.

OTViewIt logfile created on: 1/12/2009 4:52:24 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.48 Mb Total Physical Memory | 76.19 Mb Available Physical Memory | 30.79% Memory free
604.98 Mb Paging File | 233.84 Mb Available in Paging File | 38.65% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.18 Gb Total Space | 8.56 Gb Free Space | 25.81% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.83 Gb Free Space | 20.46% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-C8BH3JAGLT
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/10/18 09:24:46 | 00,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
[2007/10/18 09:24:44 | 00,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
[2008/06/24 18:10:30 | 00,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
[2007/10/18 09:24:46 | 01,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
[2007/08/20 12:27:26 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
[2007/01/04 11:10:22 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
[2008/12/25 19:36:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2007/08/20 12:36:42 | 00,242,952 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
[2008/07/31 19:55:08 | 00,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
[2004/05/21 19:11:22 | 00,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
[2008/09/16 20:14:46 | 02,065,648 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
[2003/03/19 08:50:00 | 00,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
[2008/12/02 15:11:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/01/12 16:52:01 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/08/16 21:19:02 | 00,214,280 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP [On_Demand | Stopped])
[2007/08/20 12:27:26 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe [Auto | Running])
[2008/10/06 09:18:06 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
[2008/11/22 23:50:51 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2007/01/04 11:10:22 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC [Auto | Running])
[2008/12/25 19:36:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2005/07/06 09:04:20 | 00,466,944 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxcccoms.exe -- (lxcc_device [Disabled | Stopped])
[2003/07/28 22:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/08/16 20:10:16 | 00,189,704 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv [On_Demand | Stopped])
[2007/10/18 09:24:46 | 01,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent [Auto | Running])
[2007/10/18 09:24:46 | 00,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg [Auto | Running])
[2007/10/18 09:24:44 | 00,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp [Auto | Running])
[2008/06/24 18:10:30 | 00,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol [Auto | Running])
[2007/08/20 12:36:42 | 00,242,952 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/06/29 09:07:18 | 01,268,204 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2003/12/12 09:54:14 | 00,391,424 | ---- | M] (Sensaura Ltd) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Stopped])
[2004/10/01 10:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2002/10/21 11:37:16 | 00,515,803 | ---- | M] (Digital Camera) -- C:\WINDOWS\system32\drivers\CA533AV.SYS -- (Ca533av [Auto | Stopped])
[2003/12/02 21:23:20 | 00,142,336 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k [Boot | Running])
[2004/11/02 08:27:20 | 00,773,565 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2008/06/24 18:08:36 | 00,063,504 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent [System | Running])
[2008/06/24 18:08:42 | 00,134,648 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxCF.sys -- (KmxCF [Auto | Running])
[2008/06/24 18:08:42 | 00,088,816 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg [On_Demand | Running])
[2008/06/24 18:08:46 | 00,045,584 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxFile.sys -- (KmxFile [System | Running])
[2008/06/24 18:08:52 | 00,115,216 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxFw.sys -- (KmxFw [System | Running])
[2008/06/24 18:08:56 | 00,066,576 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxSbx.sys -- (KmxSbx [Auto | Running])
[2008/06/24 18:08:58 | 00,093,712 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxStart.sys -- (KmxStart [Boot | Running])
[2003/03/04 04:50:00 | 00,053,870 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2 [On_Demand | Stopped])
[2003/03/04 04:50:00 | 00,025,214 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2 [On_Demand | Running])
[2003/03/04 04:50:00 | 00,037,804 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb [On_Demand | Running])
[2003/03/04 04:50:00 | 00,073,134 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2 [On_Demand | Running])
[2004/05/27 10:47:16 | 00,019,968 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
[2007/09/28 13:30:57 | 00,019,345 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5 [On_Demand | Stopped])
[2007/09/28 13:30:49 | 00,018,003 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5 [On_Demand | Stopped])
[2004/05/27 10:50:50 | 00,201,728 | ---- | M] () -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0 [On_Demand | Stopped])
[2002/07/30 00:43:50 | 00,023,808 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])
[2004/02/11 23:04:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/01/04 16:58:46 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2002/10/04 20:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139 [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/01/02 22:20:40 | 00,432,000 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315 [On_Demand | Stopped])
[2003/07/18 19:58:20 | 00,036,992 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP [Boot | Running])
[2004/01/02 23:05:48 | 00,011,520 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp [System | Running])
[2008/05/18 14:10:46 | 00,716,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2002/12/04 14:38:26 | 00,011,144 | ---- | M] (USB BULK) -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera [On_Demand | Stopped])
[2007/08/20 12:38:16 | 00,026,376 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT [System | Running])
[2007/08/20 12:38:16 | 00,021,128 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC [System | Running])
[2008/06/05 23:33:41 | 00,108,368 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT [On_Demand | Running])
[2008/06/05 23:33:42 | 00,880,560 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE [System | Running])
[2007/08/20 12:38:20 | 00,021,512 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT [System | Running])
[2007/08/20 12:38:22 | 00,032,264 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT [System | Running])
[2003/07/02 14:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [Boot | Running])
[2004/02/04 20:28:00 | 00,134,144 | ---- | M] (Copyright © VIA/S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Stopped])
[2005/10/06 15:17:34 | 00,280,576 | ---- | M] (Marvell Semiconductor, Inc) -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP [On_Demand | Stopped])
[2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.yahoo.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchDefaultBranded"=
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_central

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = localhost

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchDefaultBranded"=
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_central

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = localhost

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\System32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-500\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = localhost

========== (O1) Hosts File ==========

HOSTS File = (224466 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
7878 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{A057A204-BACC-4D26-8398-26FADCF27386} (HKLM) -- C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) -- C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-8398-26FADCF27386}" (HKLM) -- C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-8398-26FADCF27386}" (HKLM) -- C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-8398-26FADCF27386}" (HKLM) -- C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"=Logi_MwX.Exe (Logitech Inc.)
"LogitechGalleryRepair"=C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN (Verizon)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (Logitech Inc.)
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe /H (PC Tools)

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (Logitech Inc.)
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe /H (PC Tools)

========== (O4) Startup Folders ==========

[2006/01/26 17:55:04 | 01,486,848 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2007/05/31 13:41:06 | 10,352,472 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-1003\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2007/05/31 13:41:06 | 10,352,472 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-500\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2007/05/31 13:41:06 | 10,352,472 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{4982D40A-C53B-4615-B15B-B5B5E98D167C}: Button: AOL Toolbar -- Reg Error: Key does not exist or could not be opened. File not found
{4982D40A-C53B-4615-B15B-B5B5E98D167C}: Menu: AOL Toolbar -- Reg Error: Key does not exist or could not be opened. File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/01/28 11:43:28 | 01,554,256 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [AOL Toolbar] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/01/28 11:43:28 | 01,554,256 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/01/28 11:43:28 | 01,554,256 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/01/28 11:43:28 | 01,554,256 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [AOL Toolbar] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/01/28 11:43:28 | 01,554,256 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/01/28 11:43:28 | 01,554,256 | ---- | M] (Safer Networking Limited)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-3686684057-2967968481-3833689593-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{01113300-3E00-11D2-8470-0060089874ED}: https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab -- Support.com Configuration Class
{233C1507-6A77-46A4-9443-F871F945D258}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{3DCEC959-378A-4922-AD7E-FD5C925D927F}: http://disney.go.com/pirates/online/testAc...OnlineGames.cab -- Disney Online Games ActiveX Control
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.3
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class

