Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan: Rustok-N (?)


  • This topic is locked This topic is locked
8 replies to this topic

#1 daboone

daboone

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 27 March 2009 - 11:23 AM

Aaalright, first of all, thank you so much for providing this service! :thumbup2:

I'm experiencing various inconveniences with the trojan Rustok-N, supposedly...

I was given a message from a site saying my IP was generating DOS requests at their servers, and that the attack was provoked by the spyware/virus named 'Troj/Rustok-N', which all started after attempting to download a particular music torrent. :step4:

I have since downloaded both AVG and Spyware Doctor, only to come up with no results and no possibility of updating the definitions due to some sort of connection error. :step1:

Some domains/servers/sites will redirect me to some random crap site and whenever I Google anything, I have to copy and paste the link into a new tab or I'll be redirected to said random crap site. :)

I've attempted practically everything but formatting, which I'm not entirely sure I want to do at this point... nonetheless, here's de log:




DDS (Ver_09-03-16.01) - NTFSx86
Run by KZ4ZZ at 11:50:02.10 on Fri 03/27/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.78 [GMT -4:00]

AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elantech\Ktp.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\CPUTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\Updater.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\KZ4ZZ\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.averatec.com
mStart Page = hxxp://www.averatec.com/
uInternet Connection Wizard,ShellNext = hxxp://www.averatec.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Windows Update] c:\windows\system32\Updater.exe
mRun: [KTPWare] c:\program files\elantech\Ktp.exe
mRun: [AudioDeck] c:\program files\viaudioi\sbadeck\ADeck.exe 1
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [CPUTray] c:\windows\system32\CPUTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [BigDogPath] c:\windows\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\kz4zz\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kz4zz\applic~1\mozilla\firefox\profiles\0iipql7z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\kz4zz\application data\mozilla\firefox\profiles\0iipql7z.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-2-22 12936]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-7-17 32320]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2005-7-17 23200]
R0 ptpd;Disk Filter Driver;c:\windows\system32\drivers\ptpd.sys [2005-7-21 6656]
R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.SYS [2005-7-21 43512]
R0 Spssys;Toshiba SPS Service;c:\windows\system32\drivers\spssys.sys [2006-8-28 164256]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-22 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-22 26824]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-22 90632]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-22 231704]
R2 FBAPI;FBAPI;c:\windows\system32\drivers\FBAPI.sys [2005-7-21 5088]
R2 Machnm32;Machnm32 Driver;c:\windows\system32\Machnm32.sys [2005-7-21 2304]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-6 24652]
R3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-23 42376]
R3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-23 66952]
R3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-23 81288]
R3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [2007-9-6 32384]
R3 Ktp;Elantech Touchpad;c:\windows\system32\drivers\Ktp.sys [2005-7-17 26112]
R3 PhnxVcd;PhnxVcd;c:\windows\system32\drivers\phnxvcd.sys [2005-7-21 36096]
S2 spoolsv.exe;spoolsv.exe;c:\windows\system\dcache\data\scan\service.exe /name:"spoolsv.exe" /start:"hiderun.exe spoolsv.exe mirc.ini" --> c:\windows\system\dcache\data\scan\Service.exe [?]
S3 axvbusx;axvbusx;c:\windows\system32\drivers\axvbusx.sys [2002-12-27 8384]
S3 axvscsi;axvscsi;c:\windows\system32\drivers\axvscsi.sys [2002-12-27 98560]
S3 c233b4f7-e012-4f3b-aff5-7d76523cb296;c233b4f7-e012-4f3b-aff5-7d76523cb296;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-23 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-23 1073544]

=============== Created Last 30 ================


==================== Find3M ====================

2009-02-22 05:43 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-22 05:43 12,936 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-02-22 05:43 90,632 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-22 05:43 98,440 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-19 21:51 163,840 a------- c:\windows\system32\Updater.exe
2009-01-05 02:26 22,016 -------- c:\windows\system32\~.exe
2006-09-15 00:31 604 ac--h--- c:\program files\STLL Notifier

============= FINISH: 11:50:57.98 ===============



Damn, my computer's a mess, haha... anyways, thank you very, very much for your time!

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:07:51 AM

Posted 05 April 2009 - 04:20 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 daboone

daboone
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 05 April 2009 - 10:13 AM

Hey, thanks for the reply and I appreciate the help...

