Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Vundo / Trojan.Zlob


  • This topic is locked This topic is locked
15 replies to this topic

#1 deepthinka

deepthinka

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 16 March 2009 - 11:08 AM

of course, i feel like ive got it cleaned, but ive read that its a tough one to keep away. ive run malwarebytes and successfully removed it. did this in safe mode. ive re-run and malewarebytes says im good to go. however there is a dll entry in my registry which wont stay deleted. it appears that the dll file itself is gone, but the rundll entry itself keeps coming back (instantly!) so clearly im not 100% clean. the dll is called kozanawi.dll and it indeed shows up several times in the hijackthis.

here is my hijackthis log, below that is the malewarebytes log when it found the infections...any help would be greatly appreciated!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:50 PM, on 3/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deepthinka.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.deepthinka.com"); (C:\Documents and Settings\TONE\Application Data\Mozilla\Profiles\default\ewc7zmb9.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TONE\Application Data\Mozilla\Profiles\default\ewc7zmb9.slt\prefs.js)
O2 - BHO: {d571fc57-6309-ba28-a344-d09f73a96620} - {02669a37-f90d-443a-82ab-903675cf175d} - C:\WINDOWS\system32\ggqoxo.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2a103a62-e7cd-4e56-bb86-290c71283f03} - C:\WINDOWS\system32\junepoha.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [jinavisahi] Rundll32.exe "C:\WINDOWS\system32\kozanawi.dll",s
O4 - HKCU\..\Run: [DesktopX] ""C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX Builder.exe" -noui"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [jinavisahi] Rundll32.exe "C:\WINDOWS\system32\kozanawi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [jinavisahi] Rundll32.exe "C:\WINDOWS\system32\kozanawi.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://antivirus.itbox.ro/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\nojezeve.dll ggqoxo.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10036 bytes


-----------------------------------------------------

MALEWAREBYTES

Malwarebytes' Anti-Malware 1.09
Database version: 507

Scan type: Quick Scan
Objects scanned: 10381
Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\fokipize.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} (Trojan.Zlob) -> Delete on reboot.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} (Trojan.Zlob) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\fokipize.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ezipikof.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wimavapa.dll (Trojan.Zlob) -> Delete on reboot.

BC AdBot (Login to Remove)

 


#2 deepthinka

deepthinka
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 16 March 2009 - 12:21 PM

and of course, after opening a web browser, malewarebytes find 6 more infected items, the log is below. PLEASE HELP!!

Malwarebytes' Anti-Malware 1.09
Database version: 507

Scan type: Quick Scan
Objects scanned: 29441
Time elapsed: 4 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\jobaruse.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\jobaruse.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\esuraboj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\yujupaye.dll (Trojan.Zlob) -> Delete on reboot.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 27 March 2009 - 06:23 PM

Hello.

Let's see what we can do. I need an updated log so run this tool below please.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.



Download and run OTListIT2

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Post both logs in your next reply please.
Update MBAM and Run a Quick Scan

Your Database version is EXTREMELY OUTDATED. Outdated datbase WILL have a tough time on infections that have been updated.
  • Open Malwarebytes Anti-Malware
  • On the main page select the Update Tab
  • Click the bold button on that tab called "Check for Updates"
  • It will now check for updates. Since you did not update for a long time it WILL take a while
  • After the update is succesfully updated, go back to the Scanner Tab
  • Make sure "Perform Quick-Scan" has a dot beside it.
  • Now click Scan.
  • Once it's finished a log will be produced also can be found at the Logs Tab.
  • Post the log in your next reply.

In your next reply please include the following:
  • OTListIt.txt
  • MBAM log
  • Description of Problems you still have

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 deepthinka

deepthinka
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 28 March 2009 - 12:40 PM

thanks for your assistance extreme..... so I've down all as instructed.


#1: the problems i'm still having: web popups, various things, like the fake virus defender screens, etc.... also general computer slowness and network connectivity problems....

#2 OTLlist.txt
OTListIt logfile created on: 3/28/2009 12:46:41 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Tone\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.40 Mb Total Physical Memory | 442.08 Mb Available Physical Memory | 43.20% Memory free
2.40 Gb Paging File | 1.91 Gb Available in Paging File | 79.57% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 9.36 Gb Free Space | 16.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DTRLAPTOP
Current User Name: Tone
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/10/18 18:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/18 17:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/18 18:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2005/05/10 14:31:22 | 00,241,664 | ---- | M] (Stardock) -- C:\Program Files\Common Files\stardock\SDMCP.exe
PRC - [2006/11/01 12:48:12 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2006/11/01 12:48:10 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2008/03/19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2008/03/19 18:31:42 | 00,102,096 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2007/04/04 18:56:04 | 00,549,256 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/10/18 17:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2005/08/03 18:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2005/08/05 13:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2006/03/08 12:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/11/01 12:48:12 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.exe
PRC - [2006/10/18 18:04:28 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2006/10/18 17:58:16 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2007/04/04 18:56:04 | 00,950,664 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exe
PRC - [2005/10/07 14:13:38 | 00,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/05/10 22:46:20 | 00,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2004/06/28 23:56:12 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\HidFind.exe
PRC - [2005/07/27 16:41:08 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/03/19 18:31:42 | 00,380,624 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
PRC - [2009/02/19 21:43:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2006/10/18 17:53:24 | 00,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2008/06/25 17:08:04 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/03/12 20:56:54 | 13,498,664 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/28 12:42:22 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tone\Desktop\OTListIt2.exe
PRC - [2008/09/10 16:35:38 | 00,063,024 | ---- | M] (iLike) -- C:\Program Files\iLike\1.2.13\ilikesidebar.exe
PRC - [2008/04/13 20:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/06 00:04:38 | 00,015,376 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
PRC - [2009/03/06 00:04:54 | 00,518,120 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/03/19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2007/04/04 19:10:36 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])
SRV - [2006/10/18 18:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/06/25 17:08:04 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/03/19 18:31:42 | 00,102,096 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])
SRV - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 04:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/04/04 18:56:04 | 00,549,256 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn [Auto | Running])
SRV - [2003/07/28 16:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/18 17:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2006/10/18 17:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2005/08/03 18:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2006/10/18 18:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2006/11/01 12:48:12 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2007/08/07 13:56:58 | 00,009,344 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter [On_Demand | Stopped])
DRV - [2007/04/05 09:45:11 | 00,021,425 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2007/04/04 18:56:04 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running])
DRV - [2005/09/28 20:57:18 | 00,113,847 | R--- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2005/08/03 23:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [1997/06/05 10:06:08 | 00,060,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\av360cn.sys -- (Av360cn [Auto | Running])
DRV - [1997/06/13 18:57:46 | 00,071,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\av363cn.sys -- (Av363cn [Auto | Running])
DRV - [2004/05/26 15:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2004/12/13 17:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/05/03 15:08:50 | 00,208,384 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
DRV - [2005/05/03 15:09:28 | 01,033,728 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS -- (HSF_DPV [On_Demand | Running])
DRV - [2008/03/19 18:31:40 | 00,015,696 | ---- | M] () -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.sys -- (MBAMDrvService [Auto | Running])
DRV - [2004/03/17 12:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/04/04 18:56:04 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [System | Running])
DRV - [2004/08/10 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/10/19 09:29:22 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006/03/16 16:24:04 | 00,035,712 | ---- | M] (Cristalink Ltd) -- C:\WINDOWS\System32\Drivers\SeratoUsb.sys -- (SeratoUsb [On_Demand | Stopped])
DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2005/03/10 16:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97 [On_Demand | Running])
DRV - [2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Running])
DRV - [2008/04/13 15:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2006/10/25 07:24:38 | 02,208,768 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2005/05/03 15:08:44 | 00,705,408 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.deepthinka.com/
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\S-1-5-21-1606980848-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\S-1-5-21-1606980848-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"
FF - prefs.js..browser.search.opensidebarsearchpanel: false
FF - prefs.js..browser.startup.homepage: "http://www.deepthinka.com"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.87
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 7
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/16 11:06:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/16 11:06:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\PROGRAM FILES\NETSCAPE\NETSCAPE\COMPONENTS [2009/03/27 20:18:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\PROGRAM FILES\NETSCAPE\NETSCAPE\PLUGINS [2009/03/15 16:12:55 | 00,000,000 | ---D | M]

