Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser redirect problem ie7/8


  • Please log in to reply
13 replies to this topic

#1 trifke

trifke

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 11 May 2009 - 09:46 PM

i found (backdoor.tidserv and w32.tidserv.g) that norton antivirus 05 might have taken care of. but when i tried to update windows xp i was redirected to google. or if i so i thought i would upgrade to ie8 and maybe that would fix.... nope. it was a headache trying to find a way just to download it without being redirected everywhere except to the download file... i am a novice so i apologize in advance...

here is the dds text and attached is the attach text



DDS (Ver_09-03-16.01) - NTFSx86
Run by LaDilia at 22:35:44.40 on Mon 05/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1472 [GMT -4:00]

AV: Norton AntiVirus 2005 *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Documents and Settings\LaDilia\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0080227
uSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0080227
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///D:/LTOCX14N.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {526A6151-EC5A-4989-9E67-17AC82882E33} - hxxp://www.weatherguard.com/vs/KnaackCtl_www.weatherguard.com_downloader.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.20,85.255.112.141
TCP: {D519D777-6ECC-49CD-807B-A6E001EC4215} = 85.255.112.20,85.255.112.141
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
LSA: Authentication Packages = msv1_0 wvauth

============= SERVICES / DRIVERS ===============

R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\SAVRTPEL.SYS [2004-12-10 50312]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-12-13 197992]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-12-13 181608]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2005-1-10 177264]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-8-4 822424]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090506.002\NAVENG.Sys [2009-5-6 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090506.002\NavEx15.Sys [2009-5-6 876144]
R3 SAVRT;SAVRT;c:\program files\norton antivirus\SAVRT.SYS [2004-12-10 338056]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2005-1-10 67184]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-12-13 79208]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVSCAN.EXE [2004-12-10 198368]

=============== Created Last 30 ================

2009-05-11 21:58 <DIR> --d----- c:\program files\CONEXANT
2009-05-11 21:47 <DIR> --d----- c:\windows\system32\syncdb
2009-05-11 20:03 <DIR> --dsh--- c:\documents and settings\ladilia\IECompatCache
2009-05-11 20:02 <DIR> --dsh--- c:\documents and settings\ladilia\PrivacIE
2009-05-11 20:01 <DIR> --dsh--- c:\documents and settings\ladilia\IETldCache
2009-05-11 19:57 <DIR> -cd-h--- c:\windows\ie8
2009-05-11 19:57 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-05-11 14:14 2,524 a------- C:\autorun.PNF
2009-05-10 22:24 341 ---shr-- C:\autorun.inf
2009-05-10 22:22 10 a------- c:\windows\system32\kr_done1
2009-05-10 20:44 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-05-10 20:44 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2009-04-15 12:29 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 12:29 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-15 12:29 2,560 -------- c:\windows\system32\xpsp4res.dll

==================== Find3M ====================

2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-12 10:40 30,107 a------- c:\windows\system32\nvModes.dat
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 18,944 -------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-02-20 14:09 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-08-05 11:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080520080806\index.dat

============= FINISH: 22:36:12.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:01 AM

Posted 12 May 2009 - 05:42 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 trifke

trifke
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 13 May 2009 - 07:25 PM

Sam,
Thank you so much for helping me. both my computers went down and i ignored the one computer and only used this laptop but when it went down too, i nearly lost it. i first want to opoligize because i jumped the gun and ran combofix first acouple days ago... i am hoping that this is not a problem. so i am including the report from combofix in thes email and then a list of things i did after befor i ran malwarebytes and otlist...

ran combofix...
then i was able to download an update to windows sp
then updated norton antivirus 05
then today i ran the scans per your instructions...


by the way, you guys rock on this site... just reabing some of the cases you folks fix... wow

thanks from me and my poor little laptop... next is my desktop... :thumbup2:


ComboFix 09-05-12.02 - LaDilia 05/12/2009 15:18.1 - NTFSx86
Running from: c:\documents and settings\LaDilia\Desktop\ComboFix.exe
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\recycler\S-1-2-93-100005619-100007212-100030165-8233.com
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\gxvxcmrgsipxetirpkymecfmudpqmoqvdoirj.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxckxwaqbkfulhbajpxnehesixrbacwpmrt.dll
c:\windows\system32\kr_done1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
.