========== (O17) DNS Name Servers ==========

{318E0428-6DB3-4FF1-AC3F-DABCEA66BE86} (Servers: | Description: )
{878684C9-ADD4-4AB3-852E-DAB7B63C6F83} (Servers: | Description: NETGEAR WG311v3 802.11g Wireless PCI Adapter)
{EBC5014E-8E57-4B64-A41B-7D9810E731BC} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"GinaDLL"=MrvGINA.dll
>[2006/03/15 13:19:34 | 00,032,768 | ---- | M] (Marvell®) -- C:\WINDOWS\system32\MrvGINA.dll


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
PFW: "DllName" = UmxWnp.Dll -- C:\WINDOWS\system32\UmxWNP.dll (CA)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/04/02 03:03:32 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/28 06:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/01/12 16:51:58 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2009/01/12 16:25:59 | 00,000,746 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/01/12 16:25:56 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009/01/12 16:25:48 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/01/12 16:24:08 | 07,513,456 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Owner\Desktop\rminstall.exe
[2009/01/12 16:09:37 | 00,781,851 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe
[2009/01/11 23:47:56 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2009/01/11 10:37:24 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/01/11 10:37:23 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/01/10 15:38:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Oberon Media
[2009/01/10 14:19:39 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/01/10 14:19:34 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/01/07 11:47:49 | 00,001,744 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Search.lnk
[2009/01/07 11:47:49 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Home.lnk
[2009/01/07 11:47:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\bin
[2009/01/07 11:46:34 | 00,001,026 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Verizon Help and Support.lnk
[2009/01/07 11:44:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2009/01/07 11:42:34 | 00,000,000 | ---D | C] -- C:\Program Files\Verizon Broadband Firefox Toolbar
[2009/01/07 11:42:28 | 00,000,000 | ---D | C] -- C:\Program Files\verizon_broad
[2009/01/07 11:42:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\verizon_broad
[2009/01/07 11:42:14 | 00,001,853 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Verizon Webmail.lnk
[2009/01/07 11:32:16 | 00,000,000 | ---D | C] -- C:\Program Files\Verizon
[2009/01/05 04:52:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2009/01/04 05:39:01 | 00,000,589 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ricochet Lost Worlds.lnk
[2009/01/04 05:38:54 | 00,000,000 | ---D | C] -- C:\Program Files\Ricochet Lost Worlds
[2009/01/04 05:38:38 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Big Kahuna Reef 2 - Chain Reaction.lnk
[2009/01/04 05:38:37 | 00,061,440 | ---- | C] (Reflexive) -- C:\WINDOWS\System32\Big Kahuna Reef 2.scr
[2009/01/04 05:38:30 | 00,000,000 | ---D | C] -- C:\Program Files\Big Kahuna Reef 2
[2009/01/04 04:35:02 | 00,001,923 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Fast and Flurrious.lnk
[2009/01/04 04:35:02 | 00,001,896 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\To The EdsTreme.lnk
[2009/01/04 04:35:02 | 00,001,885 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Cartoon Cove Mini Golf.lnk
[2009/01/04 04:35:02 | 00,001,818 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dropple.lnk
[2009/01/04 04:34:44 | 00,000,000 | ---D | C] -- C:\Program Files\Cartoon Network All-Stars
[2009/01/02 12:46:12 | 00,000,000 | ---D | C] -- C:\BigTuna
[2009/01/01 22:21:13 | 00,000,910 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to jewelquest2_r1a.lnk
[2008/12/23 20:10:04 | 00,016,896 | -HS- | C] () -- C:\Documents and Settings\Owner\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Owner\My Documents\Thumbs.db:encryptable
[2008/12/23 15:27:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2008/12/23 14:58:22 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/12/23 09:02:38 | 25,957,5808 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/23 02:54:00 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/12/23 02:54:00 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/12/23 02:54:00 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/12/23 02:54:00 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/12/23 02:54:00 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/12/23 02:54:00 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/12/23 02:54:00 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/23 02:54:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/12/23 02:53:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/23 02:53:09 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/12/23 02:47:42 | 02,885,687 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe.exe
[2008/12/23 02:30:58 | 00,000,000 | ---D | C] -- C:\Rooter$
[2008/12/22 18:02:44 | 00,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/22 18:02:24 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2008/12/22 12:56:01 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/20 21:50:28 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/12/20 21:50:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2008/12/20 21:49:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/20 21:49:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/12/16 21:41:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\music 2

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/01/12 16:52:01 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2009/01/12 16:25:59 | 00,000,746 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/01/12 16:25:07 | 07,513,456 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Owner\Desktop\rminstall.exe
[2009/01/12 16:09:43 | 00,781,851 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe
[2009/01/12 14:47:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/12 14:47:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/12 14:47:12 | 25,957,5808 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/12 14:46:21 | 00,163,026 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2009/01/12 14:46:21 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2009/01/12 14:46:21 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2009/01/12 14:46:21 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2009/01/12 14:46:21 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2009/01/12 14:46:21 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2009/01/12 14:46:21 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2009/01/12 14:46:21 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2009/01/11 20:46:22 | 01,579,508 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/01/11 19:24:51 | 00,000,016 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009/01/11 18:03:17 | 00,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/01/11 10:37:25 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/01/11 10:37:23 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/01/07 11:47:49 | 00,001,744 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Search.lnk
[2009/01/07 11:47:49 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Home.lnk
[2009/01/07 11:46:35 | 00,001,026 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Verizon Help and Support.lnk
[2009/01/07 11:42:14 | 00,001,853 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Verizon Webmail.lnk
[2009/01/06 05:31:06 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/05 04:52:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\RussSqr.INI
[2009/01/04 05:39:01 | 00,000,589 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ricochet Lost Worlds.lnk
[2009/01/04 05:38:38 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Big Kahuna Reef 2 - Chain Reaction.lnk
[2009/01/04 04:35:02 | 00,001,923 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Fast and Flurrious.lnk
[2009/01/04 04:35:02 | 00,001,896 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\To The EdsTreme.lnk
[2009/01/04 04:35:02 | 00,001,885 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Cartoon Cove Mini Golf.lnk
[2009/01/04 04:35:02 | 00,001,818 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dropple.lnk
[2009/01/01 22:21:13 | 00,000,910 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to jewelquest2_r1a.lnk
[2009/01/01 13:52:54 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/01 13:52:54 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/01 13:52:54 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/31 10:37:03 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/23 20:10:08 | 00,016,896 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Owner\My Documents\Thumbs.db:encryptable
[2008/12/23 02:48:09 | 02,885,687 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe.exe
[2008/12/22 18:02:44 | 00,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/20 21:53:47 | 00,003,154 | -H-- | M] () -- C:\IPH.PH
[2008/12/20 21:50:28 | 00,000,021 | ---- | M] () -- C:\WINDOWS\atid.ini
[2008/12/20 21:49:16 | 00,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2008/12/19 01:02:06 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/16 20:26:34 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/14 19:05:47 | 00,000,402 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shortcut to Shared Documents.lnk
< End of report >