[2008/09/21 23:54:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tone\Application Data\mozilla\Extensions
[2008/09/21 23:54:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tone\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/28 00:27:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tone\Application Data\mozilla\Firefox\Profiles\g0cjfg29.default\extensions
[2008/09/08 09:57:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tone\Application Data\mozilla\Firefox\Profiles\g0cjfg29.default\extensions\firefox@tvunetworks.com
[2009/03/28 12:45:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/16 11:06:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/16 11:12:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/02/19 21:43:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/19 21:43:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 15:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 15:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 15:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 15:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 15:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 15:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 15:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2a103a62-e7cd-4e56-bb86-290c71283f03} - C:\WINDOWS\system32\junepoha.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (no name) - {fdbeaba5-afc3-484a-95fb-cad899587293} - C:\WINDOWS\system32\icbokl.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE (Eset )
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKU\S-1-5-19..\Run: [jinavisahi] Rundll32.exe "C:\WINDOWS\system32\kozanawi.dll",s File not found
O4 - HKU\S-1-5-20..\Run: [jinavisahi] Rundll32.exe "C:\WINDOWS\system32\kozanawi.dll",s File not found
O4 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003..\Run: [DesktopX] ""C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX Builder.exe" -noui" ()
O4 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\Tone\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\imon.dll (Eset )
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://antivirus.itbox.ro/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\nojezeve.dll) - C:\WINDOWS\system32\nojezeve.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\yujupaye.dll) - c:\windows\system32\yujupaye.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\pufajahe.dll) - c:\windows\system32\pufajahe.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\pegafege.dll) - c:\windows\system32\pegafege.dll File not found
O20 - AppInit_DLLs: (icbokl.dll) - C:\WINDOWS\system32\icbokl.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\kiramega.dll) - c:\windows\system32\kiramega.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\MCPClient: DllName - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll - C:\Program Files\Common Files\stardock\MCPStub.dll (Stardock)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\stardock\MCPCore.dll (Stardock)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - CLSID or File not found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/04 17:47:33 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{40066c1c-8cd9-11dd-a606-001422e423f1}\Shell - "" = AutoRun
O33 - MountPoints2\{40066c1c-8cd9-11dd-a606-001422e423f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{40066c1c-8cd9-11dd-a606-001422e423f1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6f38fd8c-ed2a-11dc-a57e-001422e423f1}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{a050cc47-55bd-11dd-a5d9-0013cee7e761}\Shell - "" = AutoRun
O33 - MountPoints2\{a050cc47-55bd-11dd-a5d9-0013cee7e761}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{abb920cf-0e38-11de-a6a0-0013cee7e761}\Shell - "" = AutoRun
O33 - MountPoints2\{abb920cf-0e38-11de-a6a0-0013cee7e761}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{abb920cf-0e38-11de-a6a0-0013cee7e761}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{abb920d0-0e38-11de-a6a0-0013cee7e761}\Shell\AutoRun\command - "" = F:\LORInstall169.exe -- File not found
O33 - MountPoints2\{acc971b1-a925-11dd-a622-001422e423f1}\Shell - "" = AutoRun
O33 - MountPoints2\{acc971b1-a925-11dd-a622-001422e423f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{acc971b1-a925-11dd-a622-001422e423f1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bcc74c95-bd95-11dd-a654-001422e423f1}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{c4d43fcd-8dbd-11dd-a609-0013cee7e761}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{dc8773a8-ac1e-11dd-a627-001422e423f1}\Shell\AutoRun\command - "" = F:\.\RapidBlogManager.exe -- File not found
O33 - MountPoints2\{eb47cbae-82a1-11dc-a4ef-0013cee7e761}\Shell\AutoRun\command - "" = E:\Installer.exe -- File not found
O33 - MountPoints2\{ef61a998-b082-11dd-a636-001422e423f1}\Shell - "" = AutoRun
O33 - MountPoints2\{ef61a998-b082-11dd-a636-001422e423f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ef61a998-b082-11dd-a636-001422e423f1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/03/28 12:49:55 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/28 12:49:49 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/28 12:41:53 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tone\Desktop\OTListIt2.exe
[2009/03/28 11:40:54 | 00,513,631 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwcdfacepaisleyprint.jpg
[2009/03/28 11:27:25 | 00,142,641 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\PAISLEY.JPG
[2009/03/27 17:02:06 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\BDW SIMPLE CD FACE.jpg
[2009/03/26 15:50:01 | 10,731,80672 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/26 14:29:01 | 00,372,717 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseweb.jpg
[2009/03/25 18:31:48 | 01,910,808 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseparty.png
[2009/03/25 18:31:26 | 02,163,304 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseparty.ai
[2009/03/25 18:07:38 | 05,374,705 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwposter.jpg
[2009/03/25 17:57:15 | 05,229,087 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Picking Up The Pieces.mp3
[2009/03/25 12:47:05 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\distro.xls
[2009/03/25 10:05:47 | 00,190,969 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwcdface2.jpg
[2009/03/24 18:30:41 | 00,028,332 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\cropped-geb-banner.jpg
[2009/03/24 15:10:28 | 00,030,316 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\sitemap.html
[2009/03/23 19:13:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\TME album art
[2009/03/23 15:24:51 | 05,746,034 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Duece Midnite street 1.mp3
[2009/03/23 15:24:44 | 05,267,993 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Duece Midnight Dance 1.mp3
[2009/03/20 11:03:01 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\leather tour.xls
[2009/03/20 09:54:53 | 07,405,694 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\BMZ.zip
[2009/03/18 15:39:53 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/03/18 11:52:19 | 00,635,392 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\tom letter.doc
[2009/03/18 10:49:02 | 00,154,077 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwcdface.jpg
[2009/03/18 06:28:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\90s inst
[2009/03/18 00:15:00 | 00,142,336 | -HS- | C] () -- C:\WINDOWS\System32\icbokl.dll
[2009/03/17 19:51:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\national threat
[2009/03/17 14:37:48 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\april scion shows.xls
[2009/03/17 01:08:39 | 57,668,8360 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Big.Love.S03E09.HDTV.XviD-0TV.avi
[2009/03/17 00:14:16 | 00,141,312 | -HS- | C] () -- C:\WINDOWS\System32\araqxp.dll
[2009/03/16 18:11:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\SITW APRIL 29
[2009/03/16 12:02:59 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\HijackThis.lnk
[2009/03/16 12:01:44 | 00,000,000 | ---D | C] -- C:\Combofix
[2009/03/16 11:47:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/03/16 11:15:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/03/16 11:14:18 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF32276.exe
[2009/03/16 11:08:40 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31068.exe
[2009/03/15 18:40:25 | 00,011,919 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\dtr.csv
[2009/03/15 16:16:30 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/15 16:15:34 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/03/15 16:15:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/15 16:13:36 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/15 16:10:55 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/03/15 16:10:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Local Settings\Application Data\Apple
[2009/03/15 16:10:11 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/03/15 16:09:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/03/15 16:09:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/03/15 12:13:48 | 00,141,824 | -HS- | C] () -- C:\WINDOWS\System32\ktobif.dll
[2009/03/13 09:35:26 | 00,006,667 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Untitled.ses
[2009/03/10 23:58:08 | 07,201,199 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\08-stat_quo-intermission.mp3
[2009/03/10 16:56:04 | 03,153,468 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\4_Panel_digiPak.psd
[2009/03/10 16:56:04 | 00,783,766 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\4_Panel_digiPak.eps
[2009/03/09 12:42:31 | 00,035,644 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\DTR DISTRO - 03-09-09.htm
[2009/03/09 12:42:07 | 00,099,041 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\distro contact - 03-09-09.htm
[2009/03/08 19:52:55 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/08 19:51:03 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/03/08 19:33:00 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/03/08 19:32:55 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/03/08 19:32:54 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/03/08 19:31:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/08 19:29:51 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/08 19:17:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/03/08 13:55:28 | 00,000,000 | ---D | C] -- C:\Program Files\MAM
[2009/03/08 13:50:04 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/07 18:45:26 | 02,234,245 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\EDREYS01.mp3
[2009/03/06 12:06:31 | 00,126,184 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\pantspartyelvisposterfinal-1.jpg
[2009/03/05 15:21:34 | 00,140,615 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\gma-banner.png
[2009/03/02 13:03:45 | 00,076,210 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\hardrockplay.jpg
[2009/03/01 16:09:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\SITW MARCH 28
[2009/02/27 12:03:36 | 00,013,068 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Hip Hop Blogs.docx
[2009/02/27 12:03:30 | 00,013,822 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Blog Sites.docx

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/03/28 12:44:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/28 12:44:21 | 00,000,433 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/03/28 12:43:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/28 12:43:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/28 12:43:23 | 10,731,80672 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/28 12:42:22 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tone\Desktop\OTListIt2.exe
[2009/03/28 11:41:13 | 00,513,631 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwcdfacepaisleyprint.jpg
[2009/03/28 11:29:04 | 00,142,641 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\PAISLEY.JPG
[2009/03/27 17:02:19 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\BDW SIMPLE CD FACE.jpg
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/26 14:42:00 | 00,997,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/26 14:29:05 | 00,372,717 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseweb.jpg
[2009/03/26 14:23:54 | 00,062,976 | ---- | M] () -- C:\Documents and Settings\Tone\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/26 14:11:52 | 02,163,304 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseparty.ai
[2009/03/26 11:55:53 | 05,374,705 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwposter.jpg
[2009/03/26 08:21:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/26 00:52:06 | 00,414,672 | ---- | M] () -- C:\Documents and Settings\Tone\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/25 18:32:38 | 01,910,808 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseparty.png
[2009/03/25 17:57:27 | 05,229,087 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Picking Up The Pieces.mp3
[2009/03/25 17:56:27 | 00,000,754 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/25 17:56:27 | 00,000,253 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/25 12:47:05 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\distro.xls
[2009/03/25 10:05:50 | 00,190,969 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwcdface2.jpg
[2009/03/24 22:28:40 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/24 18:30:42 | 00,028,332 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\cropped-geb-banner.jpg
[2009/03/24 18:03:26 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\april scion shows.xls
[2009/03/24 15:10:30 | 00,030,316 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\sitemap.html
[2009/03/23 15:25:32 | 05,746,034 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Duece Midnite street 1.mp3
[2009/03/23 15:25:18 | 05,267,993 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Duece Midnight Dance 1.mp3
[2009/03/20 11:47:33 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\leather tour.xls
[2009/03/20 09:55:02 | 07,405,694 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\BMZ.zip
[2009/03/19 21:03:38 | 00,367,206 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/19 21:03:38 | 00,046,654 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/19 21:03:37 | 00,418,662 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/18 11:56:41 | 00,635,392 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\tom letter.doc
[2009/03/18 10:49:03 | 00,154,077 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwcdface.jpg
[2009/03/18 06:25:19 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\pizikako
[2009/03/18 00:14:59 | 00,142,336 | -HS- | M] () -- C:\WINDOWS\System32\icbokl.dll
[2009/03/17 00:14:16 | 00,141,312 | -HS- | M] () -- C:\WINDOWS\System32\zukidudu.dll
[2009/03/16 23:29:42 | 57,668,8360 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Big.Love.S03E09.HDTV.XviD-0TV.avi
[2009/03/16 12:02:59 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\HijackThis.lnk
[2009/03/16 11:51:14 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/03/16 11:14:08 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF32276.exe
[2009/03/16 11:12:02 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/16 11:07:57 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31068.exe
[2009/03/16 00:20:47 | 00,102,400 | ---- | M] () -- C:\WINDOWS\System32\fokipize.dll
[2009/03/15 20:21:11 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/15 20:10:58 | 00,011,919 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\dtr.csv
[2009/03/13 09:35:27 | 00,006,667 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Untitled.ses
[2009/03/12 03:01:18 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/10 11:29:15 | 00,000,816 | ---- | M] () -- C:\WINDOWS\AVSCAN32.INI
[2009/03/09 12:42:31 | 00,035,644 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\DTR DISTRO - 03-09-09.htm
[2009/03/09 12:42:07 | 00,099,041 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\distro contact - 03-09-09.htm
[2009/03/08 19:43:23 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/08 06:31:17 | 02,234,245 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\EDREYS01.mp3
[2009/03/06 12:06:32 | 00,126,184 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\pantspartyelvisposterfinal-1.jpg
[2009/03/05 15:21:34 | 00,140,615 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\gma-banner.png
[2009/03/04 14:33:37 | 00,013,068 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Hip Hop Blogs.docx
[2009/03/04 13:33:44 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Tone\My Documents\Tony Caferro Resume1.doc
[2009/03/02 13:03:49 | 00,076,210 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\hardrockplay.jpg
[2009/02/27 12:03:35 | 00,013,822 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Blog Sites.docx
[2009/02/26 22:30:07 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Rochester NY Media.doc
< End of report >