2009-05-12 01:58 . 2009-05-12 01:58 -------- d-----w c:\program files\CONEXANT
2009-05-12 01:47 . 2009-05-12 01:47 -------- d-----w c:\windows\system32\syncdb
2009-05-12 00:25 . 2009-05-12 00:26 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-12 00:07 . 2009-05-12 00:07 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-12 00:03 . 2009-05-12 00:03 -------- d-sh--w c:\documents and settings\LaDilia\IECompatCache
2009-05-12 00:02 . 2009-05-12 00:02 -------- d-sh--w c:\documents and settings\LaDilia\PrivacIE
2009-05-12 00:01 . 2009-05-12 00:01 -------- d-sh--w c:\documents and settings\LaDilia\IETldCache
2009-05-11 23:57 . 2009-05-11 23:58 -------- dc-h--w c:\windows\ie8
2009-05-11 23:57 . 2009-05-11 23:59 -------- d--h--w c:\windows\msdownld.tmp
2009-05-11 02:28 . 2009-05-11 02:28 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-11 01:13 . 2009-05-11 02:14 -------- d-----w c:\documents and settings\LaDilia\Application Data\Download Manager
2009-05-11 00:44 . 2008-04-13 18:45 15104 ----a-w c:\windows\system32\dllcache\usbscan.sys
2009-05-11 00:44 . 2008-04-13 18:45 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-05-11 00:36 . 1998-06-17 05:14 119808 ----a-w c:\windows\system32\ITLIB32.DLL
2009-05-11 00:36 . 2001-04-11 06:10 327740 ----a-w c:\windows\system32\UCS32P.DLL
2009-05-11 00:36 . 2001-11-01 20:58 118784 ----a-w c:\windows\system32\D125WIMG.DLL
2009-05-11 00:36 . 2001-11-01 20:58 503808 ----a-w c:\windows\system32\D125WUD.DLL
2009-05-11 00:36 . 2001-09-27 19:31 729088 ----a-w c:\windows\system32\D125UAG.DLL
2009-05-11 00:36 . 2001-12-25 20:13 487424 ----a-w c:\windows\system32\D125UFW.DLL
2009-05-11 00:36 . 2001-10-04 01:47 393264 ----a-w c:\windows\system32\D125UR.DAT
2009-05-11 00:36 . 1998-06-17 05:14 45056 ----a-w c:\windows\system32\CANOIT32.EXE
2009-05-11 00:36 . 2009-05-11 00:36 -------- d-----w C:\CanoScan
2009-04-15 16:30 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 16:30 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 16:30 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 16:30 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 16:30 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 16:30 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 16:30 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 16:30 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 16:30 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 16:30 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 16:29 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 16:29 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-12 15:41 . 2008-03-12 01:09 0 ----a-w c:\documents and settings\LaDilia\Local Settings\Application Data\WavXMapDrive.bat
2009-05-12 01:54 . 2009-03-08 00:33 -------- d-----w c:\program files\Yahoo!
2009-05-12 01:52 . 2008-02-27 08:23 -------- d-----w c:\program files\Google
2009-05-12 01:50 . 2008-08-14 21:07 -------- d-----w c:\program files\Common Files\Adobe
2009-05-11 23:38 . 2009-02-06 14:25 -------- d-----w c:\program files\Coupons
2009-05-11 23:38 . 2008-02-27 08:01 -------- d-----w c:\program files\Dell
2009-05-11 23:15 . 2008-08-05 02:05 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-11 11:34 . 2008-08-05 02:06 -------- d-----w c:\program files\Norton AntiVirus
2009-05-11 02:22 . 2008-02-27 08:25 71584 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-11 02:21 . 2008-02-27 08:16 71584 ----a-w c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-11 02:15 . 2009-05-11 02:15 -------- d-----w c:\windows\Fonts\Fonts
2009-03-12 14:40 . 2008-02-27 07:45 30107 ----a-w c:\windows\system32\nvModes.dat
2009-03-08 08:34 . 2004-08-11 23:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-11 23:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-11 23:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-11 23:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-11 23:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-11 23:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-11 23:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-11 23:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-11 23:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-11 23:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-11 23:00 284160 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2008-08-05 100056]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2006-01-14 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-01-14 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 405504]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-05-31 67584]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-05-31 1626112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 7:00 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41e1adbf-9a6c-11dd-ba21-001d09b7edf5}]
\Shell\AutoRun\command - F:\Start.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-11 c:\windows\Tasks\Norton AntiVirus - Scan my computer - LaDilia.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-01-10 16:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0080227
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///D:/LTOCX14N.cab
DPF: {526A6151-EC5A-4989-9E67-17AC82882E33} - hxxp://www.weatherguard.com/vs/KnaackCtl_www.weatherguard.com_downloader.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-12 15:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2009-05-12 15:27
ComboFix-quarantined-files.txt 2009-05-12 19:27

Pre-Run: 86,092,296,192 bytes free
Post-Run: 88,069,332,992 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

180 --- E O F --- 2009-04-16 12:13


**************************************************
again im sorry for jumping the gun.... here is the Mallwarebytes report


Malwarebytes' Anti-Malware 1.36
Database version: 2128
Windows 5.1.2600 Service Pack 3

5/13/2009 7:55:59 PM
mbam-log-2009-05-13 (19-55-59).txt

Scan type: Quick Scan
Objects scanned: 87368
Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here is the OTList *****************