I actually managed to resolve a couple of problems, such as the Google redirection...

However, some domains still redirect and there's still something creating pop-ups, specifically when using MySpace...




DDS (Ver_09-03-16.01) - NTFSx86
Run by KZ4ZZ at 11:06:03.14 on Sun 04/05/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.264 [GMT -4:00]

AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elantech\Ktp.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\CPUTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\utilman.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\KZ4ZZ\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.averatec.com
mStart Page = hxxp://www.averatec.com/
uInternet Connection Wizard,ShellNext = hxxp://www.averatec.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Windows Update] c:\windows\system32\Updater.exe
mRun: [KTPWare] c:\program files\elantech\Ktp.exe
mRun: [AudioDeck] c:\program files\viaudioi\sbadeck\ADeck.exe 1
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [CPUTray] c:\windows\system32\CPUTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [BigDogPath] c:\windows\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\kz4zz\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma

Loader.exe
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program

files\java\jre1.6.0_07\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kz4zz\applic~1\mozilla\firefox\profiles\0iipql7z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\kz4zz\application

data\mozilla\firefox\profiles\0iipql7z.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-2-22 12936]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-7-17 32320]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2005-7-17 23200]
R0 ptpd;Disk Filter Driver;c:\windows\system32\drivers\ptpd.sys [2005-7-21 6656]
R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.SYS [2005-7-21 43512]
R0 Spssys;Toshiba SPS Service;c:\windows\system32\drivers\spssys.sys [2006-8-28 164256]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-22 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-22 26824]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-22 90632]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-22 231704]
R2 FBAPI;FBAPI;c:\windows\system32\drivers\FBAPI.sys [2005-7-21 5088]
R2 Machnm32;Machnm32 Driver;c:\windows\system32\Machnm32.sys [2005-7-21 2304]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-6 24652]
R3 axvbusx;axvbusx;c:\windows\system32\drivers\axvbusx.sys [2002-12-27 8384]
R3 axvscsi;axvscsi;c:\windows\system32\drivers\axvscsi.sys [2002-12-27 98560]
R3 Ktp;Elantech Touchpad;c:\windows\system32\drivers\Ktp.sys [2005-7-17 26112]
R3 PhnxVcd;PhnxVcd;c:\windows\system32\drivers\phnxvcd.sys [2005-7-21 36096]
S2 spoolsv.exe;spoolsv.exe;c:\windows\system\dcache\data\scan\service.exe /name:"spoolsv.exe" /start:"hiderun.exe spoolsv.exe mirc.ini" -->

c:\windows\system\dcache\data\scan\Service.exe [?]
S3 c233b4f7-e012-4f3b-aff5-7d76523cb296;c233b4f7-e012-4f3b-aff5-7d76523cb296;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-23 42376]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-23 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-23 81288]
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [2007-9-6 32384]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-23 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-23 1073544]

=============== Created Last 30 ================

2009-04-02 02:09 <DIR> --d----- c:\program files\common files\DivX Shared
2009-04-01 20:55 <DIR> --d----- c:\windows\system32\Adobe
2009-04-01 01:53 <DIR> --d----- c:\program files\DirectVobSub
2009-03-30 18:18 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-03-30 18:17 <DIR> --d----- c:\windows\ERUNT

==================== Find3M ====================

2009-02-24 15:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-02-24 15:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-02-24 15:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-02-24 15:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-02-24 15:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-02-24 15:34 684,032 a------- c:\windows\system32\DivX.dll
2009-02-22 05:43 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-22 05:43 12,936 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-02-22 05:43 90,632 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-22 05:43 98,440 a------- c:\windows\system32\drivers\avgldx86.sys
2006-09-15 00:31 604 ac--h--- c:\program files\STLL Notifier

============= FINISH: 11:07:02.98 ===============

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:51 AM

Posted 05 April 2009 - 03:33 PM

Hello, daboone
We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTListIt.txt
  • Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 daboone

daboone
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 06 April 2009 - 03:04 AM