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:15 PM

Posted 20 January 2009 - 02:00 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not post any logs unless instructed to do so.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 sunnybo

sunnybo
  • Topic Starter

  • Members
  • 313 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 20 January 2009 - 03:31 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-20 15:24:15
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (28%) free of 34 GB
Total RAM: 247 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:02 PM, on 1/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 8283 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ParetoLogic Registration.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8398-26FADCF27386}]
Verizon Broadband Toolbar - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL [2008-05-30 1991680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-21 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-22 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-11-21 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-25 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-21 251504]
{A057A204-BACC-4D26-8398-26FADCF27386} - Verizon Broadband Toolbar - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL [2008-05-30 1991680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-04-02 151597]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-03-04 19968]
"LogitechGalleryRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2004-06-01 458752]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2004-05-21 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2004-06-01 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2004-06-01 217088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-25 136600]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2007-09-28 936960]
"VerizonServicepoint.exe"=C:\Program Files\Verizon\VSP\VerizonServicepoint.exe [2008-09-16 2065648]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2004-06-01 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe [1998-05-07 52736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2004-04-02 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-02-06 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-04-02 151597]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-01-19 15:30:23 ----D---- C:\Documents and Settings\Owner\Application Data\Move Networks
2009-01-19 01:03:02 ----D---- C:\Program Files\uTorrent
2009-01-19 01:02:55 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2009-01-18 23:45:01 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-01-18 23:44:56 ----D---- C:\Program Files\Alwil Software
2009-01-18 22:42:52 ----SHD---- C:\Config.Msi
2009-01-14 03:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-11 23:47:56 ----D---- C:\fsaua.data
2009-01-10 14:19:39 ----SHD---- C:\RECYCLER
2009-01-10 14:19:34 ----HD---- C:\WINDOWS\PIF
2009-01-07 11:47:16 ----D---- C:\WINDOWS\bin
2009-01-07 11:44:09 ----D---- C:\Program Files\Common Files\Motive
2009-01-07 11:42:34 ----D---- C:\Program Files\Verizon Broadband Firefox Toolbar
2009-01-07 11:42:28 ----D---- C:\Program Files\verizon_broad
2009-01-07 11:42:28 ----D---- C:\Documents and Settings\Owner\Application Data\verizon_broad
2009-01-07 11:32:16 ----D---- C:\Program Files\Verizon
2009-01-06 05:37:55 ----A---- C:\ComboFix.txt
2009-01-05 04:52:38 ----A---- C:\WINDOWS\RussSqr.INI
2009-01-04 05:38:54 ----D---- C:\Program Files\Ricochet Lost Worlds
2009-01-04 05:38:30 ----D---- C:\Program Files\Big Kahuna Reef 2
2009-01-04 04:34:44 ----D---- C:\Program Files\Cartoon Network All-Stars
2009-01-02 12:46:12 ----D---- C:\BigTuna
2008-12-25 19:37:17 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-25 19:37:17 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-25 19:37:17 ----A---- C:\WINDOWS\system32\java.exe
2008-12-25 19:37:17 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-23 15:27:52 ----D---- C:\WINDOWS\temp
2008-12-23 14:58:22 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\zip.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\VFIND.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\SWSC.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\SWREG.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\sed.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\grep.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\fdsv.exe
2008-12-23 02:53:09 ----D---- C:\WINDOWS\ERDNT
2008-12-23 02:53:09 ----AD---- C:\Qoobox
2008-12-23 02:35:00 ----A---- C:\Rooter.txt
2008-12-23 02:30:58 ----D---- C:\Rooter$
2008-12-22 18:02:24 ----D---- C:\Program Files\Mozilla Firefox
2008-12-22 12:56:01 ----D---- C:\rsit
2008-12-20 21:50:28 ----A---- C:\WINDOWS\atid.ini
2008-12-20 21:50:01 ----D---- C:\Program Files\Common Files\Software Update Utility
2008-12-20 21:49:29 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-20 21:49:21 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-12-20 03:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-10 03:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 03:05:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 03:04:20 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-10 03:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 03:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 03:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-10 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-12-09 17:05:33 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-09 17:05:03 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-12-09 17:01:31 ----D---- C:\Program Files\Windows Media Connect 2
2008-12-09 17:00:47 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-12-09 16:56:05 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-12-09 16:53:15 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-09 16:52:15 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-12-09 12:51:57 ----D---- C:\Program Files\NETGEAR
2008-12-06 20:57:08 ----D---- C:\Documents and Settings\Owner\Application Data\WinMX Music
2008-12-06 20:54:39 ----D---- C:\Program Files\WinMX Music
2008-12-01 15:26:13 ----RA---- C:\WINDOWS\system32\InstMed.exe
2008-12-01 15:25:52 ----A---- C:\WINDOWS\system32\lvcoinst.ini
2008-12-01 15:25:52 ----A---- C:\WINDOWS\system32\lvcoinst.dll
2008-12-01 15:25:51 ----A---- C:\WINDOWS\system32\LVUI2RC.dll
2008-12-01 15:25:51 ----A---- C:\WINDOWS\system32\LVUI2.dll
2008-12-01 15:25:51 ----A---- C:\WINDOWS\system32\lvcodec2.dll
2008-11-30 21:22:57 ----D---- C:\Documents and Settings\Owner\Application Data\FotoWire
2008-11-30 21:22:55 ----D---- C:\Program Files\Common Files\FotoWire
2008-11-26 03:01:36 ----D---- C:\WINDOWS\ie7updates
2008-11-25 11:59:48 ----HD---- C:\WINDOWS\msdownld.tmp
2008-11-25 11:57:57 ----D---- C:\WINDOWS\WBEM
2008-11-25 11:51:38 ----HDC---- C:\WINDOWS\ie7
2008-11-25 11:49:16 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-25 11:42:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-23 21:00:54 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-11-23 21:00:52 ----D---- C:\Program Files\NOS
2008-11-22 21:28:47 ----D---- C:\CA
2008-11-21 07:57:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-21 07:57:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-21 07:56:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-21 07:56:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-21 07:55:25 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-21 07:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-21 07:54:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-21 07:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-21 07:48:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-21 07:48:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-21 07:47:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-21 07:46:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-21 07:46:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-21 07:46:03 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-21 07:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-21 07:45:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-21 07:42:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-21 02:54:08 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-11-20 22:34:42 ----D---- C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-11-11 20:34:00 ----D---- C:\Documents and Settings\Owner\Application Data\Media Player Classic
2008-11-06 16:05:10 ----D---- C:\Program Files\Common Files\Oberon Media
2008-11-05 19:20:15 ----D---- C:\Documents and Settings\All Users\Application Data\Shockwave
2008-10-28 17:36:00 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-10-28 17:36:00 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-10-28 17:35:58 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-10-28 17:35:58 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-10-28 17:35:56 ----A---- C:\WINDOWS\system32\DivX.dll