#3 MBAM log:
Malwarebytes' Anti-Malware 1.35
Database version: 1911
Windows 5.1.2600 Service Pack 3

3/28/2009 1:39:14 PM
mbam-log-2009-03-28 (13-39-07).txt

Scan type: Quick Scan
Objects scanned: 76708
Time elapsed: 15 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\icbokl.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fdbeaba5-afc3-484a-95fb-cad899587293} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fdbeaba5-afc3-484a-95fb-cad899587293} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2a103a62-e7cd-4e56-bb86-290c71283f03} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2a103a62-e7cd-4e56-bb86-290c71283f03} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fdbeaba5-afc3-484a-95fb-cad899587293} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> No action taken.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (regedit.exe"%1" %*) Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\icbokl.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nobiyaki.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nalerosa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\izwxkb.dll (Trojan.Vundo) -> No action taken.

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 28 March 2009 - 01:14 PM

Hello.

Re-run scan with MalwareBytes Anti-Malware

Your MBAM log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile. Please read this thread and rescan again only using the (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply.

Now re-run OTlistIT2, and post back with a new OTListIT2.txt log for me in your next reply in addition to the items fixed by MBAM.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 deepthinka

deepthinka
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 28 March 2009 - 05:12 PM

ok...so yeah i got u on the remove selected. i did that, i think i may have just viewed the log before i did it. all were removed after reboot.

so heres my MBAM log, i got a clean scan this time around, my OTLis follows. thanks.

Malwarebytes' Anti-Malware 1.35
Database version: 1911
Windows 5.1.2600 Service Pack 3

3/28/2009 5:50:50 PM
mbam-log-2009-03-28 (17-50-50).txt

Scan type: Quick Scan
Objects scanned: 76516
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-------------------------



OTListIt logfile created on: 3/28/2009 5:52:39 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Tone\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.40 Mb Total Physical Memory | 463.13 Mb Available Physical Memory | 45.25% Memory free
2.40 Gb Paging File | 1.96 Gb Available in Paging File | 81.56% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 9.44 Gb Free Space | 16.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 94.50 Gb Total Space | 21.84 Gb Free Space | 23.11% Space Free | Partition Type: NTFS

Computer Name: DTRLAPTOP
Current User Name: Tone
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/10/18 18:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/18 17:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/18 18:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2006/11/01 12:48:12 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2006/11/01 12:48:10 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2008/03/19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2005/05/10 14:31:22 | 00,241,664 | ---- | M] (Stardock) -- C:\Program Files\Common Files\stardock\SDMCP.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2007/04/04 18:56:04 | 00,549,256 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe
PRC - [2006/10/18 17:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2005/08/03 18:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2005/08/05 13:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2006/03/08 12:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/11/01 12:48:12 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.exe
PRC - [2006/10/18 18:04:28 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2006/10/18 17:58:16 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2007/04/04 18:56:04 | 00,950,664 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exe
PRC - [2005/10/07 14:13:38 | 00,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/05/10 22:46:20 | 00,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2004/06/28 23:56:12 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\HidFind.exe
PRC - [2005/07/27 16:41:08 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/06/25 17:08:04 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2006/10/18 17:53:24 | 00,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2009/03/26 16:49:46 | 01,277,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/03/26 16:49:52 | 00,179,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/03/26 16:49:52 | 00,401,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/02/19 21:43:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/28 12:42:22 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tone\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/03/19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2007/04/04 19:10:36 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])
SRV - [2006/10/18 18:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/06/25 17:08:04 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 04:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/04/04 18:56:04 | 00,549,256 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn [Auto | Running])
SRV - [2003/07/28 16:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/18 17:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2006/10/18 17:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2005/08/03 18:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2006/10/18 18:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2006/11/01 12:48:12 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2009/03/26 16:49:52 | 00,179,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2007/08/07 13:56:58 | 00,009,344 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter [On_Demand | Stopped])
DRV - [2007/04/05 09:45:11 | 00,021,425 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2007/04/04 18:56:04 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running])
DRV - [2005/09/28 20:57:18 | 00,113,847 | R--- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2005/08/03 23:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [1997/06/05 10:06:08 | 00,060,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\av360cn.sys -- (Av360cn [Auto | Running])
DRV - [1997/06/13 18:57:46 | 00,071,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\av363cn.sys -- (Av363cn [Auto | Running])
DRV - [2004/05/26 15:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2004/12/13 17:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/05/03 15:08:50 | 00,208,384 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
DRV - [2005/05/03 15:09:28 | 01,033,728 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS -- (HSF_DPV [On_Demand | Running])
DRV - [2004/03/17 12:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/04/04 18:56:04 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [System | Running])
DRV - [2004/08/10 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/10/19 09:29:22 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006/03/16 16:24:04 | 00,035,712 | ---- | M] (Cristalink Ltd) -- C:\WINDOWS\System32\Drivers\SeratoUsb.sys -- (SeratoUsb [On_Demand | Stopped])
DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2005/03/10 16:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97 [On_Demand | Running])
DRV - [2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 15:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2006/10/25 07:24:38 | 02,208,768 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2005/05/03 15:08:44 | 00,705,408 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])
DRV - [2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.deepthinka.com/
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\S-1-5-21-1606980848-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\S-1-5-21-1606980848-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"
FF - prefs.js..browser.search.opensidebarsearchpanel: false
FF - prefs.js..browser.startup.homepage: "http://www.deepthinka.com"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.87
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 7
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/16 11:06:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/16 11:06:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\PROGRAM FILES\NETSCAPE\NETSCAPE\COMPONENTS [2009/03/27 20:18:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\PROGRAM FILES\NETSCAPE\NETSCAPE\PLUGINS [2009/03/15 16:12:55 | 00,000,000 | ---D | M]

