Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help, explorer 50% wlcomm 50% cpu usage


  • This topic is locked This topic is locked
14 replies to this topic

#1 DAngel

DAngel

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 19 April 2009 - 01:15 AM

Hi,

my computer recently for no reason at all started freezing whenever I turn it on, when starting programs starts loading, on task manager explorer.exe goes to 50% cpu usage and sometimes together with wlcomm at 50% as well leaving my computer frozen and unresponsive. I restart my computer several times and notices that it takes around 7-8 times to get the computer to load with no problems at all for once, I've attached my hijackthis log, can somebody help me please?

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:09 PM

Posted 20 April 2009 - 02:34 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 DAngel

DAngel
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 21 April 2009 - 08:19 PM

Hi Sam,
I've attached the OTListIt.txt & Extra.txt from OTList2 as well as GMER's scan results.

I've recently ran a couple of programs to try and fix it myself, including Regcure, Ad-adware and it seems that my computer now only freezes <50% of the time I turn it on rather than 4 out of 5 times.


This is from GMER

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-22 11:17:27
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B967462C 5 Bytes JMP 8A1A4770
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 B93E74D0 48 Bytes [60, 9A, 6C, 29, 43, 31, 27, ...]
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EBEAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EBEC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EBEB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EBF748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EBF61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9ED429A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A3951E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D30A7883-1E23-4DFD-B899-AE8651E7DB04} 89E371E8

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 8A1A3790
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A3981E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A3981E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A3981E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A3981E8
Device \Driver\usbuhci \Device\USBPDO-1 8A1A3790
Device \Driver\usbehci \Device\USBPDO-2 8A1A5790
Device \Driver\usbuhci \Device\USBPDO-3 8A1A3790
Device \Driver\usbuhci \Device\USBPDO-4 8A1A3790

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\usbuhci \Device\USBPDO-5 8A1A3790
Device \Driver\usbehci \Device\USBPDO-6 8A1A5790
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A3991E8
Device \Driver\Cdrom \Device\CdRom0 8A0C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A3991E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A3991E8
Device \Driver\Cdrom \Device\CdRom1 8A0C51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A3971E8
Device \Driver\atapi \Device\Ide\IdePort0 8A3971E8
Device \Driver\atapi \Device\Ide\IdePort1 8A3971E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8A3971E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{79A19784-1B57-48FC-9B6D-09FE9459F4F6} 89E371E8
Device \Driver\Cdrom \Device\CdRom2 8A0C51E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89E371E8
Device \Driver\NetBT \Device\NetbiosSmb 89E371E8
Device \Driver\PCI_NTPNP8662 \Device\0000004d sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{827F26B2-0EF1-420E-9126-3C3CC89891C5} 89E371E8
Device \Driver\usbuhci \Device\USBFDO-0 8A1A3790
Device \Driver\usbuhci \Device\USBFDO-1 8A1A3790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 899D51E8
Device \Driver\usbehci \Device\USBFDO-2 8A1A5790
Device \FileSystem\MRxSmb \Device\LanmanRedirector 899D51E8
Device \Driver\usbuhci \Device\USBFDO-3 8A1A3790
Device \Driver\usbuhci \Device\USBFDO-4 8A1A3790
Device \Driver\Ftdisk \Device\FtControl 8A3991E8
Device \Driver\usbuhci \Device\USBFDO-5 8A1A3790
Device \Driver\USBSTOR \Device\0000008b 8A0891E8
Device \Driver\usbehci \Device\USBFDO-6 8A1A5790
Device \Driver\USBSTOR \Device\0000008d 8A0891E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 8A0931E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 8A0931E8
Device \FileSystem\Cdfs \Cdfs 89FB2478

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x33 0x1A 0xAA 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x41 0x41 0xE4 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC2 0xA1 0x67 0x87 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x33 0x1A 0xAA 0xDB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x41 0x41 0xE4 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC2 0xA1 0x67 0x87 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType 1
Reg HKLM\SOFTWARE\Classes\CLSID\{ADCDC452-5950-0BD6-5DEB640DBA321648}\{0A2FAA8F-EDBD-61CA-231081ECE2D6CFC4}\{38D3EADC-5C2C-A096-9079D739DE5BCFA9}
Reg HKLM\SOFTWARE\Classes\CLSID\{ADCDC452-5950-0BD6-5DEB640DBA321648}\{0A2FAA8F-EDBD-61CA-231081ECE2D6CFC4}\{38D3EADC-5C2C-A096-9079D739DE5BCFA9}@JWOYTVPITEDJCHYUGDR5XL6BSC1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{B5607D2B-B46E-B3F4-9048AFCC28FF5FA4}\{C05554A6-FBA2-C228-B971EB90057D401E}\{5FF68CF8-794F-D6E5-5439F075104F0A49}
Reg HKLM\SOFTWARE\Classes\CLSID\{B5607D2B-B46E-B3F4-9048AFCC28FF5FA4}\{C05554A6-FBA2-C228-B971EB90057D401E}\{5FF68CF8-794F-D6E5-5439F075104F0A49}@JWOYTVPITEDJCHYUGDR5XL6BSC1 0x01 0x00 0x01 0x00 ...
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\3128438761\Groups@vQ 1

---- EOF - GMER 1.0.15 ----

Thanks in advance!