======List of files/folders modified in the last 3 months======

2009-01-20 15:24:09 ----D---- C:\WINDOWS\Prefetch
2009-01-20 15:01:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-20 14:54:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-20 13:56:14 ----D---- C:\WINDOWS
2009-01-20 13:54:53 ----A---- C:\WINDOWS\disney.ini
2009-01-20 13:54:51 ----D---- C:\Program Files\Disney Interactive
2009-01-19 01:03:02 ----D---- C:\Program Files
2009-01-19 00:04:50 ----A---- C:\caisslog.txt
2009-01-19 00:04:43 ----D---- C:\WINDOWS\system32
2009-01-19 00:04:43 ----D---- C:\Documents and Settings\All Users\Application Data\CA
2009-01-19 00:03:20 ----D---- C:\WINDOWS\system32\drivers
2009-01-18 23:15:54 ----D---- C:\WINDOWS\CAVTemp
2009-01-18 22:50:17 ----SHD---- C:\WINDOWS\Installer
2009-01-18 22:50:08 ----D---- C:\WINDOWS\WinSxS
2009-01-18 22:44:51 ----A---- C:\WINDOWS\SYSTEM.INI
2009-01-18 22:43:30 ----D---- C:\Program Files\Common Files
2009-01-18 22:14:32 ----D---- C:\Program Files\Shockwave.com
2009-01-14 22:04:28 ----HD---- C:\WINDOWS\inf
2009-01-14 14:54:25 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-01-14 13:24:09 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-14 03:05:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-14 03:04:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-13 19:22:44 ----D---- C:\WINDOWS\system32\FxsTmp
2009-01-13 17:39:51 ----AC---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
2009-01-12 12:18:34 ----D---- C:\Documents and Settings\All Users\Application Data\Motive
2009-01-12 02:08:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-09 20:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-07 12:07:10 ----D---- C:\Documents and Settings\Owner\Application Data\Motive
2009-01-01 13:52:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-25 19:36:12 ----D---- C:\Program Files\Java
2008-12-23 23:47:42 ----D---- C:\WINDOWS\AppPatch
2008-12-23 16:22:09 ----D---- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-12-23 08:54:29 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-23 08:44:50 ----D---- C:\WINDOWS\Minidump
2008-12-22 18:03:37 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-12-20 21:53:47 ----D---- C:\Program Files\AIM6
2008-12-20 21:52:19 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-12-20 03:01:38 ----A---- C:\WINDOWS\imsins.BAK
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 03:06:43 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-10 03:06:18 ----D---- C:\Program Files\Internet Explorer
2008-12-09 17:02:46 ----A---- C:\WINDOWS\win.ini
2008-12-09 17:01:29 ----D---- C:\Program Files\Windows Media Player
2008-12-09 17:01:13 ----D---- C:\WINDOWS\Help
2008-12-09 12:52:49 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-09 12:52:37 ----D---- C:\OEMSettings
2008-12-08 19:09:09 ----D---- C:\Program Files\THQ
2008-12-05 10:38:23 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-03 17:29:00 ----D---- C:\Program Files\Oberon Media
2008-12-03 10:59:12 ----D---- C:\Program Files\Logitech
2008-12-01 23:41:11 ----D---- C:\Documents and Settings\Owner\Application Data\DivX
2008-12-01 15:36:40 ----D---- C:\WINDOWS\twain_32
2008-12-01 15:25:33 ----D---- C:\Program Files\Common Files\Logitech
2008-11-27 22:03:50 ----D---- C:\WINDOWS\system32\Restore
2008-11-27 03:02:17 ----D---- C:\WINDOWS\system32\en-us
2008-11-25 11:58:19 ----D---- C:\WINDOWS\system32\config
2008-11-25 11:57:35 ----D---- C:\WINDOWS\Media
2008-11-25 11:35:02 ----D---- C:\Program Files\DivX
2008-11-23 21:54:30 ----D---- C:\Program Files\Google
2008-11-21 22:50:58 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-21 18:41:38 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-21 18:39:24 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-11-21 07:57:22 ----D---- C:\Program Files\Messenger
2008-11-17 08:45:55 ----D---- C:\Program Files\Project64 1.6
2008-11-11 21:03:03 ----D---- C:\Documents and Settings\Owner\Application Data\Winamp
2008-11-11 18:22:28 ----A---- C:\WINDOWS\cdplayer.ini
2008-11-05 17:06:42 ----D---- C:\Program Files\The Learning Company
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2004-01-02 11520]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 usbhub;DSC Composite USB Device; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-03-04 25214]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-03-04 37804]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\Drivers\LMouFlt2.sys [2003-03-04 73134]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-05-27 19968]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2004-05-27 201728]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-30 23808]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 Ca533av;Mega DV(Video); C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-21 515803]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 L8042PR2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\l8042pr2.sys [2003-03-04 53870]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2004-01-02 432000]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBCamera;DSC Still Image Capture (CA533A); C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-12-04 11144]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2004-02-04 134144]
S3 W8335XP;NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys [2005-10-06 280576]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-25 152984]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-22 137200]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-07-06 466944]

-----------------EOF-----------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:19 PM, on 1/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 8238 bytes


Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
Adobe Shockwave Player 11
Agere Systems PCI Soft Modem
AIM 6
Amazing Adventures The Lost Tomb
Arthur's Camping Adventure
Arthur's Preschool
avast! Antivirus
Bejeweled 2 Deluxe
Big Kahuna Reef 2: Chain Reaction
Cartoon Network All-Stars
Clifford Thinking Adventures
Compaq Connections
Compaq Instant Support
Disney's Stanley Tiger Tales
Disney's Winnie the Pooh Preschool
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Updater (AOL LLC)
DV 3100 DRIVER
getPlus® for Adobe
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
Java™ 6 Update 11
JumpStart Advanced Kindergarten
KBD
Logitech Desktop Messenger
Logitech MouseWare 9.76
Logitech Print Service
Logitech QuickCam
Logitech Resource Center
Logitech® Camera Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Plus! for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
PC-Doctor for Windows
Project64 1.6
PS2
QuickTime
RealOne Player
Ricochet Lost Worlds
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Sierra Utilities
Spybot - Search & Destroy
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Verizon Broadband Toolbar (IE only)
Verizon Broadband Toolbar Firefox only
Verizon Online Help and Support
Verizon Servicepoint 1.5.22
Virtools 3D Life Player
Winamp
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinMX Music
WinRAR archiver
XP Codec Pack
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar

thanks for getting to me to help me.

#8 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:15 PM

Posted 21 January 2009 - 09:38 AM

My computer has a backdoor and a p2p and some other adware and spyware.



I have some bad news for you.

Backdoor trojans leave a backdoor open on the system that can allow hacker total and complete access to your computer. Hackers can operate your computer just as if he were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs. Backdoor trojans send your identity information to a third party who may use that information for their own purposes such as identity theft, stolen bank funds, stealing credit card information etc.

Before deciding whether your computer needs cleaning or reformatting, you need to ask yourself some very serious questions.

Do you use your computer for any of the following?
  • Online banking/Business purposes
  • storing sensitive or very personal information
If you answered yes to any of those questions, you should disconnect your computer from the Internet and do a complete format and reinstall. If you use online banking, then you should contact your bank and arrange to have your password changed immediately. You should change any other passwords you use as these may have been compromised.

David Bach's Six Ways to Avoid Identity Theft

Here are six things you need to know to fight back against identity theft:

1. Keep your private information private.

Half of all identity theft in which the thief is identified is committed by a friend, coworker, neighbor, in-home employee, or relative of the victim. So make it a habit not to leave things lying around at home or in the office -- specifically your wallet, checkbook, or anything else containing private or financial information, including your mail.

Also, before you toss anything in the trash containing your private information, be sure to shred it. This isn't new advice, but I'd be remiss not to mention it.

2. Get a copy of your credit reports.

Often, victims of identity theft have no idea their credit is being used or destroyed until they apply for a loan and pull their credit score. So pull your credit report now, and make a plan to check it regularly.

By law, you're entitled to a free credit report from each of the three major credit bureaus -- Equifax, Experian, and TransUnion -- once every year. Go to AnnualCreditReport.com and stagger your requests so that you'll receive one report from each credit bureau every four months. Put the dates on your calendar so you don't forget. Keep in mind that this is for your free credit report only, not your credit score.

For your credit score, you'll need to go to myFICO. While you're there, you may want to check out their Identity Theft Security Deluxe product, which monitors your credit score and credit report automatically for $49.95 a year.

3. Find out if your state has a credit freeze law.

Here's a virtually foolproof way to prevent a thief from stealing your identity and using your personal data to get approved for credit. With this new law you're able to block ("freeze") all access to your credit report and credit score.