[2008/09/21 23:54:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tone\Application Data\mozilla\Extensions
[2008/09/21 23:54:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tone\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/28 12:54:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tone\Application Data\mozilla\Firefox\Profiles\g0cjfg29.default\extensions
[2008/09/08 09:57:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tone\Application Data\mozilla\Firefox\Profiles\g0cjfg29.default\extensions\firefox@tvunetworks.com
[2009/03/28 17:46:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/16 11:06:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/16 11:12:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/02/19 21:43:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/19 21:43:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 15:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 15:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 15:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 15:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 15:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 15:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 15:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE (Eset )
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKU\S-1-5-19..\Run: [jinavisahi] Rundll32.exe "C:\WINDOWS\system32\kozanawi.dll",s File not found
O4 - HKU\S-1-5-20..\Run: [jinavisahi] Rundll32.exe "C:\WINDOWS\system32\kozanawi.dll",s File not found
O4 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003..\Run: [DesktopX] ""C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX Builder.exe" -noui" ()
O4 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Tone\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\imon.dll (Eset )
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://antivirus.itbox.ro/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\nojezeve.dll) - C:\WINDOWS\system32\nojezeve.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\yujupaye.dll) - c:\windows\system32\yujupaye.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\pufajahe.dll) - c:\windows\system32\pufajahe.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\pegafege.dll) - c:\windows\system32\pegafege.dll File not found
O20 - AppInit_DLLs: (icbokl.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\kiramega.dll) - c:\windows\system32\kiramega.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\MCPClient: DllName - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll - C:\Program Files\Common Files\stardock\MCPStub.dll (Stardock)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\stardock\MCPCore.dll (Stardock)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/04 17:47:33 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{40066c1c-8cd9-11dd-a606-001422e423f1}\Shell - "" = AutoRun
O33 - MountPoints2\{40066c1c-8cd9-11dd-a606-001422e423f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{40066c1c-8cd9-11dd-a606-001422e423f1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6f38fd8c-ed2a-11dc-a57e-001422e423f1}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{a050cc47-55bd-11dd-a5d9-0013cee7e761}\Shell - "" = AutoRun
O33 - MountPoints2\{a050cc47-55bd-11dd-a5d9-0013cee7e761}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{abb920cf-0e38-11de-a6a0-0013cee7e761}\Shell - "" = AutoRun
O33 - MountPoints2\{abb920cf-0e38-11de-a6a0-0013cee7e761}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{abb920cf-0e38-11de-a6a0-0013cee7e761}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{abb920d0-0e38-11de-a6a0-0013cee7e761}\Shell\AutoRun\command - "" = F:\LORInstall169.exe -- File not found
O33 - MountPoints2\{acc971b1-a925-11dd-a622-001422e423f1}\Shell - "" = AutoRun
O33 - MountPoints2\{acc971b1-a925-11dd-a622-001422e423f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{acc971b1-a925-11dd-a622-001422e423f1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bcc74c95-bd95-11dd-a654-001422e423f1}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{c4d43fcd-8dbd-11dd-a609-0013cee7e761}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{dc8773a8-ac1e-11dd-a627-001422e423f1}\Shell\AutoRun\command - "" = F:\.\RapidBlogManager.exe -- File not found
O33 - MountPoints2\{eb47cbae-82a1-11dc-a4ef-0013cee7e761}\Shell\AutoRun\command - "" = E:\Installer.exe -- File not found
O33 - MountPoints2\{ef61a998-b082-11dd-a636-001422e423f1}\Shell - "" = AutoRun
O33 - MountPoints2\{ef61a998-b082-11dd-a636-001422e423f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ef61a998-b082-11dd-a636-001422e423f1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/03/28 17:44:25 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/28 17:44:25 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/28 17:44:21 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/28 17:44:18 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/28 12:41:53 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tone\Desktop\OTListIt2.exe
[2009/03/28 11:40:54 | 00,513,631 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwcdfacepaisleyprint.jpg
[2009/03/28 11:27:25 | 00,142,641 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\PAISLEY.JPG
[2009/03/27 17:02:06 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\BDW SIMPLE CD FACE.jpg
[2009/03/26 15:50:01 | 10,731,80672 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/26 14:29:01 | 00,372,717 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseweb.jpg
[2009/03/25 18:31:48 | 01,910,808 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseparty.png
[2009/03/25 18:31:26 | 02,163,304 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseparty.ai
[2009/03/25 18:07:38 | 05,374,705 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwposter.jpg
[2009/03/25 17:57:15 | 05,229,087 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Picking Up The Pieces.mp3
[2009/03/25 12:47:05 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\distro.xls
[2009/03/25 10:05:47 | 00,190,969 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwcdface2.jpg
[2009/03/24 18:30:41 | 00,028,332 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\cropped-geb-banner.jpg
[2009/03/24 15:10:28 | 00,030,316 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\sitemap.html
[2009/03/23 19:13:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\TME album art
[2009/03/23 15:24:51 | 05,746,034 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Duece Midnite street 1.mp3
[2009/03/23 15:24:44 | 05,267,993 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Duece Midnight Dance 1.mp3
[2009/03/20 11:03:01 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\leather tour.xls
[2009/03/20 09:54:53 | 07,405,694 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\BMZ.zip
[2009/03/18 15:39:53 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/03/18 11:52:19 | 00,635,392 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\tom letter.doc
[2009/03/18 10:49:02 | 00,154,077 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwcdface.jpg
[2009/03/18 06:28:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\90s inst
[2009/03/17 19:51:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\national threat
[2009/03/17 14:37:48 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\april scion shows.xls
[2009/03/17 01:08:39 | 57,668,8360 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Big.Love.S03E09.HDTV.XviD-0TV.avi
[2009/03/16 18:11:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\SITW APRIL 29
[2009/03/16 12:02:59 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\HijackThis.lnk
[2009/03/16 12:01:44 | 00,000,000 | ---D | C] -- C:\Combofix
[2009/03/16 11:47:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/03/16 11:15:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/03/16 11:14:18 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF32276.exe
[2009/03/16 11:08:40 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31068.exe
[2009/03/15 18:40:25 | 00,011,919 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\dtr.csv
[2009/03/15 16:16:30 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/15 16:15:34 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/03/15 16:15:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/15 16:13:36 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/15 16:10:55 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/03/15 16:10:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Local Settings\Application Data\Apple
[2009/03/15 16:10:11 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/03/15 16:09:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/03/15 16:09:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/03/13 09:35:26 | 00,006,667 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Untitled.ses
[2009/03/10 23:58:08 | 07,201,199 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\08-stat_quo-intermission.mp3
[2009/03/10 16:56:04 | 03,153,468 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\4_Panel_digiPak.psd
[2009/03/10 16:56:04 | 00,783,766 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\4_Panel_digiPak.eps
[2009/03/09 12:42:31 | 00,035,644 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\DTR DISTRO - 03-09-09.htm
[2009/03/09 12:42:07 | 00,099,041 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\distro contact - 03-09-09.htm
[2009/03/08 19:52:55 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/08 19:51:03 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/03/08 19:33:00 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/03/08 19:32:55 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/03/08 19:32:54 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/03/08 19:31:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/08 19:29:51 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/08 19:17:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/03/08 13:55:28 | 00,000,000 | ---D | C] -- C:\Program Files\MAM
[2009/03/07 18:45:26 | 02,234,245 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\EDREYS01.mp3
[2009/03/06 12:06:31 | 00,126,184 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\pantspartyelvisposterfinal-1.jpg
[2009/03/05 15:21:34 | 00,140,615 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\gma-banner.png
[2009/03/02 13:03:45 | 00,076,210 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\hardrockplay.jpg
[2009/03/01 16:09:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\SITW MARCH 28
[2009/02/27 12:03:36 | 00,013,068 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Hip Hop Blogs.docx
[2009/02/27 12:03:30 | 00,013,822 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Blog Sites.docx

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/03/28 17:44:25 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/28 17:42:29 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/28 17:42:20 | 00,000,433 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/03/28 17:42:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/28 17:42:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/28 17:42:01 | 10,731,80672 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/28 12:42:22 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tone\Desktop\OTListIt2.exe
[2009/03/28 11:41:13 | 00,513,631 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwcdfacepaisleyprint.jpg
[2009/03/28 11:29:04 | 00,142,641 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\PAISLEY.JPG
[2009/03/27 17:02:19 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\BDW SIMPLE CD FACE.jpg
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/26 14:42:00 | 00,997,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/26 14:29:05 | 00,372,717 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseweb.jpg
[2009/03/26 14:23:54 | 00,062,976 | ---- | M] () -- C:\Documents and Settings\Tone\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/26 14:11:52 | 02,163,304 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseparty.ai
[2009/03/26 11:55:53 | 05,374,705 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwposter.jpg
[2009/03/26 08:21:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/26 00:52:06 | 00,414,672 | ---- | M] () -- C:\Documents and Settings\Tone\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/25 18:32:38 | 01,910,808 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseparty.png
[2009/03/25 17:57:27 | 05,229,087 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Picking Up The Pieces.mp3
[2009/03/25 17:56:27 | 00,000,754 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/25 17:56:27 | 00,000,253 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/25 12:47:05 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\distro.xls
[2009/03/25 10:05:50 | 00,190,969 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwcdface2.jpg
[2009/03/24 22:28:40 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/24 18:30:42 | 00,028,332 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\cropped-geb-banner.jpg
[2009/03/24 18:03:26 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\april scion shows.xls
[2009/03/24 15:10:30 | 00,030,316 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\sitemap.html
[2009/03/23 15:25:32 | 05,746,034 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Duece Midnite street 1.mp3
[2009/03/23 15:25:18 | 05,267,993 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Duece Midnight Dance 1.mp3
[2009/03/20 11:47:33 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\leather tour.xls
[2009/03/20 09:55:02 | 07,405,694 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\BMZ.zip
[2009/03/19 21:03:38 | 00,367,206 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/19 21:03:38 | 00,046,654 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/19 21:03:37 | 00,418,662 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/18 11:56:41 | 00,635,392 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\tom letter.doc
[2009/03/18 10:49:03 | 00,154,077 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwcdface.jpg
[2009/03/18 06:25:19 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\pizikako
[2009/03/16 23:29:42 | 57,668,8360 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Big.Love.S03E09.HDTV.XviD-0TV.avi
[2009/03/16 12:02:59 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\HijackThis.lnk
[2009/03/16 11:51:14 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/03/16 11:14:08 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF32276.exe
[2009/03/16 11:07:57 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31068.exe
[2009/03/16 00:20:47 | 00,102,400 | ---- | M] () -- C:\WINDOWS\System32\fokipize.dll
[2009/03/15 20:21:11 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/15 20:10:58 | 00,011,919 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\dtr.csv
[2009/03/13 09:35:27 | 00,006,667 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Untitled.ses
[2009/03/12 03:01:18 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/10 11:29:15 | 00,000,816 | ---- | M] () -- C:\WINDOWS\AVSCAN32.INI
[2009/03/09 12:42:31 | 00,035,644 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\DTR DISTRO - 03-09-09.htm
[2009/03/09 12:42:07 | 00,099,041 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\distro contact - 03-09-09.htm
[2009/03/08 19:43:23 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/08 06:31:17 | 02,234,245 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\EDREYS01.mp3
[2009/03/06 12:06:32 | 00,126,184 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\pantspartyelvisposterfinal-1.jpg
[2009/03/05 15:21:34 | 00,140,615 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\gma-banner.png
[2009/03/04 14:33:37 | 00,013,068 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Hip Hop Blogs.docx
[2009/03/04 13:33:44 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Tone\My Documents\Tony Caferro Resume1.doc
[2009/03/02 13:03:49 | 00,076,210 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\hardrockplay.jpg
[2009/02/27 12:03:35 | 00,013,822 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Blog Sites.docx
[2009/02/26 22:30:07 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Rochester NY Media.doc
< End of report >

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 28 March 2009 - 05:33 PM

Hello.

Okay.

Let's remove some leftovers..