OTListIt logfile created on: 4/6/2009 3:53:35 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.0 Folder = C:\Documents and Settings\KZ4ZZ\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.36 Mb Total Physical Memory | 45.66 Mb Available Physical Memory | 9.52% Memory free
1.09 Gb Paging File | 0.38 Gb Available in Paging File | 34.32% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.18 Gb Total Space | 1.08 Gb Free Space | 1.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JASON
Current User Name: KZ4ZZ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2005/01/27 04:33:58 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/03/02 01:46:26 | 00,253,952 | ---- | M] (ELANTECH Devices Corp.) -- C:\Program Files\Elantech\Ktp.exe
PRC - [2005/03/04 02:20:46 | 00,512,000 | ---- | M] (VIA Technologies, Inc.) -- C:\Program Files\VIAudioi\SBADeck\ADeck.exe
PRC - [2004/12/29 03:01:56 | 00,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2005/03/07 15:33:28 | 00,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2005/01/10 19:33:24 | 00,143,360 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTtrayp.exe
PRC - [2005/05/13 18:46:28 | 00,212,992 | ---- | M] (OEM) -- C:\WINDOWS\system32\CPUTray.exe
PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2005/02/28 17:53:04 | 00,053,248 | ---- | M] (Vimicro) -- C:\WINDOWS\VM_STI.EXE
PRC - [2008/06/10 04:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2004/08/04 08:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
PRC - [2008/04/13 20:12:38 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\utilman.exe
PRC - [2008/07/30 12:34:12 | 00,566,592 | ---- | M] (Apple Inc.) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
PRC - [2009/02/22 05:43:06 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/02/22 05:43:07 | 00,638,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/02/22 05:43:13 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/02/22 05:43:13 | 00,408,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/03/30 06:07:57 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2006/10/18 22:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2009/04/06 03:52:34 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KZ4ZZ\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/03/23 15:56:23 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/22 05:43:06 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/02 11:13:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2005/01/27 04:33:58 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/10/12 17:29:58 | 00,049,152 | ---- | M] (Phoenix Technologies Ltd.) -- C:\WINDOWS\system32\PhnxCDSvr.exe -- (PhnxVCDService [On_Demand | Stopped])
SRV - [2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])
SRV - [2008/08/07 13:12:38 | 01,073,544 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/07/17 12:39:28 | 00,017,119 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2004/08/11 19:30:00 | 00,039,424 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2009/02/22 05:43:41 | 00,098,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/02/22 05:43:31 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/02/22 05:43:51 | 00,012,936 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86 [Boot | Running])
DRV - [2009/02/22 05:43:49 | 00,090,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2002/12/27 20:14:02 | 00,008,384 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\axvbusx.sys -- (axvbusx [On_Demand | Running])
DRV - [2002/12/27 20:14:30 | 00,098,560 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\axvscsi.sys -- (axvscsi [On_Demand | Running])
DRV - [2004/05/18 18:43:54 | 00,005,088 | ---- | M] () -- C:\WINDOWS\system32\drivers\FBAPI.sys -- (FBAPI [Auto | Running])
DRV - [2005/05/17 13:53:12 | 00,043,008 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys -- (FETND5BV [On_Demand | Stopped])
DRV - [2001/08/17 08:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
DRV - [2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/06/02 16:19:12 | 00,042,376 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [On_Demand | Stopped])
DRV - [2008/06/02 16:19:16 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt [On_Demand | Stopped])
DRV - [2008/06/10 22:22:52 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [On_Demand | Stopped])
DRV - [2004/08/03 22:31:26 | 00,032,384 | ---- | M] (KLSI USA, Inc.) -- C:\WINDOWS\system32\DRIVERS\usb101et.sys -- (KLSIENET [On_Demand | Running])
DRV - [2005/05/05 05:53:10 | 00,026,112 | ---- | M] (ELANTECH Devices Corp.) -- C:\WINDOWS\system32\DRIVERS\Ktp.sys -- (Ktp [On_Demand | Running])
DRV - [2003/08/13 03:27:00 | 00,002,304 | ---- | M] () -- C:\WINDOWS\system32\Machnm32.sys -- (Machnm32 [Auto | Running])
DRV - [2008/04/13 14:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2005/03/15 18:47:00 | 00,032,320 | ---- | M] (O2Micro ) -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR [Boot | Running])
DRV - [2005/03/15 18:47:32 | 00,023,200 | ---- | M] (O2 Micro ) -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR [Boot | Running])
DRV - [2004/10/12 18:35:40 | 00,036,096 | ---- | M] (Phoenix Technologies Ltd.) -- C:\WINDOWS\System32\Drivers\PhnxVcd.sys -- (PhnxVcd [On_Demand | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/07/16 14:21:38 | 00,006,656 | ---- | M] (Phoenix Technologies Ltd.) -- C:\WINDOWS\system32\drivers\ptpd.sys -- (ptpd [Boot | Running])
DRV - [2007/09/28 12:07:50 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/05/18 18:43:58 | 00,043,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\RITCPT.SYS -- (RITCPT [Boot | Running])
DRV - [2004/12/15 22:12:04 | 00,218,368 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\RT2500.sys -- (RT2500 [On_Demand | Running])
DRV - [2005/10/25 15:40:34 | 00,055,168 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\System32\drivers\sdcplh.sys -- (sdcplh [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/03/25 01:47:24 | 00,929,618 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])
DRV - [2004/05/07 21:56:20 | 00,164,256 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\spssys.sys -- (Spssys [Boot | Running])
DRV - [2005/03/07 22:50:16 | 00,172,544 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\DRIVERS\vtmini.sys -- (viagfx [On_Demand | Running])
DRV - [2005/04/08 14:48:18 | 00,179,968 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio [On_Demand | Running])
DRV - [2004/12/23 11:21:42 | 00,093,600 | ---- | M] (VM) -- C:\WINDOWS\System32\Drivers\usbVM31b.sys -- (ZSMC301b [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.averatec.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.averatec.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.averatec.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.averatec.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.averatec.com