It's not necessarily the most convenient solution to protect yourself from fraud. Anytime you need to have your credit checked -- for instance, if you're buying a car or cell phone or even interviewing for a job -- you'll need to lift the block ("thaw" your record), which takes about three days. But if you have real concerns about identity theft or perhaps are already a victim, this is an option you may want to consider.

Some states will only grant a credit freeze if you're already a victim of identity theft. Find out if your state has a credit freeze law, including what it costs, by visiting FinancialPrivacyNow.org.

4. Check your bank statements weekly.

One of the great things about online banking is that you can log on and check your account at any time. Make a point of checking your bank statement weekly to be sure there aren't any red flags.

The same goes for your credit card statements. In fact, you may want to consider canceling your paper statements altogether and opting for online statements. After all, you're more likely to have personal information stolen from your mail than from the Internet.

That said, be sure to always use a secure computer. Using a public computer, like one at your local library, is risky due to tracking software that thieves can use to steal your passwords.

5. Be computer savvy.

Even though a relatively small percentage of identity theft occurs online, you should still take necessary precautions.

In addition to being careful about surfing the web on public computers, you should also be aware of the risks involved when using a wireless connection. Wi-Fi and Bluetooth are becoming increasingly popular, and as a result, there is bound to be an increase in wireless hacking.

Wireless connectivity is the perfect platform for thieves to get your personal data. If you have a wireless network at home or work, make sure you are incorporating password-protection and encryption. When accessing public hotspots, use a personal firewall.

Also, keep your computer safe by updating your antivirus and anti-spyware programs regularly. Use passwords so that others can't log on to your computer, laptop, or even your PDA, and be sure to change your passwords often.

Be smart about phishing scams, too. That's when you're sent an email that requests your personal or financial information, or that prompts you to click a link to provide your personal or financial information. If you're unsure of the legitimacy of such a request, call the company that it was supposedly sent from. If an email seems suspicious, it usually is.

6. Be aware of "deleted" data.

The Washington Post recently ran an article on mobile phones -- specifically "smartphones" like the Palm Treo and BlackBerry -- that was quite an eye-opener.

According to the story, resetting your phone to wipe out personal data doesn't exactly delete information. It turns out that your phone's operating system never actually deletes data, only the pointers to where the data is located. Anyone with the right software can recover information that was stored on your phone once you sell or discard it

You need to do is contact the device manufacturer for complete instructions on what to do to wipe your data clean. You can also visit WirelessRecycling.com for instructions. And think twice about what information you store on your device in case it's ever lost or stolen.

If Your Identity Is Stolen

Take the above steps and -- should you ever find yourself in the unfortunate position of having had your identity stolen -- you'll commend yourself for being proactive enough to identify a problem before too much damage was done.

Don't waste a minute once you've discovered suspicious activity -- go directly to the website of the Federal Trade Commission to file a complaint and access their comprehensive guide on the steps you'll need to follow to resolve the situation.

I recommend backing up your important files and reinstalling everything from scratch. There are so many changes that could have been done if that backdoor was used. Even if we cleaned the infections, it would not help to recover the information that has been compromised and there is no guarantee that your computer would be safe to use.

If you only use your computer for music/games etc, your better option would be to clean it of infections rather than do a reformat. The decision must be made by you.

Here are some informative links to use to help you make a decision:

Danger: Remote Access Trojans

Consumers – Identity Theft

When should I re-format? How should I reinstall?

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Rootkits: The Obscure Hacker Attack

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

Microsoft Says Recovery from Malware Becoming Impossible

How to report ID theft, fraud, drive-by installs, hijacking and malware? (#10451)

However, if you do not have the resources to reformat your computer and reinstall your operating system and programs, I will be happy to attempt to clean it.

Should you have any questions, please feel free to ask.

Please let me know what you have decided to do in your next post.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#9 sunnybo

sunnybo
  • Topic Starter

  • Members
  • 313 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 21 January 2009 - 03:40 PM

first i wanna know if you seen anything in my logs? next i would love to reformat but my windows programs and stuff was preinstalled on computer when i bought it from store, so i dont have a cd. It only came with a microsoft cd to install microsoft stuff. How can i get a new cd to start from scrath? If i start from stracth Can i burn my games on a cd then on comp again or will that give me the visrus again? PLease help and let me know. i only use computer to play music games and browse online sites, but yes some passwords on on here for sites.

#10 sunnybo

sunnybo
  • Topic Starter

  • Members
  • 313 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 22 January 2009 - 08:36 AM

i know your busy but can you try to get back to me thanks.

#11 sunnybo

sunnybo
  • Topic Starter

  • Members
  • 313 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 22 January 2009 - 10:58 PM

hello i dont know what happened but you havent got back to me about my computer problem. please get back to me and help me thanks.