Run Script with OTListIT2

We need to run an OTListIt2 Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTLI
    PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
    O4 - HKU\S-1-5-19..\Run: [jinavisahi] Rundll32.exe "C:\WINDOWS\system32\kozanawi.dll",s File not found
    O4 - HKU\S-1-5-20..\Run: [jinavisahi] Rundll32.exe "C:\WINDOWS\system32\kozanawi.dll",s File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\nojezeve.dll) - C:\WINDOWS\system32\nojezeve.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\yujupaye.dll) - c:\windows\system32\yujupaye.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\pufajahe.dll) - c:\windows\system32\pufajahe.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\pegafege.dll) - c:\windows\system32\pegafege.dll File not found
    O20 - AppInit_DLLs: (icbokl.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\kiramega.dll) - c:\windows\system32\kiramega.dll File not found
    :commands
    [EmptyTemp]
    [Reboot]
  • Push Posted Image
  • OTLI2 may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
Update Java to Version 6 Update 12

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
*If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
** If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
*** The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Re-Run OTLISTIT2 after running the script and post back with the Scan log.

Post back with:
-OTScanIT2 Fix log
-Kaspersky log
-OTScanIT2 Scan log


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 deepthinka

deepthinka
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 29 March 2009 - 01:53 AM

========== OTLISTIT ==========
Process Explorer.EXE killed successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\jinavisahi deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\jinavisahi deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\nojezeve.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\yujupaye.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\pufajahe.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\pegafege.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:icbokl.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\kiramega.dll deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Tone\Local Settings\temp\etilqs_5dtOyxODsYBefvc3BO5z scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tone\Local Settings\temp\IH4D0.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tone\Local Settings\temp\~DF1CE.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tone\Local Settings\temp\~DF3D86.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Tone\Local Settings\Application Data\Mozilla\Firefox\Profiles\g0cjfg29.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tone\Local Settings\Application Data\Mozilla\Firefox\Profiles\g0cjfg29.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.7.2 log created on 03282009_185850

Files moved on Reboot...
File C:\Documents and Settings\Tone\Local Settings\temp\etilqs_5dtOyxODsYBefvc3BO5z not found!
File C:\Documents and Settings\Tone\Local Settings\temp\IH4D0.tmp not found!
C:\Documents and Settings\Tone\Local Settings\temp\~DF1CE.tmp moved successfully.
C:\Documents and Settings\Tone\Local Settings\temp\~DF3D86.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Tone\Local Settings\Application Data\Mozilla\Firefox\Profiles\g0cjfg29.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Tone\Local Settings\Application Data\Mozilla\Firefox\Profiles\g0cjfg29.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...


--------------------------------


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, March 29, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, March 29, 2009 00:10:03
Records in database: 1982408
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
Z:\

Scan statistics:
Files scanned: 116607
Threat name: 3
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 05:22:14


File name / Threat name / Threats count
C:\WINDOWS\system32\edibpm.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.lkm 1
C:\WINDOWS\system32\ggqoxo.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.mkx 1
C:\WINDOWS\system32\wapozevo.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.mkx 1
C:\WINDOWS\system32\yapefoga.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.lkm 1
Z:\jimmy elz\radmin22.zip Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 3

The selected area was scanned.



----------------------------


OTListIt logfile created on: 3/29/2009 2:50:39 AM - Run 3
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Tone\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.40 Mb Total Physical Memory | 570.54 Mb Available Physical Memory | 55.75% Memory free
2.40 Gb Paging File | 1.79 Gb Available in Paging File | 74.69% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 9.67 Gb Free Space | 17.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 94.50 Gb Total Space | 21.84 Gb Free Space | 23.11% Space Free | Partition Type: NTFS

Computer Name: DTRLAPTOP
Current User Name: Tone
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/10/18 18:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/18 17:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/18 18:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2006/11/01 12:48:12 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2006/11/01 12:48:10 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2008/03/19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2009/03/26 16:49:52 | 00,179,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2007/04/04 18:56:04 | 00,549,256 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe
PRC - [2006/10/18 17:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2005/08/03 18:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2005/05/10 14:31:22 | 00,241,664 | ---- | M] (Stardock) -- C:\Program Files\Common Files\stardock\SDMCP.exe
PRC - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/08/05 13:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2006/03/08 12:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/11/01 12:48:12 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.exe
PRC - [2006/10/18 18:04:28 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2006/10/18 17:58:16 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2005/10/07 14:13:38 | 00,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/05/10 22:46:20 | 00,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2005/07/27 16:41:08 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2004/06/28 23:56:12 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\HidFind.exe
PRC - [2008/06/25 17:08:04 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/28 19:15:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/19 21:43:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2006/10/18 17:53:24 | 00,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/04/04 18:56:04 | 00,496,000 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32.exe
PRC - [2007/04/04 18:56:04 | 00,950,664 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
PRC - [2009/03/26 16:49:52 | 00,401,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/03/28 12:42:22 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tone\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/03/19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2007/04/04 19:10:36 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])
SRV - [2006/10/18 18:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/06/25 17:08:04 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/26 16:49:52 | 00,179,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])
SRV - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 04:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/04/04 18:56:04 | 00,549,256 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn [Auto | Running])
SRV - [2003/07/28 16:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/18 17:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2006/10/18 17:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2005/08/03 18:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2006/10/18 18:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2006/11/01 12:48:12 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2009/03/28 19:15:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2007/08/07 13:56:58 | 00,009,344 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter [On_Demand | Stopped])
DRV - [2007/04/05 09:45:11 | 00,021,425 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2007/04/04 18:56:04 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running])
DRV - [2005/09/28 20:57:18 | 00,113,847 | R--- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2005/08/03 23:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [1997/06/05 10:06:08 | 00,060,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\av360cn.sys -- (Av360cn [Auto | Running])
DRV - [1997/06/13 18:57:46 | 00,071,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\av363cn.sys -- (Av363cn [Auto | Running])
DRV - [2004/05/26 15:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2004/12/13 17:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/05/03 15:08:50 | 00,208,384 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
DRV - [2005/05/03 15:09:28 | 01,033,728 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS -- (HSF_DPV [On_Demand | Running])
DRV - [2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])
DRV - [2004/03/17 12:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/04/04 18:56:04 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [System | Running])
DRV - [2004/08/10 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/10/19 09:29:22 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006/03/16 16:24:04 | 00,035,712 | ---- | M] (Cristalink Ltd) -- C:\WINDOWS\System32\Drivers\SeratoUsb.sys -- (SeratoUsb [On_Demand | Stopped])
DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2005/03/10 16:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97 [On_Demand | Running])
DRV - [2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 15:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2006/10/25 07:24:38 | 02,208,768 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2005/05/03 15:08:44 | 00,705,408 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.deepthinka.com/
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\S-1-5-21-1606980848-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\S-1-5-21-1606980848-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"
FF - prefs.js..browser.search.opensidebarsearchpanel: false
FF - prefs.js..browser.startup.homepage: "http://www.deepthinka.com"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.87
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 7
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/28 19:15:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/16 11:06:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 19:15:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\PROGRAM FILES\NETSCAPE\NETSCAPE\COMPONENTS [2009/03/27 20:18:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\PROGRAM FILES\NETSCAPE\NETSCAPE\PLUGINS [2009/03/28 19:15:36 | 00,000,000 | ---D | M]