IE - HKU\S-1-5-21-443286082-3890994644-556712488-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-443286082-3890994644-556712488-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-443286082-3890994644-556712488-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-443286082-3890994644-556712488-1006\S-1-5-21-443286082-3890994644-556712488-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.5
FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.0.4
FF - prefs.js..extensions.enabledItems: {469CEB59-8266-438b-91D9-82F56D595E15}:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:2.0.0.46

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/02/22 05:43:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/30 18:04:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/02 02:11:14 | 00,000,000 | ---D | M]

[2008/09/07 13:10:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KZ4ZZ\Application Data\mozilla\Extensions
[2008/09/07 13:10:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KZ4ZZ\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/05 11:18:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KZ4ZZ\Application Data\mozilla\Firefox\Profiles\0iipql7z.default\extensions
[2008/09/07 13:11:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KZ4ZZ\Application Data\mozilla\Firefox\Profiles\0iipql7z.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2008/11/30 04:33:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KZ4ZZ\Application Data\mozilla\Firefox\Profiles\0iipql7z.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2008/01/03 13:11:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KZ4ZZ\Application Data\mozilla\Firefox\Profiles\0iipql7z.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
[2008/08/17 15:40:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KZ4ZZ\Application Data\mozilla\Firefox\Profiles\0iipql7z.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2008/01/03 13:11:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KZ4ZZ\Application Data\mozilla\Firefox\Profiles\0iipql7z.default\extensions\{469CEB59-8266-438b-91D9-82F56D595E15}
[2007/10/20 14:28:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KZ4ZZ\Application Data\mozilla\Firefox\Profiles\0iipql7z.default\extensions\{800e72c4-0a2c-4bc5-a10a-1ee66dfd762a}
[2007/10/20 14:28:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KZ4ZZ\Application Data\mozilla\Firefox\Profiles\0iipql7z.default\extensions\{86b1f2a0-1790-11db-ac5d-0800200c9a66}
[2007/10/20 14:28:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KZ4ZZ\Application Data\mozilla\Firefox\Profiles\0iipql7z.default\extensions\{8c304a60-62d6-11db-bd13-0800200c9a66}
[2007/12/12 20:00:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KZ4ZZ\Application Data\mozilla\Firefox\Profiles\0iipql7z.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
[2007/10/20 14:28:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KZ4ZZ\Application Data\mozilla\Firefox\Profiles\0iipql7z.default\extensions\{a909b230-17c6-11db-ac5d-0800200c9a66}
[2008/11/30 04:33:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KZ4ZZ\Application Data\mozilla\Firefox\Profiles\0iipql7z.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/04/04 10:57:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/30 06:08:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/05/29 16:55:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2008/05/07 18:06:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/09/20 17:03:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/30 06:07:56 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/30 06:07:56 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 21:50:19 | 00,048,640 | ---- | M] () -- C:\Program Files\mozilla firefox\components\iamfamous.dll
[2008/09/07 13:10:34 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/07 13:10:34 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/07 13:10:34 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 20:04:49 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/07 13:10:34 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/07 13:10:34 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/07 13:10:34 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\Jccatch.dll (FlashGet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKU\S-1-5-21-443286082-3890994644-556712488-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-443286082-3890994644-556712488-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 (VIA Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL) (Vimicro)
O4 - HKLM..\Run: [CPUTray] C:\WINDOWS\system32\CPUTray.exe (OEM)
O4 - HKLM..\Run: [KTPWare] C:\Program Files\Elantech\Ktp.exe (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [SMSERIAL] sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] VTtrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKU\S-1-5-21-443286082-3890994644-556712488-1006..\Run: [Windows Update] C:\WINDOWS\system32\Updater.exe File not found