OTListIt logfile created on: 4/22/2009 9:02:15 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Phillip\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.81% Memory free
3.84 Gb Paging File | 3.46 Gb Available in Paging File | 90.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 12.43 Gb Free Space | 42.43% Space Free | Partition Type: NTFS
Drive D: | 105.49 Gb Total Space | 53.59 Gb Free Space | 50.80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 10.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-FFAC5853
Current User Name: Phillip
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/03/10 05:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2004/08/06 10:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\IgrsSvcs.exe
PRC - [2007/04/13 05:29:36 | 00,031,744 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AnyComm\common\IGRS.exe
PRC - [2008/12/29 07:42:53 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/20 17:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2004/08/06 10:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2004/08/06 10:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/03/10 05:06:55 | 00,515,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2007/06/13 20:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/08/06 10:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2007/03/22 08:49:20 | 16,126,464 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2006/06/17 10:22:46 | 00,794,713 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/04/17 05:24:32 | 00,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2007/03/13 12:49:16 | 00,569,344 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe
PRC - [2007/04/10 22:28:12 | 00,643,584 | ---- | M] (ITE Tech. Inc.) -- C:\WINDOWS\ITECIR\x86\CIRAP.exe
PRC - [2008/12/29 07:42:53 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/03/17 08:05:32 | 00,135,168 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2008/03/17 08:05:34 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2008/03/17 08:05:08 | 00,131,072 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/03/17 14:25:54 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2006/03/28 15:48:54 | 00,622,592 | R--- | M] () -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/03/17 08:04:54 | 00,249,856 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007/03/29 14:26:44 | 00,258,048 | ---- | M] (suyin) -- C:\WINDOWS\SUYIN NB Cam\lenovo Express.exe
PRC - [2006/04/24 19:23:42 | 00,339,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
PRC - [2007/04/17 05:22:16 | 00,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2005/06/06 23:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2009/03/09 18:16:30 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/09/14 00:03:41 | 00,289,088 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2006/09/11 03:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004/10/14 02:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2006/06/05 13:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
PRC - [2006/06/15 11:23:02 | 00,077,824 | ---- | M] (Nokia) -- C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
PRC - [2007/10/26 23:31:42 | 00,970,752 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files\3 Mobile\3 Mobile Broadband\3 Mobile Broadband.exe
PRC - [2009/03/28 13:21:45 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/22 09:02:01 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Phillip\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (?? LiveUpdate ???? [Auto | Stopped])
SRV - [2004/08/06 10:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\IgrsSvcs.exe -- (AnyComm.DirectRouter [Auto | Running])
SRV - [2006/11/12 15:56:18 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins [Disabled | Stopped])
SRV - File not found -- -- (E8363460 [Auto | Stopped])
SRV - [2007/04/17 05:33:18 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Disabled | Stopped])
SRV - [2004/08/06 10:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/04/13 05:29:36 | 00,031,744 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AnyComm\common\IGRS.exe -- (IGRS [Auto | Running])
SRV - [2004/08/06 10:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\IgrsSvcs.exe -- (IncSvc [On_Demand | Stopped])
SRV - [2008/12/29 07:42:53 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/03/10 05:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2003/06/20 17:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/07/29 06:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/04/17 05:14:24 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Disabled | Stopped])
SRV - [2007/04/17 05:21:20 | 00,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Disabled | Stopped])
SRV - [2006/06/05 13:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2004/08/06 10:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\IgrsSvcs.exe -- (SHE.WEB [Disabled | Stopped])
SRV - [2004/08/06 10:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\IgrsSvcs.exe -- (SheSvc [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/01/27 12:08:37 | 00,021,393 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2007/02/17 09:46:00 | 00,160,256 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2007/09/20 20:26:48 | 01,123,328 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2004/10/15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
DRV - [2006/10/31 04:52:04 | 00,329,901 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
DRV - [2006/10/31 04:51:24 | 00,030,459 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Stopped])
DRV - [2006/11/14 04:41:20 | 00,862,922 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2006/10/31 04:51:30 | 00,149,123 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
DRV - [2006/10/31 04:51:40 | 00,067,672 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2008/02/08 16:00:12 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])
DRV - [2006/06/29 16:11:08 | 00,011,712 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV [Auto | Running])
DRV - [2004/08/06 10:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\fsvga.sys -- (FsVga [System | Running])
DRV - [2005/01/08 11:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/10/26 23:29:08 | 00,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys -- (hwdatacard [On_Demand | Running])
DRV - [2008/03/17 08:45:50 | 05,955,872 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2007/03/27 13:21:06 | 04,395,008 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007/03/03 09:21:06 | 00,009,600 | ---- | M] (ITE Tech. Inc.) -- C:\WINDOWS\system32\DRIVERS\ITECIR.sys -- (ITECIR [On_Demand | Running])
DRV - [2009/03/10 05:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2006/10/01 12:19:30 | 00,007,168 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\drivers\lncdrv.sys -- (LNCDRV [On_Demand | Stopped])
DRV - [2006/05/29 08:26:36 | 00,008,704 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped])
DRV - [2006/05/29 08:26:36 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped])
DRV - [2006/05/29 08:26:38 | 00,127,488 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped])
DRV - [2006/05/29 08:26:36 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped])
DRV - [2004/08/06 10:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/02/21 12:05:38 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/02/25 08:42:22 | 00,039,936 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])
DRV - [2007/01/24 10:40:20 | 00,042,496 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys -- (rimsptsk [Auto | Running])
DRV - [2007/03/22 16:02:04 | 00,037,376 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys -- (rismxdp [Auto | Running])
DRV - [2007/03/30 09:19:36 | 00,012,416 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/11/13 20:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/03/27 11:04:40 | 01,740,032 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\snp2uvc.sys -- (SNP2UVC [On_Demand | Running])
DRV - [2008/01/30 04:35:48 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/06/17 09:40:56 | 00,193,120 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2007/02/06 08:00:42 | 00,005,120 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\Wdkbdmou.sys -- (Wdkbdmou [Boot | Running])
DRV - [2007/02/03 08:14:16 | 00,005,120 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\WDMirror.sys -- (wdmirror [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1275210071-484763869-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1275210071-484763869-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1275210071-484763869-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1275210071-484763869-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1275210071-484763869-839522115-1005\S-1-5-21-1275210071-484763869-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/29 07:42:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 13:21:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 13:21:49 | 00,000,000 | ---D | M]