[2008/09/21 23:54:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tone\Application Data\mozilla\Extensions
[2008/09/21 23:54:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tone\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/28 19:16:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tone\Application Data\mozilla\Firefox\Profiles\g0cjfg29.default\extensions
[2008/09/08 09:57:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tone\Application Data\mozilla\Firefox\Profiles\g0cjfg29.default\extensions\firefox@tvunetworks.com
[2009/03/28 19:22:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/16 11:06:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/16 11:12:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/03/28 19:15:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/02/19 21:43:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/19 21:43:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 15:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 15:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 15:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 15:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 15:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 15:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 15:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE (Eset )
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003..\Run: [DesktopX] ""C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX Builder.exe" -noui" ()
O4 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\Tone\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\imon.dll (Eset )
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://antivirus.itbox.ro/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\MCPClient: DllName - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll - C:\Program Files\Common Files\stardock\MCPStub.dll (Stardock)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\stardock\MCPCore.dll (Stardock)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/04 17:47:33 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{40066c1c-8cd9-11dd-a606-001422e423f1}\Shell - "" = AutoRun
O33 - MountPoints2\{40066c1c-8cd9-11dd-a606-001422e423f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{40066c1c-8cd9-11dd-a606-001422e423f1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6f38fd8c-ed2a-11dc-a57e-001422e423f1}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{a050cc47-55bd-11dd-a5d9-0013cee7e761}\Shell - "" = AutoRun
O33 - MountPoints2\{a050cc47-55bd-11dd-a5d9-0013cee7e761}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{abb920cf-0e38-11de-a6a0-0013cee7e761}\Shell - "" = AutoRun
O33 - MountPoints2\{abb920cf-0e38-11de-a6a0-0013cee7e761}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{abb920cf-0e38-11de-a6a0-0013cee7e761}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{abb920d0-0e38-11de-a6a0-0013cee7e761}\Shell\AutoRun\command - "" = F:\LORInstall169.exe -- File not found
O33 - MountPoints2\{acc971b1-a925-11dd-a622-001422e423f1}\Shell - "" = AutoRun
O33 - MountPoints2\{acc971b1-a925-11dd-a622-001422e423f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{acc971b1-a925-11dd-a622-001422e423f1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bcc74c95-bd95-11dd-a654-001422e423f1}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{c4d43fcd-8dbd-11dd-a609-0013cee7e761}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{dc8773a8-ac1e-11dd-a627-001422e423f1}\Shell\AutoRun\command - "" = F:\.\RapidBlogManager.exe -- File not found
O33 - MountPoints2\{eb47cbae-82a1-11dc-a4ef-0013cee7e761}\Shell\AutoRun\command - "" = E:\Installer.exe -- File not found
O33 - MountPoints2\{ef61a998-b082-11dd-a636-001422e423f1}\Shell - "" = AutoRun
O33 - MountPoints2\{ef61a998-b082-11dd-a636-001422e423f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ef61a998-b082-11dd-a636-001422e423f1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/03/28 19:22:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/03/28 19:14:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Application Data\Sun
[2009/03/28 19:07:41 | 16,283,032 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\jre-6u13-windows-i586-p.exe
[2009/03/28 18:58:50 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/28 17:44:25 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/28 17:44:25 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/28 17:44:21 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/28 17:44:18 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/28 12:41:53 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tone\Desktop\OTListIt2.exe
[2009/03/28 11:40:54 | 00,513,631 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwcdfacepaisleyprint.jpg
[2009/03/28 11:27:25 | 00,142,641 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\PAISLEY.JPG
[2009/03/27 17:02:06 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\BDW SIMPLE CD FACE.jpg
[2009/03/26 15:50:01 | 10,731,80672 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/26 14:29:01 | 00,372,717 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseweb.jpg
[2009/03/25 18:31:48 | 01,910,808 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseparty.png
[2009/03/25 18:31:26 | 02,163,304 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseparty.ai
[2009/03/25 18:07:38 | 05,374,705 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwposter.jpg
[2009/03/25 17:57:15 | 05,229,087 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Picking Up The Pieces.mp3
[2009/03/25 12:47:05 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\distro.xls
[2009/03/25 10:05:47 | 00,190,969 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwcdface2.jpg
[2009/03/24 18:30:41 | 00,028,332 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\cropped-geb-banner.jpg
[2009/03/24 15:10:28 | 00,030,316 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\sitemap.html
[2009/03/23 19:13:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\TME album art
[2009/03/23 15:24:51 | 05,746,034 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Duece Midnite street 1.mp3
[2009/03/23 15:24:44 | 05,267,993 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Duece Midnight Dance 1.mp3
[2009/03/20 11:03:01 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\leather tour.xls
[2009/03/20 09:54:53 | 07,405,694 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\BMZ.zip
[2009/03/18 15:39:53 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/03/18 11:52:19 | 00,635,392 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\tom letter.doc
[2009/03/18 10:49:02 | 00,154,077 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwcdface.jpg
[2009/03/18 06:28:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\90s inst
[2009/03/17 19:51:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\national threat
[2009/03/17 14:37:48 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\april scion shows.xls
[2009/03/17 01:08:39 | 57,668,8360 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Big.Love.S03E09.HDTV.XviD-0TV.avi
[2009/03/16 18:11:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\SITW APRIL 29
[2009/03/16 12:02:59 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\HijackThis.lnk
[2009/03/16 12:01:44 | 00,000,000 | ---D | C] -- C:\Combofix
[2009/03/16 11:47:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/03/16 11:15:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/03/16 11:14:18 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF32276.exe
[2009/03/16 11:08:40 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31068.exe
[2009/03/15 18:40:25 | 00,011,919 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\dtr.csv
[2009/03/15 16:16:30 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/15 16:15:34 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/03/15 16:15:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/15 16:13:36 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/15 16:10:55 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/03/15 16:10:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Local Settings\Application Data\Apple
[2009/03/15 16:10:11 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/03/15 16:09:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/03/15 16:09:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/03/13 09:35:26 | 00,006,667 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Untitled.ses
[2009/03/10 23:58:08 | 07,201,199 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\08-stat_quo-intermission.mp3
[2009/03/10 16:56:04 | 03,153,468 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\4_Panel_digiPak.psd
[2009/03/10 16:56:04 | 00,783,766 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\4_Panel_digiPak.eps
[2009/03/09 12:42:31 | 00,035,644 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\DTR DISTRO - 03-09-09.htm
[2009/03/09 12:42:07 | 00,099,041 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\distro contact - 03-09-09.htm
[2009/03/08 19:52:55 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/08 19:51:03 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/03/08 19:33:00 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/03/08 19:32:55 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/03/08 19:32:54 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/03/08 19:31:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/08 19:29:51 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/08 19:17:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/03/08 13:55:28 | 00,000,000 | ---D | C] -- C:\Program Files\MAM
[2009/03/07 18:45:26 | 02,234,245 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\EDREYS01.mp3
[2009/03/06 12:06:31 | 00,126,184 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\pantspartyelvisposterfinal-1.jpg
[2009/03/05 15:21:34 | 00,140,615 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\gma-banner.png
[2009/03/02 13:03:45 | 00,076,210 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\hardrockplay.jpg
[2009/03/01 16:09:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\SITW MARCH 28
[2009/02/27 12:03:36 | 00,013,068 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Hip Hop Blogs.docx
[2009/02/27 12:03:30 | 00,013,822 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Blog Sites.docx

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/03/28 19:14:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/28 19:13:32 | 00,000,433 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/03/28 19:13:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/28 19:13:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/28 19:13:16 | 10,731,80672 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/28 19:08:48 | 16,283,032 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\jre-6u13-windows-i586-p.exe
[2009/03/28 17:44:25 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/28 12:42:22 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tone\Desktop\OTListIt2.exe
[2009/03/28 11:41:13 | 00,513,631 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwcdfacepaisleyprint.jpg
[2009/03/28 11:29:04 | 00,142,641 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\PAISLEY.JPG
[2009/03/27 17:02:19 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\BDW SIMPLE CD FACE.jpg
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/26 14:42:00 | 00,997,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/26 14:29:05 | 00,372,717 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseweb.jpg
[2009/03/26 14:23:54 | 00,062,976 | ---- | M] () -- C:\Documents and Settings\Tone\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/26 14:11:52 | 02,163,304 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseparty.ai
[2009/03/26 11:55:53 | 05,374,705 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwposter.jpg
[2009/03/26 08:21:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/26 00:52:06 | 00,414,672 | ---- | M] () -- C:\Documents and Settings\Tone\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/25 18:32:38 | 01,910,808 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseparty.png
[2009/03/25 17:57:27 | 05,229,087 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Picking Up The Pieces.mp3
[2009/03/25 17:56:27 | 00,000,754 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/25 17:56:27 | 00,000,253 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/25 12:47:05 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\distro.xls
[2009/03/25 10:05:50 | 00,190,969 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwcdface2.jpg
[2009/03/24 22:28:40 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/24 18:30:42 | 00,028,332 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\cropped-geb-banner.jpg
[2009/03/24 18:03:26 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\april scion shows.xls
[2009/03/24 15:10:30 | 00,030,316 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\sitemap.html
[2009/03/23 15:25:32 | 05,746,034 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Duece Midnite street 1.mp3
[2009/03/23 15:25:18 | 05,267,993 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Duece Midnight Dance 1.mp3
[2009/03/20 11:47:33 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\leather tour.xls
[2009/03/20 09:55:02 | 07,405,694 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\BMZ.zip
[2009/03/19 21:03:38 | 00,367,206 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/19 21:03:38 | 00,046,654 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/19 21:03:37 | 00,418,662 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/18 11:56:41 | 00,635,392 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\tom letter.doc
[2009/03/18 10:49:03 | 00,154,077 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwcdface.jpg
[2009/03/18 06:25:19 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\pizikako
[2009/03/16 23:29:42 | 57,668,8360 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Big.Love.S03E09.HDTV.XviD-0TV.avi
[2009/03/16 12:02:59 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\HijackThis.lnk
[2009/03/16 11:51:14 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/03/16 11:14:08 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF32276.exe
[2009/03/16 11:07:57 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31068.exe
[2009/03/16 00:20:47 | 00,102,400 | ---- | M] () -- C:\WINDOWS\System32\fokipize.dll
[2009/03/15 20:21:11 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/15 20:10:58 | 00,011,919 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\dtr.csv
[2009/03/13 09:35:27 | 00,006,667 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Untitled.ses
[2009/03/12 03:01:18 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/10 11:29:15 | 00,000,816 | ---- | M] () -- C:\WINDOWS\AVSCAN32.INI
[2009/03/09 12:42:31 | 00,035,644 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\DTR DISTRO - 03-09-09.htm
[2009/03/09 12:42:07 | 00,099,041 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\distro contact - 03-09-09.htm
[2009/03/08 19:43:23 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/08 06:31:17 | 02,234,245 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\EDREYS01.mp3
[2009/03/06 12:06:32 | 00,126,184 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\pantspartyelvisposterfinal-1.jpg
[2009/03/05 15:21:34 | 00,140,615 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\gma-banner.png
[2009/03/04 14:33:37 | 00,013,068 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Hip Hop Blogs.docx
[2009/03/04 13:33:44 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Tone\My Documents\Tony Caferro Resume1.doc
[2009/03/02 13:03:49 | 00,076,210 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\hardrockplay.jpg
[2009/02/27 12:03:35 | 00,013,822 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Blog Sites.docx
< End of report >

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 29 March 2009 - 10:38 AM

Hello.

Let's remove the rest of them :thumbup2:

This compressed file: Z:\jimmy elz\radmin22.zip <- This is not considered a virus but it is a RISK-TOOL. If it was used for malicious purposes it can be used to gain Admin powers via a remote. I suggest you remove it, unless you really neeed it.

Download and Run OTMoveIT3
  • Please download OTMoveIt3 by OldTimer and save it to your desktop. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\WINDOWS\system32\edibpm.dll 
    C:\WINDOWS\system32\ggqoxo.dll 
    C:\WINDOWS\system32\wapozevo.dll
    C:\WINDOWS\system32\yapefoga.dll 
    C:\WINDOWS\System32\fokipize.dll
    :commands
    [EmptyTemp]
    [Reboot]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Update Malwarebytes Anti-Malware and run a quick-scan again like before. POst the log once it's done.