O4 - Startup: C:\Documents and Settings\KZ4ZZ\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-443286082-3890994644-556712488-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/07 17:24:11 | 00,000,044 | ---- | M] () - C:\autoexec2.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/06 03:52:33 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KZ4ZZ\Desktop\OTListIt2.exe
[2009/04/02 02:11:12 | 00,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2009/04/02 02:10:43 | 00,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/04/02 02:09:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/04/02 02:09:44 | 00,001,476 | ---- | C] () -- C:\Documents and Settings\KZ4ZZ\Desktop\DivX Movies.lnk
[2009/04/01 20:55:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/04/01 01:53:40 | 00,000,000 | ---D | C] -- C:\Program Files\DirectVobSub
[2009/04/01 01:52:26 | 00,403,335 | ---- | C] () -- C:\Documents and Settings\KZ4ZZ\Desktop\vsfilter.2.39_nt.exe
[2009/03/30 18:18:54 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/03/30 18:17:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/03/30 11:06:26 | 08,707,194 | ---- | C] () -- C:\Documents and Settings\KZ4ZZ\Desktop\the_apollo_stars_-_my_dear_portugal.mp3
[2009/03/30 11:06:21 | 10,221,769 | ---- | C] () -- C:\Documents and Settings\KZ4ZZ\Desktop\the_apollo_stars_-_johnny_comes_marching_home.mp3
[2009/03/30 11:06:16 | 12,516,261 | ---- | C] () -- C:\Documents and Settings\KZ4ZZ\Desktop\the_apollo_stars_-_were_moving_in.mp3
[2009/03/30 11:06:10 | 19,104,238 | ---- | C] () -- C:\Documents and Settings\KZ4ZZ\Desktop\the_apollo_stars_-_summertime.mp3
[2009/03/30 11:06:02 | 09,070,694 | ---- | C] () -- C:\Documents and Settings\KZ4ZZ\Desktop\the_apollo_stars_-_the_power_of_source.mp3
[2009/03/27 11:49:10 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\KZ4ZZ\Desktop\dds.scr
[2009/03/20 12:48:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KZ4ZZ\Desktop\mewzyx
[2009/02/02 11:41:24 | 00,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/02/02 11:41:24 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2009/02/02 11:41:24 | 00,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/02/02 11:41:16 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2009/02/02 11:41:16 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2009/02/02 11:41:16 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2009/02/02 11:41:12 | 00,009,013 | ---- | C] () -- C:\WINDOWS\HL-2040.INI
[2009/02/02 11:40:27 | 00,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/12/19 08:59:20 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/11/15 14:49:10 | 00,000,067 | ---- | C] () -- C:\WINDOWS\Easy DVD Creator.INI
[2007/01/30 11:58:23 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/19 11:22:51 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/03 14:30:25 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2006/10/03 14:25:37 | 00,000,611 | ---- | C] () -- C:\WINDOWS\PCalcpro.ini
[2006/10/03 14:25:37 | 00,000,561 | ---- | C] () -- C:\WINDOWS\asc_sys.ini
[2006/10/03 14:25:37 | 00,000,182 | ---- | C] () -- C:\WINDOWS\medlrng.ini
[2006/10/03 14:25:23 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2006/10/03 14:22:51 | 00,050,688 | ---- | C] () -- C:\WINDOWS\System32\iproc.dll
[2006/10/03 14:22:51 | 00,041,984 | ---- | C] () -- C:\WINDOWS\System32\iprocnt.dll
[2006/10/03 14:21:39 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\twdll.dll
[2006/10/03 14:21:39 | 00,000,134 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
[2006/10/03 12:22:58 | 00,000,748 | ---- | C] () -- C:\WINDOWS\LMAAL2DD.ini
[2006/09/18 20:05:47 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\RunSetup.dll
[2006/09/18 20:05:47 | 00,024,576 | ---- | C] () -- C:\WINDOWS\RunSetup.dll
[2006/08/28 05:51:48 | 00,000,037 | ---- | C] () -- C:\WINDOWS\GBRoom.INI
[2006/08/28 05:47:31 | 00,434,176 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2.dll
[2005/07/26 01:52:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/07/21 16:30:58 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/21 16:18:43 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\phnxpsa.ini
[2005/07/21 16:18:34 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2005/07/21 16:18:02 | 00,043,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\RITCPT.SYS
[2005/07/21 16:17:26 | 00,005,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\FBAPI.sys