[2008/08/27 17:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Phillip\Application Data\mozilla\Extensions
[2008/08/27 17:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Phillip\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/09/12 08:17:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Phillip\Application Data\mozilla\Firefox\Profiles\eswzqlt9.default\extensions
[2008/09/12 08:17:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Phillip\Application Data\mozilla\Firefox\Profiles\eswzqlt9.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}
[2008/09/12 08:17:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Phillip\Application Data\mozilla\Firefox\Profiles\eswzqlt9.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}(2)
[2009/04/21 18:23:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 13:21:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/02/10 16:54:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/05 09:41:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/08 14:57:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/29 07:43:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/28 13:21:44 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 13:21:44 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/08/27 17:10:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/08/27 17:10:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/08/27 17:10:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/14 22:10:19 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/08/27 17:10:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/08/27 17:10:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/08/27 17:10:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN ()
O4 - HKLM..\Run: [CIRAP] C:\WINDOWS\ITECIR\x86\CIRAP.exe (ITE Tech. Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SetDefPrt] D:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\SUYIN NB Cam\lenovo Express.exe (suyin)
O4 - HKU\S-1-5-21-1275210071-484763869-839522115-1005..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1275210071-484763869-839522115-1005..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe ()
O4 - HKU\S-1-5-21-1275210071-484763869-839522115-1005..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
O4 - HKU\S-1-5-21-1275210071-484763869-839522115-1005..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1275210071-484763869-839522115-1005..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKLM..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce (Symantec Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1275210071-484763869-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-484763869-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm File not found
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm File not found
O8 - Extra context menu item: Download video with Free Download Manager - file://D:\Program Files\Free Download Manager\dlfvideo.htm File not found
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1275210071-484763869-839522115-1005\..Trusted Domains: ketsujin.com ([fighterace] https in Trusted sites)
O15 - HKU\S-1-5-21-1275210071-484763869-839522115-1005\..Trusted Domains: ketsujin.com ([primary] https in Trusted sites)
O15 - HKU\S-1-5-21-1275210071-484763869-839522115-1005\..Trusted Domains: ketsujin.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-1275210071-484763869-839522115-1005\..Trusted Domains: ketsujin.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1275210071-484763869-839522115-1005\..Trusted Domains: stormofaces.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1275210071-484763869-839522115-1005\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/files/w...ntrol_en_US.cab (DjVuCtl Class)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Chessmaster Challenge\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.com/pc/support/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Chessmaster Challenge\Images\armhelper.ocx (ArmHelper Control)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09} - Reg Error: Value error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/19 06:08:36 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/12 19:07:25 | 00,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/11/12 19:07:25 | 00,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/10/20 00:49:24 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/03/11 06:46:26 | 00,000,048 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{27af6cb8-9b62-11dd-94a9-001b24d4f680}\Shell - "" = AutoRun
O33 - MountPoints2\{27af6cb8-9b62-11dd-94a9-001b24d4f680}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{27af6cb8-9b62-11dd-94a9-001b24d4f680}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/10/20 00:49:24 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{43f7231a-887c-11dd-9456-001b24d4f680}\Shell - "" = AutoRun
O33 - MountPoints2\{43f7231a-887c-11dd-9456-001b24d4f680}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8e73a811-e2e7-11dd-958a-001b24d4f680}\Shell\AutoRun\command - "" = G:\08dgu.com -- File not found
O33 - MountPoints2\{8e73a811-e2e7-11dd-958a-001b24d4f680}\Shell\explore\Command - "" = G:\08dgu.com -- File not found
O33 - MountPoints2\{8e73a811-e2e7-11dd-958a-001b24d4f680}\Shell\open\Command - "" = G:\08dgu.com -- File not found
O33 - MountPoints2\{f57a91d1-0e74-11dd-92a6-001b24d4f680}\Shell - "" = AutoRun
O33 - MountPoints2\{f57a91d1-0e74-11dd-92a6-001b24d4f680}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/10/20 00:49:24 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[2009/04/22 09:02:44 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Phillip\Desktop\67h19ox1.exe
[2009/04/22 09:01:32 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Phillip\Desktop\OTListIt2.exe
[2009/04/22 01:20:11 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2009/04/21 22:00:08 | 00,134,746 | ---- | C] () -- C:\Documents and Settings\Phillip\Desktop\http___www.emeraldinsight.com_Insight_ViewContentServlet_contentType=Article&Filename=_published_emeraldfulltextarticle_pdf_0090320206.pdf
[2009/04/21 21:58:30 | 00,126,419 | ---- | C] () -- C:\Documents and Settings\Phillip\Desktop\4373950.pdf
[2009/04/21 21:49:36 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Phillip\Desktop\St George Bank Phone Interview.doc
[2009/04/21 21:45:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phillip\Desktop\Personal