#12 sunnybo

sunnybo
  • Topic Starter

  • Members
  • 313 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 22 January 2009 - 11:01 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-22 23:00:09
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (9%) free of 34 GB
Total RAM: 247 MB (10% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:26 PM, on 1/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Exetender] "C:\Program Files\Verizon Games on Demand Player\GPlayer.exe" /runonstartup
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Verizon Games on Demand Player\GPlayer.exe /runonstartup" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Verizon Games on Demand Player\GPlayer.exe /runonstartup" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 8371 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ParetoLogic Registration.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8398-26FADCF27386}]
Verizon Broadband Toolbar - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL [2008-05-30 1991680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-21 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-22 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-11-21 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-25 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-21 251504]
{A057A204-BACC-4D26-8398-26FADCF27386} - Verizon Broadband Toolbar - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL [2008-05-30 1991680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-04-02 151597]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-03-04 19968]
"LogitechGalleryRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2004-06-01 458752]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2004-05-21 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2004-06-01 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2004-06-01 217088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-25 136600]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2007-09-28 936960]
"VerizonServicepoint.exe"=C:\Program Files\Verizon\VSP\VerizonServicepoint.exe [2008-09-16 2065648]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2004-06-01 196608]
"Exetender"=C:\Program Files\Verizon Games on Demand Player\GPlayer.exe [2008-05-21 2057216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe [1998-05-07 52736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2004-04-02 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-02-06 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-04-02 151597]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-01-21 22:07:52 ----A---- C:\WINDOWS\wininit.ini
2009-01-20 21:11:30 ----D---- C:\Documents and Settings\All Users\Application Data\Verizon Games on Demand Player
2009-01-20 21:11:25 ----D---- C:\Remote Programs
2009-01-20 21:10:24 ----N---- C:\WINDOWS\ExentInfo.exe
2009-01-20 21:10:15 ----D---- C:\Program Files\Verizon Games on Demand Player
2009-01-19 15:30:23 ----D---- C:\Documents and Settings\Owner\Application Data\Move Networks
2009-01-19 01:03:02 ----D---- C:\Program Files\uTorrent
2009-01-19 01:02:55 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2009-01-18 23:45:01 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-01-18 23:44:56 ----D---- C:\Program Files\Alwil Software
2009-01-18 22:42:52 ----SHD---- C:\Config.Msi
2009-01-14 03:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-11 23:47:56 ----D---- C:\fsaua.data
2009-01-10 14:19:39 ----SHD---- C:\RECYCLER
2009-01-10 14:19:34 ----HD---- C:\WINDOWS\PIF
2009-01-07 11:47:16 ----D---- C:\WINDOWS\bin
2009-01-07 11:44:09 ----D---- C:\Program Files\Common Files\Motive
2009-01-07 11:42:34 ----D---- C:\Program Files\Verizon Broadband Firefox Toolbar
2009-01-07 11:42:28 ----D---- C:\Program Files\verizon_broad
2009-01-07 11:42:28 ----D---- C:\Documents and Settings\Owner\Application Data\verizon_broad
2009-01-07 11:32:16 ----D---- C:\Program Files\Verizon
2009-01-06 05:37:55 ----A---- C:\ComboFix.txt
2009-01-05 04:52:38 ----A---- C:\WINDOWS\RussSqr.INI
2009-01-04 05:38:54 ----D---- C:\Program Files\Ricochet Lost Worlds
2009-01-04 05:38:30 ----D---- C:\Program Files\Big Kahuna Reef 2
2009-01-04 04:34:44 ----D---- C:\Program Files\Cartoon Network All-Stars
2009-01-02 12:46:12 ----D---- C:\BigTuna
2008-12-25 19:37:17 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-25 19:37:17 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-25 19:37:17 ----A---- C:\WINDOWS\system32\java.exe
2008-12-25 19:37:17 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-23 15:27:52 ----D---- C:\WINDOWS\temp
2008-12-23 14:58:22 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\zip.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\VFIND.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\SWSC.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\SWREG.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\sed.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\grep.exe
2008-12-23 02:54:00 ----A---- C:\WINDOWS\fdsv.exe
2008-12-23 02:53:09 ----D---- C:\WINDOWS\ERDNT
2008-12-23 02:53:09 ----AD---- C:\Qoobox
2008-12-23 02:35:00 ----A---- C:\Rooter.txt
2008-12-23 02:30:58 ----D---- C:\Rooter$
2008-12-22 18:02:24 ----D---- C:\Program Files\Mozilla Firefox
2008-12-22 12:56:01 ----D---- C:\rsit
2008-12-20 21:50:28 ----A---- C:\WINDOWS\atid.ini
2008-12-20 21:50:01 ----D---- C:\Program Files\Common Files\Software Update Utility
2008-12-20 21:49:29 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-20 21:49:21 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-12-20 03:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-10 03:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 03:05:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 03:04:20 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-10 03:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 03:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 03:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-10 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-12-09 17:05:33 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-09 17:05:03 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-12-09 17:01:31 ----D---- C:\Program Files\Windows Media Connect 2
2008-12-09 17:00:47 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-12-09 16:56:05 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-12-09 16:53:15 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-09 16:52:15 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-12-09 12:51:57 ----D---- C:\Program Files\NETGEAR
2008-12-06 20:57:08 ----D---- C:\Documents and Settings\Owner\Application Data\WinMX Music
2008-12-06 20:54:39 ----D---- C:\Program Files\WinMX Music
2008-12-01 15:26:13 ----RA---- C:\WINDOWS\system32\InstMed.exe
2008-12-01 15:25:52 ----A---- C:\WINDOWS\system32\lvcoinst.ini
2008-12-01 15:25:52 ----A---- C:\WINDOWS\system32\lvcoinst.dll
2008-12-01 15:25:51 ----A---- C:\WINDOWS\system32\LVUI2RC.dll
2008-12-01 15:25:51 ----A---- C:\WINDOWS\system32\LVUI2.dll
2008-12-01 15:25:51 ----A---- C:\WINDOWS\system32\lvcodec2.dll
2008-11-30 21:22:57 ----D---- C:\Documents and Settings\Owner\Application Data\FotoWire
2008-11-30 21:22:55 ----D---- C:\Program Files\Common Files\FotoWire
2008-11-26 03:01:36 ----D---- C:\WINDOWS\ie7updates
2008-11-25 11:59:48 ----HD---- C:\WINDOWS\msdownld.tmp
2008-11-25 11:57:57 ----D---- C:\WINDOWS\WBEM
2008-11-25 11:51:38 ----HDC---- C:\WINDOWS\ie7
2008-11-25 11:49:16 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-25 11:42:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-23 21:00:54 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-11-23 21:00:52 ----D---- C:\Program Files\NOS
2008-11-22 21:28:47 ----D---- C:\CA
2008-11-21 07:57:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-21 07:57:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-21 07:56:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-21 07:56:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-21 07:55:25 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-21 07:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-21 07:54:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-21 07:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-21 07:48:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-21 07:48:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-21 07:47:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-21 07:46:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-21 07:46:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-21 07:46:03 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-21 07:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-21 07:45:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-21 07:42:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-21 02:54:08 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-11-20 22:34:42 ----D---- C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-11-11 20:34:00 ----D---- C:\Documents and Settings\Owner\Application Data\Media Player Classic
2008-11-06 16:05:10 ----D---- C:\Program Files\Common Files\Oberon Media
2008-11-05 19:20:15 ----D---- C:\Documents and Settings\All Users\Application Data\Shockwave
2008-10-28 17:36:00 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-10-28 17:36:00 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-10-28 17:35:58 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-10-28 17:35:58 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-10-28 17:35:56 ----A---- C:\WINDOWS\system32\DivX.dll