Run OTListIT2 again please, and post back with the new log.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 deepthinka

deepthinka
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 29 March 2009 - 01:17 PM

here goes: OTMove, then MBAM, then OTList

========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\edibpm.dll
C:\WINDOWS\system32\edibpm.dll NOT unregistered.
C:\WINDOWS\system32\edibpm.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ggqoxo.dll
C:\WINDOWS\system32\ggqoxo.dll NOT unregistered.
C:\WINDOWS\system32\ggqoxo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wapozevo.dll
C:\WINDOWS\system32\wapozevo.dll NOT unregistered.
C:\WINDOWS\system32\wapozevo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yapefoga.dll
C:\WINDOWS\system32\yapefoga.dll NOT unregistered.
C:\WINDOWS\system32\yapefoga.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\fokipize.dll
C:\WINDOWS\System32\fokipize.dll NOT unregistered.
C:\WINDOWS\System32\fokipize.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Tone\LOCALS~1\Temp\etilqs_cVeLZwdIY03mwCEB9ac7 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tone\LOCALS~1\Temp\etilqs_qBLIwf9A7gKzBL7PzD2k scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tone\LOCALS~1\Temp\etilqs_qBLIwf9A7gKzBL7PzD2k-journal scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tone\LOCALS~1\Temp\IH157D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tone\LOCALS~1\Temp\~DFBA80.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_ef8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Tone\Local Settings\Application Data\Mozilla\Firefox\Profiles\g0cjfg29.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tone\Local Settings\Application Data\Mozilla\Firefox\Profiles\g0cjfg29.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03292009_134320

Files moved on Reboot...
File C:\DOCUME~1\Tone\LOCALS~1\Temp\etilqs_cVeLZwdIY03mwCEB9ac7 not found!
File C:\DOCUME~1\Tone\LOCALS~1\Temp\etilqs_qBLIwf9A7gKzBL7PzD2k not found!
File C:\DOCUME~1\Tone\LOCALS~1\Temp\etilqs_qBLIwf9A7gKzBL7PzD2k-journal not found!
File C:\DOCUME~1\Tone\LOCALS~1\Temp\IH157D.tmp not found!
C:\DOCUME~1\Tone\LOCALS~1\Temp\~DFBA80.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_ef8.dat not found!
C:\Documents and Settings\Tone\Local Settings\Application Data\Mozilla\Firefox\Profiles\g0cjfg29.default\OfflineCache\index.sqlite moved successfully.
C:\Documents and Settings\Tone\Local Settings\Application Data\Mozilla\Firefox\Profiles\g0cjfg29.default\urlclassifier3.sqlite moved successfully.


___________________________________________________________---


Malwarebytes' Anti-Malware 1.35
Database version: 1916
Windows 5.1.2600 Service Pack 3

3/29/2009 2:14:50 PM
mbam-log-2009-03-29 (14-14-50).txt

Scan type: Quick Scan
Objects scanned: 72609
Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


______________________________________________________--


OTListIt logfile created on: 3/29/2009 2:15:04 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Tone\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.40 Mb Total Physical Memory | 582.45 Mb Available Physical Memory | 56.91% Memory free
2.40 Gb Paging File | 2.07 Gb Available in Paging File | 86.13% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 9.75 Gb Free Space | 17.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DTRLAPTOP
Current User Name: Tone
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/10/18 18:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/18 17:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/18 18:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2006/11/01 12:48:12 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2006/11/01 12:48:10 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2008/03/19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2005/05/10 14:31:22 | 00,241,664 | ---- | M] (Stardock) -- C:\Program Files\Common Files\stardock\SDMCP.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2009/03/28 19:15:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/26 16:49:52 | 00,179,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2007/04/04 18:56:04 | 00,549,256 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe
PRC - [2006/10/18 17:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2005/08/03 18:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/04/13 20:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2005/08/05 13:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2006/03/08 12:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/11/01 12:48:12 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.exe
PRC - [2006/10/18 18:04:28 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2006/10/18 17:58:16 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2007/04/04 18:56:04 | 00,950,664 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exe
PRC - [2005/10/07 14:13:38 | 00,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/05/10 22:46:20 | 00,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/03/26 16:49:52 | 00,401,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/03/28 19:15:18 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/07/27 16:41:08 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2004/06/28 23:56:12 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\HidFind.exe
PRC - [2008/06/25 17:08:04 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2006/10/18 17:53:24 | 00,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2009/03/28 12:42:22 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tone\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/03/19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2007/04/04 19:10:36 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])
SRV - [2006/10/18 18:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/06/25 17:08:04 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/28 19:15:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/03/26 16:49:52 | 00,179,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])
SRV - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 04:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/04/04 18:56:04 | 00,549,256 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn [Auto | Running])
SRV - [2003/07/28 16:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/18 17:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2006/10/18 17:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2005/08/03 18:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2006/10/18 18:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2006/11/01 12:48:12 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2007/08/07 13:56:58 | 00,009,344 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter [On_Demand | Stopped])
DRV - [2007/04/05 09:45:11 | 00,021,425 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2007/04/04 18:56:04 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running])
DRV - [2005/09/28 20:57:18 | 00,113,847 | R--- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2005/08/03 23:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [1997/06/05 10:06:08 | 00,060,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\av360cn.sys -- (Av360cn [Auto | Running])
DRV - [1997/06/13 18:57:46 | 00,071,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\av363cn.sys -- (Av363cn [Auto | Running])
DRV - [2004/05/26 15:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2004/12/13 17:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/05/03 15:08:50 | 00,208,384 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
DRV - [2005/05/03 15:09:28 | 01,033,728 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS -- (HSF_DPV [On_Demand | Running])
DRV - [2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])
DRV - [2004/03/17 12:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/04/04 18:56:04 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [System | Running])
DRV - [2004/08/10 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/10/19 09:29:22 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006/03/16 16:24:04 | 00,035,712 | ---- | M] (Cristalink Ltd) -- C:\WINDOWS\System32\Drivers\SeratoUsb.sys -- (SeratoUsb [On_Demand | Stopped])
DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2005/03/10 16:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97 [On_Demand | Running])
DRV - [2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 15:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2006/10/25 07:24:38 | 02,208,768 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2005/05/03 15:08:44 | 00,705,408 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.deepthinka.com/
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\S-1-5-21-1606980848-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\S-1-5-21-1606980848-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"
FF - prefs.js..browser.search.opensidebarsearchpanel: false
FF - prefs.js..browser.startup.homepage: "http://www.deepthinka.com"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.87
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 7
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/28 19:15:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/16 11:06:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 19:15:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\PROGRAM FILES\NETSCAPE\NETSCAPE\COMPONENTS [2009/03/27 20:18:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\PROGRAM FILES\NETSCAPE\NETSCAPE\PLUGINS [2009/03/28 19:15:36 | 00,000,000 | ---D | M]