[2009/04/21 18:20:15 | 00,056,832 | ---- | C] () -- C:\Documents and Settings\Phillip\Desktop\Interview Questions.doc
[2009/04/20 09:06:37 | 00,099,840 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009/04/19 17:03:54 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/19 16:48:14 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/19 16:48:06 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/19 16:35:03 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/19 16:35:00 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/19 16:34:55 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/04/19 16:34:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/19 15:53:48 | 00,000,814 | ---- | C] () -- C:\Documents and Settings\Phillip\Desktop\HijackThis.lnk
[2009/04/19 15:34:17 | 00,108,169 | RHS- | C] () -- C:\husyu8n.exe
[2009/04/18 10:40:24 | 00,108,169 | RHS- | C] () -- C:\WINDOWS\System32\olhrwef.exe
[2009/04/15 00:33:00 | 00,000,000 | ---D | C] -- C:\Program Files\Liquid War
[2009/03/26 21:07:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/02/20 09:43:05 | 00,085,504 | RHS- | C] () -- C:\WINDOWS\System32\ckvo0.dll
[2008/12/15 20:32:11 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/05 13:52:46 | 00,000,240 | ---- | C] () -- C:\WINDOWS\n02.ini
[2008/12/04 19:54:14 | 00,000,241 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/11/09 22:41:16 | 00,126,464 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/10/11 22:42:02 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/10/06 10:48:09 | 00,000,065 | ---- | C] () -- C:\WINDOWS\minitab.ini
[2008/08/23 13:46:17 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\WinDll.dll
[2008/08/23 11:53:12 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/08/14 09:09:49 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/08/14 09:06:03 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/06/18 10:09:40 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/06/18 10:09:38 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/18 10:09:38 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/18 10:09:36 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/18 10:09:36 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/06/13 08:18:28 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/06/13 08:18:28 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/05/25 12:07:11 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll
[2008/05/08 20:21:11 | 00,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/26 12:47:01 | 01,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2008/02/26 12:46:59 | 01,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2008/02/26 12:46:59 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/02/26 12:46:59 | 00,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/02/21 12:05:44 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/02/21 12:04:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/02/21 12:04:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/02/08 16:00:11 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2008/01/30 04:35:48 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/01/19 07:29:12 | 00,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/01/19 07:29:12 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4847.dll
[2008/01/19 06:54:33 | 01,740,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/01/19 06:54:33 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2008/01/19 06:51:50 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/01/19 06:32:47 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/06 08:00:42 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\Wdkbdmou.sys
[2006/11/12 15:50:38 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/07 12:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/02/18 05:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/18 05:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/08/06 10:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/06 10:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/06 10:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/08 09:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/11/15 06:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/04/22 09:02:45 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Phillip\Desktop\67h19ox1.exe
[2009/04/22 09:02:01 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Phillip\Desktop\OTListIt2.exe
[2009/04/22 08:59:22 | 00,314,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/22 08:59:22 | 00,041,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/22 08:59:21 | 00,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/22 08:55:51 | 00,099,840 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009/04/22 08:55:34 | 00,000,388 | ---- | M] () -- C:\WINDOWS\tasks\NSSstub.job
[2009/04/22 08:54:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/22 02:20:26 | 02,109,228 | -H-- | M] () -- C:\Documents and Settings\Phillip\Local Settings\Application Data\IconCache.db
[2009/04/22 01:06:14 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\Phillip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/21 23:36:25 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Phillip\Desktop\St George Bank Phone Interview.doc
[2009/04/21 22:01:57 | 00,126,419 | ---- | M] () -- C:\Documents and Settings\Phillip\Desktop\4373950.pdf
[2009/04/21 22:01:35 | 00,134,746 | ---- | M] () -- C:\Documents and Settings\Phillip\Desktop\http___www.emeraldinsight.com_Insight_ViewContentServlet_contentType=Article&Filename=_published_emeraldfulltextarticle_pdf_0090320206.pdf
[2009/04/21 18:20:15 | 00,056,832 | ---- | M] () -- C:\Documents and Settings\Phillip\Desktop\Interview Questions.doc
[2009/04/19 16:53:24 | 00,085,504 | RHS- | M] () -- C:\WINDOWS\System32\ckvo0.dll
[2009/04/19 16:48:14 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/19 16:35:00 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/19 15:53:48 | 00,000,814 | ---- | M] () -- C:\Documents and Settings\Phillip\Desktop\HijackThis.lnk
[2009/04/18 10:40:23 | 00,108,169 | RHS- | M] () -- C:\WINDOWS\System32\olhrwef.exe
[2009/04/18 10:40:23 | 00,108,169 | RHS- | M] () -- C:\husyu8n.exe
[2009/04/14 08:45:58 | 00,001,288 | ---- | M] () -- C:\WINDOWS\ISG10.prf
[2009/04/05 09:11:17 | 00,000,372 | ---- | M] () -- C:\Documents and Settings\Phillip\My Documents\spider.sav
[2009/04/02 16:17:45 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
< End of report >