[2005/07/17 12:37:21 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2005/07/17 12:36:50 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2005/07/17 12:33:17 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2005/07/17 12:21:34 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2005/07/17 12:21:34 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2005/07/17 12:21:34 | 00,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005/07/17 12:21:33 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005/07/17 12:21:33 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005/07/17 12:21:33 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2005/07/17 12:21:33 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2005/07/17 12:21:33 | 00,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2005/07/17 12:21:33 | 00,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005/07/17 11:37:11 | 00,001,410 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/07/17 11:36:41 | 00,000,877 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/07/17 11:36:37 | 00,000,278 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/11/24 15:09:56 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\WlanInstallDll.dll
[2004/02/10 20:15:36 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/12/27 20:14:30 | 00,098,560 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axvscsi.sys
[2002/12/27 20:14:02 | 00,008,384 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axvbusx.sys
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/06 03:52:34 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KZ4ZZ\Desktop\OTListIt2.exe
[2009/04/05 19:25:28 | 00,220,672 | ---- | M] () -- C:\Documents and Settings\KZ4ZZ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/02 02:11:12 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2009/04/02 02:10:43 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/04/02 02:09:45 | 00,001,476 | ---- | M] () -- C:\Documents and Settings\KZ4ZZ\Desktop\DivX Movies.lnk
[2009/04/01 11:22:40 | 00,000,877 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/01 01:52:27 | 00,403,335 | ---- | M] () -- C:\Documents and Settings\KZ4ZZ\Desktop\vsfilter.2.39_nt.exe
[2009/03/31 18:19:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/30 18:56:39 | 00,408,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/30 18:56:39 | 00,064,602 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/30 18:56:38 | 00,479,920 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/30 18:54:22 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/30 18:52:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/30 18:52:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/30 18:19:42 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/03/30 18:18:55 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/03/30 16:00:36 | 19,104,238 | ---- | M] () -- C:\Documents and Settings\KZ4ZZ\Desktop\the_apollo_stars_-_summertime.mp3
[2009/03/30 12:50:42 | 12,516,261 | ---- | M] () -- C:\Documents and Settings\KZ4ZZ\Desktop\the_apollo_stars_-_were_moving_in.mp3
[2009/03/30 12:30:54 | 10,221,769 | ---- | M] () -- C:\Documents and Settings\KZ4ZZ\Desktop\the_apollo_stars_-_johnny_comes_marching_home.mp3
[2009/03/30 11:07:48 | 08,707,194 | ---- | M] () -- C:\Documents and Settings\KZ4ZZ\Desktop\the_apollo_stars_-_my_dear_portugal.mp3
[2009/03/30 11:07:24 | 09,070,694 | ---- | M] () -- C:\Documents and Settings\KZ4ZZ\Desktop\the_apollo_stars_-_the_power_of_source.mp3
[2009/03/27 11:49:15 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\KZ4ZZ\Desktop\dds.scr
[2009/03/07 14:59:45 | 00,001,123 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr
[2009/03/07 14:56:57 | 00,006,357 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTListIt Extras logfile created on: 4/6/2009 3:53:35 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.0 Folder = C:\Documents and Settings\KZ4ZZ\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.36 Mb Total Physical Memory | 45.66 Mb Available Physical Memory | 9.52% Memory free
1.09 Gb Paging File | 0.38 Gb Available in Paging File | 34.32% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.18 Gb Total Space | 1.08 Gb Free Space | 1.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JASON
Current User Name: KZ4ZZ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-443286082-3890994644-556712488-1006\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/07/26 01:26:06 | 00,053,346 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_08\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary
[2006/07/28 16:11:12 | 02,109,440 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
[2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2008/04/13 20:12:17 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper
[2006/11/03 03:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/01/03 12:15:06 | 00,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2009/02/13 00:15:22 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2009/03/30 06:07:57 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