[2008/09/21 23:54:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tone\Application Data\mozilla\Extensions
[2008/09/21 23:54:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tone\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/28 19:16:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tone\Application Data\mozilla\Firefox\Profiles\g0cjfg29.default\extensions
[2008/09/08 09:57:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tone\Application Data\mozilla\Firefox\Profiles\g0cjfg29.default\extensions\firefox@tvunetworks.com
[2009/03/29 13:48:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/16 11:06:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/16 11:12:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/03/28 19:15:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/02/19 21:43:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/19 21:43:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 15:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 15:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 15:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 15:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 15:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 15:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 15:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE (Eset )
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003..\Run: [DesktopX] ""C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX Builder.exe" -noui" ()
O4 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\Tone\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1606980848-1580436667-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\imon.dll (Eset )
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://antivirus.itbox.ro/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\MCPClient: DllName - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll - C:\Program Files\Common Files\stardock\MCPStub.dll (Stardock)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\stardock\MCPCore.dll (Stardock)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/04 17:47:33 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{40066c1c-8cd9-11dd-a606-001422e423f1}\Shell - "" = AutoRun
O33 - MountPoints2\{40066c1c-8cd9-11dd-a606-001422e423f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{40066c1c-8cd9-11dd-a606-001422e423f1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6f38fd8c-ed2a-11dc-a57e-001422e423f1}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{a050cc47-55bd-11dd-a5d9-0013cee7e761}\Shell - "" = AutoRun
O33 - MountPoints2\{a050cc47-55bd-11dd-a5d9-0013cee7e761}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{abb920cf-0e38-11de-a6a0-0013cee7e761}\Shell - "" = AutoRun
O33 - MountPoints2\{abb920cf-0e38-11de-a6a0-0013cee7e761}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{abb920cf-0e38-11de-a6a0-0013cee7e761}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{abb920d0-0e38-11de-a6a0-0013cee7e761}\Shell\AutoRun\command - "" = F:\LORInstall169.exe -- File not found
O33 - MountPoints2\{acc971b1-a925-11dd-a622-001422e423f1}\Shell - "" = AutoRun
O33 - MountPoints2\{acc971b1-a925-11dd-a622-001422e423f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{acc971b1-a925-11dd-a622-001422e423f1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bcc74c95-bd95-11dd-a654-001422e423f1}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{c4d43fcd-8dbd-11dd-a609-0013cee7e761}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{dc8773a8-ac1e-11dd-a627-001422e423f1}\Shell\AutoRun\command - "" = F:\.\RapidBlogManager.exe -- File not found
O33 - MountPoints2\{eb47cbae-82a1-11dc-a4ef-0013cee7e761}\Shell\AutoRun\command - "" = E:\Installer.exe -- File not found
O33 - MountPoints2\{ef61a998-b082-11dd-a636-001422e423f1}\Shell - "" = AutoRun
O33 - MountPoints2\{ef61a998-b082-11dd-a636-001422e423f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ef61a998-b082-11dd-a636-001422e423f1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/03/29 13:43:20 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/03/29 13:42:03 | 00,389,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tone\Desktop\OTMoveIt3.exe
[2009/03/28 19:22:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/03/28 19:14:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Application Data\Sun
[2009/03/28 19:07:41 | 16,283,032 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\jre-6u13-windows-i586-p.exe
[2009/03/28 18:58:50 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/28 17:44:25 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/28 17:44:25 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/28 17:44:21 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/28 17:44:18 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/28 12:41:53 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tone\Desktop\OTListIt2.exe
[2009/03/28 11:40:54 | 00,513,631 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwcdfacepaisleyprint.jpg
[2009/03/28 11:27:25 | 00,142,641 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\PAISLEY.JPG
[2009/03/27 17:02:06 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\BDW SIMPLE CD FACE.jpg
[2009/03/26 15:50:01 | 10,731,80672 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/26 14:29:01 | 00,372,717 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseweb.jpg
[2009/03/25 18:31:48 | 01,910,808 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseparty.png
[2009/03/25 18:31:26 | 02,163,304 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseparty.ai
[2009/03/25 18:07:38 | 05,374,705 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwposter.jpg
[2009/03/25 17:57:15 | 05,229,087 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Picking Up The Pieces.mp3
[2009/03/25 12:47:05 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\distro.xls
[2009/03/25 10:05:47 | 00,190,969 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwcdface2.jpg
[2009/03/24 18:30:41 | 00,028,332 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\cropped-geb-banner.jpg
[2009/03/24 15:10:28 | 00,030,316 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\sitemap.html
[2009/03/23 19:13:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\TME album art
[2009/03/23 15:24:51 | 05,746,034 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Duece Midnite street 1.mp3
[2009/03/23 15:24:44 | 05,267,993 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Duece Midnight Dance 1.mp3
[2009/03/20 11:03:01 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\leather tour.xls
[2009/03/20 09:54:53 | 07,405,694 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\BMZ.zip
[2009/03/18 15:39:53 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/03/18 11:52:19 | 00,635,392 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\tom letter.doc
[2009/03/18 10:49:02 | 00,154,077 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\bdwcdface.jpg
[2009/03/18 06:28:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\90s inst
[2009/03/17 19:51:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\national threat
[2009/03/17 14:37:48 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\april scion shows.xls
[2009/03/17 01:08:39 | 57,668,8360 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Big.Love.S03E09.HDTV.XviD-0TV.avi
[2009/03/16 18:11:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\SITW APRIL 29
[2009/03/16 12:02:59 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\HijackThis.lnk
[2009/03/16 12:01:44 | 00,000,000 | ---D | C] -- C:\Combofix
[2009/03/16 11:47:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/03/16 11:15:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/03/16 11:14:18 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF32276.exe
[2009/03/16 11:08:40 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31068.exe
[2009/03/15 18:40:25 | 00,011,919 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\dtr.csv
[2009/03/15 16:16:30 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/15 16:15:34 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/03/15 16:15:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/15 16:13:36 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/15 16:10:55 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/03/15 16:10:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Local Settings\Application Data\Apple
[2009/03/15 16:10:11 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/03/15 16:09:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/03/15 16:09:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/03/13 09:35:26 | 00,006,667 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\Untitled.ses
[2009/03/10 23:58:08 | 07,201,199 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\08-stat_quo-intermission.mp3
[2009/03/10 16:56:04 | 03,153,468 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\4_Panel_digiPak.psd
[2009/03/10 16:56:04 | 00,783,766 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\4_Panel_digiPak.eps
[2009/03/09 12:42:31 | 00,035,644 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\DTR DISTRO - 03-09-09.htm
[2009/03/09 12:42:07 | 00,099,041 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\distro contact - 03-09-09.htm
[2009/03/08 19:52:55 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/08 19:51:03 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/03/08 19:33:00 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/03/08 19:32:55 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/03/08 19:32:54 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/03/08 19:31:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/08 19:29:51 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/08 19:17:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/03/08 13:55:28 | 00,000,000 | ---D | C] -- C:\Program Files\MAM
[2009/03/07 18:45:26 | 02,234,245 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\EDREYS01.mp3
[2009/03/06 12:06:31 | 00,126,184 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\pantspartyelvisposterfinal-1.jpg
[2009/03/05 15:21:34 | 00,140,615 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\gma-banner.png
[2009/03/02 13:03:45 | 00,076,210 | ---- | C] () -- C:\Documents and Settings\Tone\Desktop\hardrockplay.jpg
[2009/03/01 16:09:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tone\Desktop\SITW MARCH 28

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/03/29 13:47:04 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/29 13:47:02 | 00,000,433 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/03/29 13:46:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/29 13:46:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/29 13:46:42 | 10,731,80672 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/29 13:42:19 | 00,389,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tone\Desktop\OTMoveIt3.exe
[2009/03/28 19:08:48 | 16,283,032 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\jre-6u13-windows-i586-p.exe
[2009/03/28 17:44:25 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/28 12:42:22 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tone\Desktop\OTListIt2.exe
[2009/03/28 11:41:13 | 00,513,631 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwcdfacepaisleyprint.jpg
[2009/03/28 11:29:04 | 00,142,641 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\PAISLEY.JPG
[2009/03/27 17:02:19 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\BDW SIMPLE CD FACE.jpg
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/26 14:42:00 | 00,997,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/26 14:29:05 | 00,372,717 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseweb.jpg
[2009/03/26 14:23:54 | 00,062,976 | ---- | M] () -- C:\Documents and Settings\Tone\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/26 14:11:52 | 02,163,304 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseparty.ai
[2009/03/26 11:55:53 | 05,374,705 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwposter.jpg
[2009/03/26 08:21:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/26 00:52:06 | 00,414,672 | ---- | M] () -- C:\Documents and Settings\Tone\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/25 18:32:38 | 01,910,808 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwreleaseparty.png
[2009/03/25 17:57:27 | 05,229,087 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Picking Up The Pieces.mp3
[2009/03/25 17:56:27 | 00,000,754 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/25 17:56:27 | 00,000,253 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/25 12:47:05 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\distro.xls
[2009/03/25 10:05:50 | 00,190,969 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwcdface2.jpg
[2009/03/24 22:28:40 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/24 18:30:42 | 00,028,332 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\cropped-geb-banner.jpg
[2009/03/24 18:03:26 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\april scion shows.xls
[2009/03/24 15:10:30 | 00,030,316 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\sitemap.html
[2009/03/23 15:25:32 | 05,746,034 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Duece Midnite street 1.mp3
[2009/03/23 15:25:18 | 05,267,993 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Duece Midnight Dance 1.mp3
[2009/03/20 11:47:33 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\leather tour.xls
[2009/03/20 09:55:02 | 07,405,694 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\BMZ.zip
[2009/03/19 21:03:38 | 00,367,206 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/19 21:03:38 | 00,046,654 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/19 21:03:37 | 00,418,662 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/18 11:56:41 | 00,635,392 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\tom letter.doc
[2009/03/18 10:49:03 | 00,154,077 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\bdwcdface.jpg
[2009/03/18 06:25:19 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\pizikako
[2009/03/16 23:29:42 | 57,668,8360 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Big.Love.S03E09.HDTV.XviD-0TV.avi
[2009/03/16 12:02:59 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\HijackThis.lnk
[2009/03/16 11:51:14 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/03/16 11:14:08 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF32276.exe
[2009/03/16 11:07:57 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31068.exe
[2009/03/15 20:21:11 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/15 20:10:58 | 00,011,919 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\dtr.csv
[2009/03/13 09:35:27 | 00,006,667 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Untitled.ses
[2009/03/12 03:01:18 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/10 11:29:15 | 00,000,816 | ---- | M] () -- C:\WINDOWS\AVSCAN32.INI
[2009/03/09 12:42:31 | 00,035,644 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\DTR DISTRO - 03-09-09.htm
[2009/03/09 12:42:07 | 00,099,041 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\distro contact - 03-09-09.htm
[2009/03/08 19:43:23 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/08 06:31:17 | 02,234,245 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\EDREYS01.mp3
[2009/03/06 12:06:32 | 00,126,184 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\pantspartyelvisposterfinal-1.jpg
[2009/03/05 15:21:34 | 00,140,615 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\gma-banner.png
[2009/03/04 14:33:37 | 00,013,068 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\Hip Hop Blogs.docx
[2009/03/04 13:33:44 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Tone\My Documents\Tony Caferro Resume1.doc
[2009/03/02 13:03:49 | 00,076,210 | ---- | M] () -- C:\Documents and Settings\Tone\Desktop\hardrockplay.jpg
< End of report >

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 29 March 2009 - 01:53 PM

Hello.

Everything looks fine except this file: C:\WINDOWS\System32\pizikako <- This file.

I don't think it's good especially that it's HIDDEN in the system32 folder.

Run Script with OTMoveIt3
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\WINDOWS\System32\pizikako
  • Click the large Posted Image button.
Other than that everythign looks good. Let's cleanup.

Cleanup! with OTMoveIt
Let's remove all the tools we've used so far.
  • Double click the OTMoveIt3.exe to run it.
  • Click Posted Image. If you recieve a warning from your security program, select allow to download the packet.
  • A pop-up box will appear saying "Cleanup list download succesfully Begin Removal Process?". Click Yes.
  • If required for a reboot click Yes
Create a New System Restore Point<- Very Important

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.


Congratulations! You now appear clean! :step1: :) :thumbup2:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :step4:


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks :step5:

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 deepthinka

deepthinka
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 29 March 2009 - 03:19 PM

OTMover couldn't find it??


========== FILES ==========
File/Folder C:\WINDOWS\System32\pizikako not found.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 29 March 2009 - 03:33 PM

Hello.

Then, that file is probably gone now :thumbup2:

That file itself can't do any harm either as it's not an executable or can be executed.

With regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 deepthinka

deepthinka
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 29 March 2009 - 06:57 PM

thank u very much. im gratefully indebted to you.

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 29 March 2009 - 08:25 PM

You are very welcome :thumbup2:

Happy surfing again and good luck in the future.

Take Care,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users