Attached Files


Edited by Buckeye_Sam, 22 April 2009 - 10:58 AM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:09 PM

Posted 22 April 2009 - 11:06 AM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O33 - MountPoints2\{43f7231a-887c-11dd-9456-001b24d4f680}\Shell - "" = AutoRun
    O33 - MountPoints2\{43f7231a-887c-11dd-9456-001b24d4f680}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{8e73a811-e2e7-11dd-958a-001b24d4f680}\Shell\AutoRun\command - "" = G:\08dgu.com -- File not found
    O33 - MountPoints2\{8e73a811-e2e7-11dd-958a-001b24d4f680}\Shell\explore\Command - "" = G:\08dgu.com -- File not found
    O33 - MountPoints2\{8e73a811-e2e7-11dd-958a-001b24d4f680}\Shell\open\Command - "" = G:\08dgu.com -- File not found
    O4 - HKU\.DEFAULT..\RunOnce: [] File not found
    O4 - HKU\S-1-5-18..\RunOnce: [] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
    O4 - HKU\S-1-5-21-1275210071-484763869-839522115-1005..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe ()
    
    :Files
    C:\husyu8n.exe
    C:\WINDOWS\System32\olhrwef.exe
    C:\WINDOWS\System32\ckvo0.dll
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

================



Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

===============


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 DAngel

DAngel
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 23 April 2009 - 05:42 AM

New Log file (for some reason i can't attach on this forum, looks like the structure's of the forum site's abit messed up)

OTListIt logfile created on: 4/23/2009 8:29:34 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Phillip\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.85% Memory free
3.84 Gb Paging File | 3.52 Gb Available in Paging File | 91.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 14.12 Gb Free Space | 48.20% Space Free | Partition Type: NTFS
Drive D: | 105.49 Gb Total Space | 53.43 Gb Free Space | 50.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 10.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-FFAC5853
Current User Name: Phillip
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/03/10 05:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2004/08/06 10:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\IgrsSvcs.exe
PRC - [2007/04/13 05:29:36 | 00,031,744 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AnyComm\common\IGRS.exe
PRC - [2008/12/29 07:42:53 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/20 17:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007/06/13 20:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/08/06 10:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2004/08/06 10:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2004/08/06 10:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2007/03/22 08:49:20 | 16,126,464 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2006/06/17 10:22:46 | 00,794,713 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/04/17 05:24:32 | 00,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2007/03/13 12:49:16 | 00,569,344 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe
PRC - [2007/04/10 22:28:12 | 00,643,584 | ---- | M] (ITE Tech. Inc.) -- C:\WINDOWS\ITECIR\x86\CIRAP.exe
PRC - [2008/12/29 07:42:53 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/03/17 08:05:32 | 00,135,168 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2008/03/17 08:05:34 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2008/03/17 08:05:08 | 00,131,072 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/03/17 14:25:54 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2008/03/17 08:04:54 | 00,249,856 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2006/03/28 15:48:54 | 00,622,592 | R--- | M] () -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2006/04/24 19:23:42 | 00,339,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
PRC - [2007/03/29 14:26:44 | 00,258,048 | ---- | M] (suyin) -- C:\WINDOWS\SUYIN NB Cam\lenovo Express.exe
PRC - [2007/04/17 05:22:16 | 00,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2005/06/06 23:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2008/10/15 00:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
PRC - [2009/03/09 18:16:30 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/10 05:06:55 | 00,515,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/09/14 00:03:41 | 00,289,088 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2006/09/11 03:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004/10/14 02:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2007/10/26 23:31:42 | 00,970,752 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files\3 Mobile\3 Mobile Broadband\3 Mobile Broadband.exe
PRC - [2006/06/05 13:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
PRC - [2006/06/15 11:23:02 | 00,077,824 | ---- | M] (Nokia) -- C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
PRC - [2009/04/22 23:33:26 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/22 09:02:01 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Phillip\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (?? LiveUpdate ???? [Auto | Stopped])
SRV - [2004/08/06 10:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\IgrsSvcs.exe -- (AnyComm.DirectRouter [Auto | Running])
SRV - [2006/11/12 15:56:18 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins [Disabled | Stopped])
SRV - File not found -- -- (E8363460 [Auto | Stopped])
SRV - [2007/04/17 05:33:18 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Disabled | Stopped])
SRV - [2004/08/06 10:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/04/13 05:29:36 | 00,031,744 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AnyComm\common\IGRS.exe -- (IGRS [Auto | Running])
SRV - [2004/08/06 10:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\IgrsSvcs.exe -- (IncSvc [On_Demand | Stopped])
SRV - [2008/12/29 07:42:53 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/03/10 05:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2003/06/20 17:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/07/29 06:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/04/17 05:14:24 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Disabled | Stopped])
SRV - [2007/04/17 05:21:20 | 00,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Disabled | Stopped])
SRV - [2006/06/05 13:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2004/08/06 10:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\IgrsSvcs.exe -- (SHE.WEB [Disabled | Stopped])
SRV - [2004/08/06 10:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\IgrsSvcs.exe -- (SheSvc [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/01/27 12:08:37 | 00,021,393 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2007/02/17 09:46:00 | 00,160,256 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2007/09/20 20:26:48 | 01,123,328 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2004/10/15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
DRV - [2006/10/31 04:52:04 | 00,329,901 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
DRV - [2006/10/31 04:51:24 | 00,030,459 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Stopped])
DRV - [2006/11/14 04:41:20 | 00,862,922 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2006/10/31 04:51:30 | 00,149,123 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
DRV - [2006/10/31 04:51:40 | 00,067,672 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2008/02/08 16:00:12 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])
DRV - [2006/06/29 16:11:08 | 00,011,712 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV [Auto | Running])
DRV - [2004/08/06 10:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\fsvga.sys -- (FsVga [System | Running])
DRV - [2005/01/08 11:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/10/26 23:29:08 | 00,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys -- (hwdatacard [On_Demand | Running])
DRV - [2008/03/17 08:45:50 | 05,955,872 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2007/03/27 13:21:06 | 04,395,008 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007/03/03 09:21:06 | 00,009,600 | ---- | M] (ITE Tech. Inc.) -- C:\WINDOWS\system32\DRIVERS\ITECIR.sys -- (ITECIR [On_Demand | Running])
DRV - [2009/03/10 05:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2006/10/01 12:19:30 | 00,007,168 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\drivers\lncdrv.sys -- (LNCDRV [On_Demand | Stopped])
DRV - [2006/05/29 08:26:36 | 00,008,704 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped])
DRV - [2006/05/29 08:26:36 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped])
DRV - [2006/05/29 08:26:38 | 00,127,488 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped])
DRV - [2006/05/29 08:26:36 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped])
DRV - [2004/08/06 10:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/02/21 12:05:38 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/02/25 08:42:22 | 00,039,936 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])
DRV - [2007/01/24 10:40:20 | 00,042,496 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys -- (rimsptsk [Auto | Running])
DRV - [2007/03/22 16:02:04 | 00,037,376 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys -- (rismxdp [Auto | Running])
DRV - [2007/03/30 09:19:36 | 00,012,416 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/11/13 20:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/03/27 11:04:40 | 01,740,032 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\snp2uvc.sys -- (SNP2UVC [On_Demand | Running])
DRV - [2008/01/30 04:35:48 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/06/17 09:40:56 | 00,193,120 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2007/02/06 08:00:42 | 00,005,120 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\Wdkbdmou.sys -- (Wdkbdmou [Boot | Running])
DRV - [2007/02/03 08:14:16 | 00,005,120 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\WDMirror.sys -- (wdmirror [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/29 07:42:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/22 23:33:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/22 23:33:28 | 00,000,000 | ---D | M]