File not found -- C:\WINDOWS\system32\office2007\mirc.exe:*:Disabled:mIRC
[2000/12/06 08:51:00 | 02,048,000 | ---- | M] () -- C:\Games\TTOTD\Tod_e.exe:*:Enabled:Tod_e
[2000/12/06 08:51:00 | 02,048,000 | ---- | M] () -- C:\Games\TODG\Tod_e.exe:*:Enabled:Tod_e
[2008/06/02 11:13:18 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/02/22 05:43:07 | 00,638,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe
[2009/02/22 05:43:08 | 00,652,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2009/02/22 05:43:13 | 00,408,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}" = CuteFTP 7 Professional
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33df47f1-b83a-4eb5-aa56-eab28a1eae14}" = TOSHIBA gigabeat applications 2.0.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BB2AA79-6623-48F4-B288-0CE1C88D40D6}" = O2Micro Flash Memory Card Windows Driver
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}" = Vimicro USB PC Camera (ZC0301PL)
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5F4B558D-8AEB-4DEE-AAB3-C00D1D9A86BA}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}" = Sony Sound Forge 8.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8364CB46-44D7-42B3-B9EC-9420B74AB25F}" = Phoenix Core Managed Environment (cME)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8ECBE643-8230-11D5-9D6B-00A024112F81}" = VDMSound 2.0.4
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9F70BF98-003C-491D-81FC-FF9792206AF0}" = iTunes
"{A4F0861C-22B2-401C-89F2-F1F1AD4F21B4}" = CPU Speed High / Low Status Application
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-0000-7EC8-7489-000000000702}" = Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
"{AC76BA86-0000-7EC8-7489-000000000703}" = Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AC76BA86-7AD7-5464-3428-7E8A450000A7}" = Spelling Dictionaries For Adobe Reader Package
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BF6FE982-07B7-47B9-A817-9E6B1E7B3C8F}" = Brother HL-2040
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C76145F4-19F6-407D-AEE5-CE1D376FA777}" = Config2500 WLAN Software 3.0.1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EDA2E9CA-8B7E-4BC0-9B0F-34B299555BF3}" = Retail Virtual EVE
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"3GP to GIF JPEG Converter_is1" = 3GP to GIF JPEG Converter v1.0
"Active@ ISO Burner v 1.1" = Active@ ISO Burner v 1.1
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Gadgets 2.8" = AIM Gadgets 2.8
"AIM_6" = AIM 6
"Amor SWF to VCD SVCD DVD Creator & Burner_is1" = Amor SWF to VCD SVCD DVD Creator & Burner 1.9
"AOL Instant Messenger" = AOL Instant Messenger
"AVG8Uninstall" = AVG 8.0
"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.19
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"AVS4YOU Video Converter_is1" = AVS Video Converter 5.6
"camcodec" = CamStudio Lossless Codec
"CamStudio" = CamStudio
"CDRWIN" = CDRWIN
"DirectVobSub" = DirectVobSub (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Audio Extractor_is1" = DVD Audio Extractor 4.3.0
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy DVD Creator_is1" = Easy DVD Creator 1.5.4
"Elantech" = KTP Ware PS/2-WDM 5.0.2.1
"Finale NotePad 2008" = Finale NotePad 2008
"FlashGet(JetCar)" = FlashGet(JetCar)
"FLVPlayer" = FLV Player 1.3.3
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"GameSpy Arcade" = GameSpy Arcade
"Icesun Sound Recorder" = Icesun Sound Recorder
"InstallShield_{3BB2AA79-6623-48F4-B288-0CE1C88D40D6}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{8364CB46-44D7-42B3-B9EC-9420B74AB25F}" = Phoenix Core Managed Environment (cME)
"Interactive Mathematics" = AcademicOnline Interactive Mathematics
"IsoBuster_is1" = IsoBuster 2.0
"Lexmark_HostCD" = Lexmark Software Uninstall
"Magic ISO Maker v5.3 (build 0216)" = Magic ISO Maker v5.3 (build 0216)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mIRC" = mIRC
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MP4 Video Converter 3" = MP4 Video Converter 3
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PicoZip Recovery Tool 1.02" = PicoZip Recovery Tool 1.02
"RestoreIT!" = Phoenix FirstWare Recover Pro 2004
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Sibelius 4" = Sibelius 4
"Sibelius Scorch" = Sibelius Scorch
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Spyware Doctor" = Spyware Doctor 6.0
"Strange Wilderness" = Strange Wilderness Screen Saver
"Total Video Converter 3.02_is1" = Total Video Converter 3.02
"VIA Vinyl Audio Codecs Driver Setup Program" = VIA Vinyl Audio Codecs Driver Setup Program
"VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-443286082-3890994644-556712488-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/27/2008 5:02:49 AM | Computer Name = JASON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module unknown, version 0.0.0.0, fault address 0x04acceb0.