======List of files/folders modified in the last 3 months======

2009-01-22 22:59:37 ----D---- C:\WINDOWS\Prefetch
2009-01-22 22:46:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-22 22:46:14 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-21 23:09:49 ----D---- C:\Temp
2009-01-21 22:07:52 ----D---- C:\WINDOWS
2009-01-21 22:07:51 ----D---- C:\Program Files
2009-01-21 22:07:51 ----AC---- C:\WINDOWS\ka.ini
2009-01-21 22:07:05 ----A---- C:\WINDOWS\disney.ini
2009-01-21 22:06:48 ----D---- C:\Program Files\Disney Interactive
2009-01-21 22:06:47 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-21 22:01:53 ----D---- C:\Program Files\The Learning Company
2009-01-20 21:10:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-19 00:04:50 ----A---- C:\caisslog.txt
2009-01-19 00:04:43 ----D---- C:\WINDOWS\system32
2009-01-19 00:04:43 ----D---- C:\Documents and Settings\All Users\Application Data\CA
2009-01-19 00:03:20 ----D---- C:\WINDOWS\system32\drivers
2009-01-18 23:15:54 ----D---- C:\WINDOWS\CAVTemp
2009-01-18 22:50:17 ----SHD---- C:\WINDOWS\Installer
2009-01-18 22:50:08 ----D---- C:\WINDOWS\WinSxS
2009-01-18 22:44:51 ----A---- C:\WINDOWS\SYSTEM.INI
2009-01-18 22:43:30 ----D---- C:\Program Files\Common Files
2009-01-18 22:14:32 ----D---- C:\Program Files\Shockwave.com
2009-01-14 22:04:28 ----HD---- C:\WINDOWS\inf
2009-01-14 14:54:25 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-01-14 13:24:09 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-14 03:05:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-14 03:04:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-13 19:22:44 ----D---- C:\WINDOWS\system32\FxsTmp
2009-01-13 17:39:51 ----AC---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
2009-01-12 12:18:34 ----D---- C:\Documents and Settings\All Users\Application Data\Motive
2009-01-09 20:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-07 12:07:10 ----D---- C:\Documents and Settings\Owner\Application Data\Motive
2009-01-01 13:52:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-25 19:36:12 ----D---- C:\Program Files\Java
2008-12-23 23:47:42 ----D---- C:\WINDOWS\AppPatch
2008-12-23 16:22:09 ----D---- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-12-23 08:54:29 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-23 08:44:50 ----D---- C:\WINDOWS\Minidump
2008-12-22 18:03:37 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-12-20 21:53:47 ----D---- C:\Program Files\AIM6
2008-12-20 21:52:19 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-12-20 03:01:38 ----A---- C:\WINDOWS\imsins.BAK
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 03:06:43 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-10 03:06:18 ----D---- C:\Program Files\Internet Explorer
2008-12-09 17:02:46 ----A---- C:\WINDOWS\win.ini
2008-12-09 17:01:29 ----D---- C:\Program Files\Windows Media Player
2008-12-09 17:01:13 ----D---- C:\WINDOWS\Help
2008-12-09 12:52:37 ----D---- C:\OEMSettings
2008-12-08 19:09:09 ----D---- C:\Program Files\THQ
2008-12-05 10:38:23 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-03 17:29:00 ----D---- C:\Program Files\Oberon Media
2008-12-03 10:59:12 ----D---- C:\Program Files\Logitech
2008-12-01 23:41:11 ----D---- C:\Documents and Settings\Owner\Application Data\DivX
2008-12-01 15:36:40 ----D---- C:\WINDOWS\twain_32
2008-12-01 15:25:33 ----D---- C:\Program Files\Common Files\Logitech
2008-11-27 22:03:50 ----D---- C:\WINDOWS\system32\Restore
2008-11-27 03:02:17 ----D---- C:\WINDOWS\system32\en-us
2008-11-25 11:58:19 ----D---- C:\WINDOWS\system32\config
2008-11-25 11:57:35 ----D---- C:\WINDOWS\Media
2008-11-25 11:35:02 ----D---- C:\Program Files\DivX
2008-11-23 21:54:30 ----D---- C:\Program Files\Google
2008-11-21 22:50:58 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-21 18:41:38 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-21 18:39:24 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-11-21 07:57:22 ----D---- C:\Program Files\Messenger
2008-11-17 08:45:55 ----D---- C:\Program Files\Project64 1.6
2008-11-11 21:03:03 ----D---- C:\Documents and Settings\Owner\Application Data\Winamp
2008-11-11 18:22:28 ----A---- C:\WINDOWS\cdplayer.ini
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2004-01-02 11520]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 usbhub;DSC Composite USB Device; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R2 X4HSX32Ex;X4HSX32Ex; \??\C:\Program Files\Verizon Games on Demand Player\X4HSX32Ex.Sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-03-04 25214]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-03-04 37804]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\Drivers\LMouFlt2.sys [2003-03-04 73134]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-05-27 19968]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2004-05-27 201728]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-30 23808]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 Ca533av;Mega DV(Video); C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-21 515803]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 L8042PR2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\l8042pr2.sys [2003-03-04 53870]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2004-01-02 432000]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBCamera;DSC Still Image Capture (CA533A); C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-12-04 11144]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2004-02-04 134144]
S3 W8335XP;NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys [2005-10-06 280576]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-25 152984]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-22 137200]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-07-06 466944]

-----------------EOF-----------------


now please read through this and help me with my computer thanks.

#13 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:15 PM

Posted 23 January 2009 - 03:56 AM

irst i wanna know if you seen anything in my logs? next i would love to reformat but my windows programs and stuff was preinstalled on computer when i bought it from store, so i dont have a cd. It only came with a microsoft cd to install microsoft stuff. How can i get a new cd to start from scrath? If i start from stracth Can i burn my games on a cd then on comp again or will that give me the visrus again? PLease help and let me know. i only use computer to play music games and browse online sites, but yes some passwords on on here for sites.


Check with the store where you bought your computer to see if they can tell you how to get the operating system CD.
You could scan your games for malware and reload but you still risk getting the backdoor trojan because there is no way of knowing what files it has affected. To be absolutely safe, you should download your games again and start with a clean slate.

I do not see any obvious signs of malware. Let's do some general cleaning.

Step 1

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 2

In Normal Mode, run an online malware check from at least two and preferably three (one may catch something that another one may not) of the following sites
BitDefender
Computer Associates Online Virus Scan
Kaspersky Online Virus Scanner
McAfee FreeScan
Panda's ActiveScan
Trend Micro™ HouseCall
Windows Live Safety Center Free Online Scan
WindowSecurity.com TrojanScan
When you have completed the scans, if you get a report of files that cannot be cleaned / deleted, make a note of the file location of anything that cannot be cleaned / deleted. Please edit the log(s) and remove:
  • items listed as "Object is locked skipped"
  • items reported that are in a quarantine folder
Please post the edited list in your next reply.

Step 3
  • Please download Ad-Aware 2008 Free to your desktop. The Ad-Aware 2008 Free installation file will be aaw2008.msi or aaw2008.exe.
  • Double-click the file and follow the on-screen instructions in the Installation Wizard to install.
  • When the Please Enter Your License Information screen appears, click Cancel and Ad-Aware 2008 Free will be installed.
  • When the Ad-Aware 2008 Has Been Successfully Installed Screen appears, click Finish to complete the installation and to launch Ad-Aware 2008 Free.
  • The Status screen will appear. You will see four sections.
    • System Protection Status section where you will see Real Time Protection with a check in the Off dialog box and Automatic Updates with a check in the On dialog box.
    • Update Status section
    • System Scan section
    • License Status section where you will see that the Type: will be Free Edition and License Expires in: Never.
  • In the list on the left of the screen, click Scan. You will be given a choice of Smart Scan, Full Scan, and Custom Scan. (Scheduler on the right of the screen is only available in Ad-Aware 2008 Plus and Ad-Aware Pro.)
  • In the list on the left of the screen, click Settings > Scanning tab. Use the default settings unless you see some changes that you want to make.
  • In the list on the left of the screen, click Status. In the System Scan section, click Scan Now.
  • When the scan finishes, the Critical Objects tab window appears.
  • Under Scan Results, you will see the list of Critical Objects that Ad-Aware 2008 Free found. You are given three choices, Add to ignore, Quarantine, Remove, and System Restore. You may choose to create a System Restore Point prior to removing any objects that you are unsure of removing or after a scan when you know the system is clean. If Critical Objects are found, select all objects found (right click anywhere in the list of found objects and click "Select All Objects").
  • Click Remove.
  • If no Critical Objects are found, click the Privacy Objects tab.
  • If there are Privacy Objects listed, select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Select Add to ignore or Remove..
  • Click Remove.
  • If no Privacy Objects are found, click the Log File tab to see the statistics of the Ad-Aware 2008 Free scan.
  • Click Finish.
  • The next screen shows you the Scan Summary in the left panel and System Restore in the right panel.
    • You may choose to create a System Restore Point prior to removing any objects that you are unsure of removing or after a scan when you know the system is clean. If you choose to create a System Restore Point, click Set.
    • You may want to export the results Click Export and save the log on your computer .
    • Click Scan Again to repeat the scan.
  • You will be returned to the Status screen. Click on the X in the upper right corner to exit Ad-Aware 2008 Free.
Step 4

I recommend using Spyware Blaster.
  • Please download SpywareBlaster and save it to your desktop.
  • Double click on it to install the program.
  • Follow the prompts and choose the default locations when installing the program.
  • When the program is installed, it will place an icon on your desktop.
  • Double click on the SpywareBlaster icon and you will be presented with a brief tutorial. On the first page of this tutorial, you will see some of the SpywareBlaster features
  • Click on the Next button to proceed to the second page of the tutorial.
  • If you want to purchase the software, then you should select Automatic Updating. If you do not plan on purchasing the software, then you should select the option for Manual Updating. Press the Next button.
  • At the next screen, click Finish.
  • At the next screen, Protection Status, click Enable All Protection.
  • Click Download Latest Protection Updates. This will ensure that SpywareBlaster has the latest definitions so that it can protect your browser more efficiently. You should update SpywareBlaster regularly, as much as every few days, in order to provide the best protection. Each time you update, be sure to click Enable All Protection.
Step 5