[2008/08/27 17:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Phillip\Application Data\mozilla\Extensions
[2008/08/27 17:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Phillip\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/09/12 08:17:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Phillip\Application Data\mozilla\Firefox\Profiles\eswzqlt9.default\extensions
[2008/09/12 08:17:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Phillip\Application Data\mozilla\Firefox\Profiles\eswzqlt9.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}
[2008/09/12 08:17:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Phillip\Application Data\mozilla\Firefox\Profiles\eswzqlt9.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}(2)
[2009/04/22 19:36:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/22 23:33:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/02/10 16:54:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/05 09:41:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/08 14:57:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/29 07:43:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/22 23:33:25 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/22 23:33:25 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/08/27 17:10:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/08/27 17:10:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/08/27 17:10:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/14 22:10:19 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/08/27 17:10:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/08/27 17:10:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/08/27 17:10:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN ()
O4 - HKLM..\Run: [CIRAP] C:\WINDOWS\ITECIR\x86\CIRAP.exe (ITE Tech. Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SetDefPrt] D:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\SUYIN NB Cam\lenovo Express.exe (suyin)
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKLM..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm File not found
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm File not found
O8 - Extra context menu item: Download video with Free Download Manager - file://D:\Program Files\Free Download Manager\dlfvideo.htm File not found
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ketsujin.com ([fighterace] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ketsujin.com ([primary] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ketsujin.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ketsujin.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: stormofaces.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/files/w...ntrol_en_US.cab (DjVuCtl Class)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Chessmaster Challenge\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.com/pc/support/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Chessmaster Challenge\Images\armhelper.ocx (ArmHelper Control)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09} - Reg Error: Value error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/19 06:08:36 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/12 19:07:25 | 00,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/11/12 19:07:25 | 00,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/10/20 00:49:24 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/03/11 06:46:26 | 00,000,048 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{27af6cb8-9b62-11dd-94a9-001b24d4f680}\Shell - "" = AutoRun
O33 - MountPoints2\{27af6cb8-9b62-11dd-94a9-001b24d4f680}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{27af6cb8-9b62-11dd-94a9-001b24d4f680}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/10/20 00:49:24 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f57a91d1-0e74-11dd-92a6-001b24d4f680}\Shell - "" = AutoRun
O33 - MountPoints2\{f57a91d1-0e74-11dd-92a6-001b24d4f680}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/10/20 00:49:24 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[2009/04/23 13:29:26 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/23 11:08:15 | 00,109,601 | RHS- | C] () -- C:\g1ljsm.com
[2009/04/23 11:07:48 | 00,099,840 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds1.dll
[2009/04/22 09:01:32 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Phillip\Desktop\OTListIt2.exe
[2009/04/22 01:20:11 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2009/04/21 21:49:36 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Phillip\Desktop\St George Bank Phone Interview.doc
[2009/04/21 21:45:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phillip\Desktop\Personal
[2009/04/20 09:06:37 | 00,099,840 | ---- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009/04/19 17:03:54 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/19 16:48:14 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/19 16:48:06 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/19 16:35:03 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/19 16:35:00 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/19 16:34:55 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/04/19 16:34:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/19 15:53:48 | 00,000,814 | ---- | C] () -- C:\Documents and Settings\Phillip\Desktop\HijackThis.lnk
[2009/04/15 00:33:00 | 00,000,000 | ---D | C] -- C:\Program Files\Liquid War
[2009/03/26 21:07:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2008/12/15 20:32:11 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/05 13:52:46 | 00,000,240 | ---- | C] () -- C:\WINDOWS\n02.ini
[2008/12/04 19:54:14 | 00,000,241 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/11/09 22:41:16 | 00,126,464 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/10/11 22:42:02 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/10/06 10:48:09 | 00,000,065 | ---- | C] () -- C:\WINDOWS\minitab.ini
[2008/08/23 13:46:17 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\WinDll.dll
[2008/08/23 11:53:12 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/08/14 09:09:49 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/08/14 09:06:03 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/06/18 10:09:40 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/06/18 10:09:38 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/18 10:09:38 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/18 10:09:36 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/18 10:09:36 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/06/13 08:18:28 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/06/13 08:18:28 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/05/25 12:07:11 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll
[2008/05/08 20:21:11 | 00,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/26 12:47:01 | 01,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2008/02/26 12:46:59 | 01,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2008/02/26 12:46:59 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/02/26 12:46:59 | 00,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/02/21 12:05:44 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/02/21 12:04:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/02/21 12:04:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/02/08 16:00:11 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2008/01/30 04:35:48 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/01/19 07:29:12 | 00,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/01/19 07:29:12 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4847.dll
[2008/01/19 06:54:33 | 01,740,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/01/19 06:54:33 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2008/01/19 06:51:50 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/01/19 06:32:47 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/06 08:00:42 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\Wdkbdmou.sys
[2006/11/12 15:50:38 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/07 12:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/02/18 05:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/18 05:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/08/06 10:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/06 10:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/06 10:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/08 09:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/11/15 06:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/04/23 20:26:42 | 00,000,388 | ---- | M] () -- C:\WINDOWS\tasks\NSSstub.job
[2009/04/23 20:26:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/23 18:21:25 | 00,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/23 18:21:25 | 00,314,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/23 18:21:25 | 00,041,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/23 11:07:48 | 00,099,840 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds1.dll
[2009/04/23 11:07:47 | 00,109,601 | RHS- | M] () -- C:\g1ljsm.com
[2009/04/23 11:07:02 | 00,099,840 | ---- | M] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009/04/22 22:20:36 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\Phillip\Desktop\2009 Semester 1 Timetable.xls
[2009/04/22 17:42:28 | 01,578,832 | -H-- | M] () -- C:\Documents and Settings\Phillip\Local Settings\Application Data\IconCache.db
[2009/04/22 10:53:09 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Phillip\Desktop\St George Bank Phone Interview.doc
[2009/04/22 09:02:01 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Phillip\Desktop\OTListIt2.exe
[2009/04/22 01:06:14 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\Phillip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/19 16:48:14 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/19 16:35:00 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/19 15:53:48 | 00,000,814 | ---- | M] () -- C:\Documents and Settings\Phillip\Desktop\HijackThis.lnk
[2009/04/14 08:45:58 | 00,001,288 | ---- | M] () -- C:\WINDOWS\ISG10.prf
[2009/04/05 09:11:17 | 00,000,372 | ---- | M] () -- C:\Documents and Settings\Phillip\My Documents\spider.sav
[2009/04/02 16:17:45 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
< End of report >