Error - 4/1/2008 10:13:00 PM | Computer Name = JASON | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 4/1/2008 10:13:00 PM | Computer Name = JASON | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 4/10/2008 12:39:41 PM | Computer Name = JASON | Source = Application Hang | ID = 1002
Description = Hanging application uTorrent.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2008 12:39:41 PM | Computer Name = JASON | Source = Application Hang | ID = 1002
Description = Hanging application uTorrent.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/7/2008 9:56:30 PM | Computer Name = JASON | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Error - 5/7/2008 10:00:26 PM | Computer Name = JASON | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

Error - 6/7/2008 3:08:44 PM | Computer Name = JASON | Source = Application Hang | ID = 1002
Description = Hanging application uTorrent.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/8/2008 11:14:42 PM | Computer Name = JASON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module unknown, version 0.0.0.0, fault address 0x04afceb0.

Error - 6/14/2008 8:00:40 PM | Computer Name = JASON | Source = Application Hang | ID = 1002
Description = Hanging application Photoshop.exe, version 9.0.2.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/7/2008 5:56:16 AM | Computer Name = JASON | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {A0717E52-8AC8-4DD9-8682-0B76775125E6}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\divxsm.exe -Embedding

Error - 11/7/2008 6:08:36 AM | Computer Name = JASON | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {A0717E52-8AC8-4DD9-8682-0B76775125E6}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\divxsm.exe -Embedding

Error - 11/7/2008 6:21:43 AM | Computer Name = JASON | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {A0717E52-8AC8-4DD9-8682-0B76775125E6}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\divxsm.exe -Embedding

Error - 11/7/2008 3:03:55 PM | Computer Name = JASON | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {A0717E52-8AC8-4DD9-8682-0B76775125E6}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\divxsm.exe -Embedding

Error - 11/7/2008 5:16:47 PM | Computer Name = JASON | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {A0717E52-8AC8-4DD9-8682-0B76775125E6}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\divxsm.exe -Embedding

Error - 11/8/2008 4:24:03 AM | Computer Name = JASON | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {A0717E52-8AC8-4DD9-8682-0B76775125E6}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\divxsm.exe -Embedding

Error - 11/9/2008 1:58:40 AM | Computer Name = JASON | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {A0717E52-8AC8-4DD9-8682-0B76775125E6}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\divxsm.exe -Embedding

Error - 11/9/2008 1:59:36 AM | Computer Name = JASON | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {A0717E52-8AC8-4DD9-8682-0B76775125E6}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\divxsm.exe -Embedding

Error - 11/9/2008 2:00:55 AM | Computer Name = JASON | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {A0717E52-8AC8-4DD9-8682-0B76775125E6}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\divxsm.exe -Embedding

Error - 11/9/2008 2:01:09 AM | Computer Name = JASON | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {A0717E52-8AC8-4DD9-8682-0B76775125E6}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\divxsm.exe -Embedding


< End of report >

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:51 AM

Posted 06 April 2009 - 08:10 PM

Hello, daboone
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 daboone

daboone
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 08 April 2009 - 05:30 PM

Huuuum, okay... I removed all the old Javas, rebooted, and installed the newest one...

Buuut every time I've tried to visit the ESET link, all I get is this lame-bleep error message:

Connection Interrupted

The connection to the server was reset while the page was loading.

The network link was interrupted while negotiating a connection. Please try again.

:)

:thumbup2:

Edited by Billy O'Neal, 08 April 2009 - 11:36 PM.


#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:51 AM

Posted 08 April 2009 - 11:36 PM

Hello, daboone
Please give this one a shot instead then.

Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • Kaspersky's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:51 AM

Posted 13 April 2009 - 06:19 PM

Hello, daboone
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users