Malwarebytes' Anti-Malware is FREEWARE, however you may upgrade to the PRO version which contains realtime protection, scheduled scanning and updating.
  • Please download Malwarebytes Anti-Malware (MBAM). Alternate download link
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing scan. If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from the Malware Bytes Web site. Scroll down the page until you see Latest Database; click Download from GT500.org
  • Double-click on mbam-rules.exe to install.
  • On the Scanner tab, make sure the Perform Quick Scan option is selected.
  • Click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and Scan in progress will show at the top. It may take some time to complete; please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully.
  • At the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
  • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Step 6
  • Please download SUPERAntiSpyware (SAS) - SUPERAntiSpyware Free Version For Home Users
  • Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options, make sure the following are checked:
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
  • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software, click Scan your computer.
  • On the left, check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • To retrieve the removal information, please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose Copy.
    • Click Close and Close again to exit the program.
  • Please post that information with a new HijackThis log.
Step 7
  • Please download the ATF-Cleaner by Atribune.
  • Double-click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch (Windows XP) only
    • Java Cache
  • The rest are optional - if you want to remove them all, check Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • Follow the same steps for Firefox or Opera. You have the option of checking No if you want to save your passwords.
  • Click Exit on the Main menu to close the program.
Do not run it yet.

Step 8
  • According to your Internet connection, please disconnect from the Internet. Close ALL browser windows (including this one).
    • Physically remove the cable for your broadband Internet service “Always On” Connection from your computer.
    • Turn your modem off.
    • Disconnect your modem cable from your computer.
  • Turn the device off for Hand-held wireless connections.
  • Exit all processes and items in your System tray.
Step 9

During the process of removing malware from your computer, there are times you may need to use specialized fix tools. Certain embedded files that are part of these specialized fix tools may be detected by your antivirus or anti-malware scanner as a RiskTool, Hacking tool, Potentially unwanted tool, a virus or a Trojan when that is not the case.
These tools have been carefully created and tested by security experts so if your antivirus or anti-malware program flags them as malware, then it is a False Positive. Antivirus scanners cannot distinguish between good and malicious use of such programs; therefore, they may alert you or even automatically remove them. In these cases, the removal of these files can have unpredictable results and unintentional results.
To avoid any problems while using a specialized fix tool, it is very important that you temporarily disable your antivirus and/or anti-malware programs before using the specialized fix tool.
When your system has been cleaned, it is important that you enable your security programs to avoid reinfection.
Please disable the following program(s):

SUPERAntiSpyware

We need to disable SUPERAntiSpyware as it may interfere with the fixes that we need to make.
  • Right click on the icon in your System Tray.
  • Click Exit
  • Make sure that the program, SUPERAntiSpyware itself, is also closed/not running.
Now we will address the HijackThis fixes.

Step 10

Please run HijackThis and click Scan. Place checks next to the following entries (make sure not to miss any):

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)


Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Step 11

Optional Fixes is the name that we use for fixes for unnecessary programs that load during startup and run in the background. These programs are not required to start automatically as you can start them manually if you need them. You would be removing the program from your startup but you would not be removing the program itself.

Your computer may be sluggish due to the many programs loading during startup and running in the background that are not necessary. Windows has a facility for starting programs at startup time. Some of these programs are required for your computer and the applications installed on it to run correctly. A good example of such a program is a virus-checking application that must always run, constantly checking for and isolating or removing files with viruses. Other such programs are not strictly required, or are optional. In some cases, you can gain significant performance enhancements by disabling the automatic startup of these programs. In many cases, the functionality offered by the programs is still available by starting the programs manually by, for example, starting the program from the Windows Start->Programs menu. Media players and instant messaging programs often fall into this category. In fact, it is common for many modern software applications, when installed, to add programs at startup that add items to the system tray or shortcut (context) menus in Windows Explorer to provide quick access to the features and functions of these applications. While they may be useful, they do increase boot time and consume system resources. It is advised that you disable these programs so that they do not take up necessary resources or slow the boot time.

Other than ScanRegistry, SystemTray, StateMgr, antivirus program entries, and firewall program entries, very few others need to load and run.

Read the articles below to see if it applies to your computer problem with being slow to respond.
Slow_Computer_Check_here_first_it_may_not_be_malware.
Help! My computer is slow!
50 Tips for a Super Fast PC
4 Ways to Speed Up Your Computer's Performance
It's not always malware: How to fix the top 10 Internet Explorer issues

If you decide that you want to stop the Optional Fixes in your startup, let me know and I will give you a list with instructions. You would be removing the program from your startup but you would not be removing the program itself.

Step 12

Let’s run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Step 13

A Firewall is an essential part of computer security and you do not appear to have a third party software firewall running on your system. If you have one, and I missed it, please ignore this. The firewalls in Windows XP SP2 and SP3 are more effective than that in SP1, but neither filters outbound traffic (traffic going out from your computer to the Internet). In SP2 and SP3 the firewall is ON by default, but in SP1 it is OFF by default. In Vista, the firewall operates both inbound and outbound, but by default, most outbound filtering in the Windows Vista firewall is turned off.

A third party firewall is generally considered to be more effective and more configurable and usually works on both inbound and outbound traffic.

There are several firewalls that provide better protection than the Windows SP2/SP3 firewalls. Follow these steps to turn off/disable the Windows Firewall before installing a new firewall:
  • Download the new firewall to your desktop.
  • Disconnect from the Internet.
  • Click Start > Control Panel.
  • Switch to Classic View if you have not already done so.
  • Double click on the Windows Firewall icon.
  • Click Off (Not recommended).
  • Install the new Firewall.
Do not attempt to run two software firewalls since like running two antivirus programs, they will possibly cause problems and conflict with each other.

There are a few firewalls available for free that appear to be good and easy to use:For more information about firewalls, and why a two-way firewall is better than the Windows XP one-way firewall, please read Understanding and Using Firewalls.

Step 14

Please run HijackThis in Normal Mode and post:
  • the list of file names and locations for any files that cannot be cleaned / deleted that were reported after you completed the online scans.
  • the log from MalwareBytes
  • the log from SUPERAntiSpyware
  • a new HijackThis log
Please advise me of any problems you still have.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#14 sunnybo

sunnybo
  • Topic Starter

  • Members
  • 313 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 23 January 2009 - 11:55 AM

ok i will do this step by step and one step at a time and post back when im done, or might post log after each thing done. ok. thanks.

#15 sunnybo

sunnybo
  • Topic Starter

  • Members
  • 313 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 23 January 2009 - 04:33 PM

ok i did one scan so far it took 3 hours. I did the first scan with windows live one care online scanner. Ok it came up with this. but it didnt provide me with no log to copy and paste. sorry. i wrote the things down here they go.

Trojan:win32/murdak.a C:system volume information/_restore {ed1ad764-6ee8-45d8-b9bd-559926e4c6fo}\rp450\aol36690.exe (4px)\rarsfx)\32788r22 fwjw/catchme.CFexe\(upx) not cleaned.


Trojan:win32/Vburses.n C:documents and setting/ owner r/destop/atfcleaner.exe cleaned.

Now im gonna do another scan and see what comes up. thanks. please keep in touch with me so i know your still helping me. thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users