#6 DAngel

DAngel
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 23 April 2009 - 07:09 AM

The Log from MAM

Malwarebytes' Anti-Malware 1.36
Database version: 2031
Windows 5.1.2600 Service Pack 2

4/23/2009 9:52:44 PM
mbam-log-2009-04-23 (21-52-44).txt

Scan type: Quick Scan
Objects scanned: 70565
Time elapsed: 2 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c5f43bef-ce2f-afe6-46d8-a647bacd1f09} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\xmp.bat (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmdfgds1.dll (Spyware.OnLineGames) -> Quarantined and deleted successfully.
C:\g1ljsm.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:09 PM

Posted 23 April 2009 - 05:47 PM

Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 DAngel

DAngel
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 27 April 2009 - 11:31 PM

Thanks for the help so far, my computer has stopped freezing when I turn it on so that's definitely a plus!

Here's the online scanner report, sorry for the late reply, I didn't have time to leave the comp on for the 50mb online download/the java keeps stuffing up.

Tuesday, April 28, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, April 28, 2009 02:33:18
Records in database: 2084991
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
I:\
Scan statistics
Files scanned 50597
Threat name 5
Infected objects 9
Suspicious objects 0
Duration of the scan 01:15:19

File name Threat name Threats count
C:\08dgu.com Infected: Trojan-GameThief.Win32.OnLineGames.tnph 1
C:\wjlfhtfm.cmd Infected: Worm.Win32.AutoRun.pil 1
C:\_OTListIt\MovedFiles\04232009_132926\husyu8n.exe Infected: Trojan-GameThief.Win32.Magania.azbl 1
C:\_OTListIt\MovedFiles\04232009_132926\WINDOWS\system32\ckvo0.dll Infected: Packed.Win32.Krap.b 1
C:\_OTListIt\MovedFiles\04232009_132926\WINDOWS\system32\olhrwef.exe Infected: Trojan-GameThief.Win32.Magania.azkb 1
D:\08dgu.com Infected: Trojan-GameThief.Win32.OnLineGames.tnph 1
D:\g1ljsm.com Infected: Trojan-GameThief.Win32.Magania.azkb 1
D:\husyu8n.exe Infected: Trojan-GameThief.Win32.Magania.azbl 1
D:\wjlfhtfm.cmd Infected: Worm.Win32.AutoRun.pil 1

Attached Files



#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:09 PM

Posted 28 April 2009 - 04:02 PM

Looks like we're in the home stretch now.


Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    C:\08dgu.com
    C:\wjlfhtfm.cmd 
    D:\08dgu.com 
    D:\g1ljsm.com 
    D:\husyu8n.exe 
    D:\wjlfhtfm.cmd
    
    
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

===================


Now let's run a full scan with Malwarebytes.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 DAngel

DAngel
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 02 May 2009 - 11:12 PM

New OT2 Log

========== FILES ==========
C:\08dgu.com moved successfully.
C:\wjlfhtfm.cmd moved successfully.
D:\08dgu.com moved successfully.
D:\g1ljsm.com moved successfully.
D:\husyu8n.exe moved successfully.
D:\wjlfhtfm.cmd moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Phillip\Local Settings\Temp\etilqs_Akj56JaZvaXMfutygpVD scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Phillip\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2d0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Phillip\Local Settings\Application Data\Mozilla\Firefox\Profiles\eswzqlt9.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Phillip\Local Settings\Application Data\Mozilla\Firefox\Profiles\eswzqlt9.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Phillip\Local Settings\Application Data\Mozilla\Firefox\Profiles\eswzqlt9.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Phillip\Local Settings\Application Data\Mozilla\Firefox\Profiles\eswzqlt9.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Phillip\Local Settings\Application Data\Mozilla\Firefox\Profiles\eswzqlt9.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Phillip\Local Settings\Application Data\Mozilla\Firefox\Profiles\eswzqlt9.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 05032009_140157

Files moved on Reboot...
File C:\Documents and Settings\Phillip\Local Settings\Temp\etilqs_Akj56JaZvaXMfutygpVD not found!
File C:\WINDOWS\temp\Perflib_Perfdata_2d0.dat not found!
C:\Documents and Settings\Phillip\Local Settings\Application Data\Mozilla\Firefox\Profiles\eswzqlt9.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Phillip\Local Settings\Application Data\Mozilla\Firefox\Profiles\eswzqlt9.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Phillip\Local Settings\Application Data\Mozilla\Firefox\Profiles\eswzqlt9.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Phillip\Local Settings\Application Data\Mozilla\Firefox\Profiles\eswzqlt9.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Phillip\Local Settings\Application Data\Mozilla\Firefox\Profiles\eswzqlt9.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Phillip\Local Settings\Application Data\Mozilla\Firefox\Profiles\eswzqlt9.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

Attached Files



#11 DAngel

DAngel
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 03 May 2009 - 12:12 AM

Mbam-Log

Malwarebytes' Anti-Malware 1.36
Database version: 2069
Windows 5.1.2600 Service Pack 2

5/3/2009 3:06:43 PM
mbam-log-2009-05-03 (15-06-43).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 142494
Time elapsed: 28 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 84

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP220\A0067928.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP231\A0072051.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP231\A0072383.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP231\A0072384.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0104245.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0104249.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0105244.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0105248.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0107247.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0107252.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0107266.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0107271.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0107292.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0107297.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0108292.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0108297.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0109318.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0109322.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0112318.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0112321.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0114319.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0115316.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP248\A0115329.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP249\A0115367.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP250\A0115454.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP250\A0117487.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP250\A0117492.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP251\A0117505.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP251\A0117536.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP251\A0117539.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP251\A0117605.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP251\A0118609.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP251\A0119622.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP251\A0119625.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0124923.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0119632.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0119684.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0120684.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0120687.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0120714.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0120717.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0120778.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0120781.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0121776.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0121779.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0121815.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0121818.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0122843.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0122846.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0124926.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0125922.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0126922.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0126925.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0127922.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0127930.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\_OTListIt\MovedFiles\04232009_132926\husyu8n.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\_OTListIt\MovedFiles\05032009_140157\husyu8n.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP220\A0067977.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0104251.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0105250.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0107253.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0107272.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0107298.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0108299.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0109324.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP247\A0115321.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP248\A0115330.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP249\A0115368.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP250\A0115455.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP250\A0117493.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP251\A0117506.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP251\A0117540.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP251\A0118610.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP251\A0119626.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0119634.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0120688.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0120718.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0120782.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0121780.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0121819.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0122847.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0126926.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP252\A0127927.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{770E222F-B7A7-4DB5-ABF8-BB71D42DADB9}\RP253\A0130120.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Attached Files



#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:09 PM

Posted 03 May 2009 - 10:54 AM

Flush your system restore, this will delete any restore points that you have but it will also make sure that any malware hiding in system restore will be booted off.

Turn off System Restore:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer, turn it back on and create a restore point.

Create a restore point:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.


Looks pretty good.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 DAngel

DAngel
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 07 May 2009 - 08:12 AM

Hey sam,

done, my computer stopped freezing since the first runfix you told me to use.
I don't have a problem at all now, I can even see hidden files which I wasn't able to before (must have been some other bugs)

thanks heaps!

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:09 PM

Posted 07 May 2009 - 11:45 AM

Very good! :)


Run OTListIt and click on the CleanUp button.
Reboot when it asks you to.



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :step4:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:09 PM

Posted 25 May 2009 - 09:59 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users