OTListIt logfile created on: 5/13/2009 8:03:13 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\LaDilia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.75% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 81.21 Gb Free Space | 72.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D9RZYKF1
Current User Name: LaDilia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/01/17 11:42:04 | 00,181,608 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/03/28 18:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2004/07/21 11:24:04 | 00,173,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/01/17 11:42:02 | 00,197,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/10/09 06:17:44 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2007/10/09 06:17:40 | 01,921,024 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2006/12/19 16:21:48 | 00,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2008/05/02 14:32:18 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/05/31 18:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
PRC - [2005/10/19 12:54:14 | 00,177,264 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\navapsvc.exe
PRC - [2007/05/14 16:21:40 | 00,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
PRC - [2005/10/19 12:54:52 | 00,046,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
PRC - [2007/05/31 17:50:40 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/12/05 19:24:44 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\StacSV.exe
PRC - [2008/08/04 22:06:57 | 00,822,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/11/09 00:50:10 | 01,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/09/07 19:29:04 | 00,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2005/11/10 15:03:52 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2007/05/14 16:23:32 | 01,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/09/10 11:55:04 | 00,092,160 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
PRC - [2007/09/14 12:53:16 | 00,218,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2004/07/27 18:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/01/13 20:28:19 | 00,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
PRC - [2006/01/13 20:28:18 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
PRC - [2006/10/20 19:23:38 | 00,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/11/02 16:05:50 | 00,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2008/01/17 11:42:02 | 00,058,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/10/09 06:17:44 | 02,183,168 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.exe
PRC - [2007/04/15 23:49:08 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2006/11/03 20:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2007/04/15 23:49:08 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/04/15 23:49:16 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\HidFind.exe
PRC - [2007/04/15 23:49:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/05/13 20:02:36 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LaDilia\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/12/19 16:21:48 | 00,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008/01/17 11:42:02 | 00,197,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2008/01/17 11:42:04 | 00,079,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2008/01/17 11:42:04 | 00,181,608 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/01/13 20:28:18 | 00,077,824 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\hpbpro.exe -- (HP Port Resolver [On_Demand | Stopped])
SRV - [2006/01/13 20:28:18 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\hpboid.exe -- (HP Status Server [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/07/25 18:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/05/02 14:32:18 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/05/31 18:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -- (MSSQL$MICROSOFTBCM [Auto | Running])
SRV - [2002/12/17 20:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2005/10/19 12:54:14 | 00,177,264 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\navapsvc.exe -- (navapsvc [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/05/14 16:21:40 | 00,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - [2005/10/19 12:54:52 | 00,046,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe -- (NPFMntor [Auto | Running])
SRV - [2007/05/31 17:50:40 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2005/03/07 14:59:36 | 00,198,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\SAVScan.exe -- (SAVScan [On_Demand | Stopped])
SRV - [2005/10/19 12:55:00 | 00,067,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE -- (SBService [Auto | Stopped])
SRV - [2007/08/31 19:39:18 | 00,486,400 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService [On_Demand | Stopped])
SRV - [2007/03/28 18:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [Auto | Running])
SRV - [2004/07/21 11:24:04 | 00,173,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])
SRV - [2002/12/17 20:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM [On_Demand | Stopped])
SRV - [2007/12/05 19:24:44 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\StacSV.exe -- (STacSV [Auto | Running])
SRV - [2006/09/14 16:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2008/08/04 22:06:57 | 00,822,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
SRV - [2007/11/09 00:50:10 | 01,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe [Auto | Running])
SRV - [2007/09/07 19:29:04 | 00,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService [Auto | Running])
SRV - [2007/09/13 16:31:44 | 00,192,512 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService [On_Demand | Stopped])
SRV - [2007/10/09 06:17:44 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2007/04/15 23:49:08 | 00,132,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2005/08/12 19:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2007/03/18 17:44:38 | 00,160,256 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2006/12/19 16:21:52 | 00,010,480 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND [Auto | Running])
DRV - [2007/10/09 06:17:42 | 01,123,328 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/11/02 14:32:32 | 00,097,536 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01 [On_Demand | Running])
DRV - [2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2007/11/28 18:18:24 | 00,062,208 | ---- | M] (O2Micro) -- C:\WINDOWS\System32\Drivers\oz776.sys -- (guardian2 [On_Demand | Running])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/12/02 20:26:20 | 00,211,200 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2007/12/02 20:26:22 | 00,989,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2007/12/02 20:26:28 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/06/18 21:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys -- (motmodem [On_Demand | Stopped])
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2008/05/02 14:31:59 | 00,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50 [On_Demand | Stopped])
DRV - [2008/05/02 14:31:53 | 00,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50 [On_Demand | Stopped])
DRV - [2009/02/25 05:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090513.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/02/25 05:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090513.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2007/05/31 17:50:20 | 06,727,136 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2007/09/07 11:57:14 | 00,026,608 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV [Boot | Running])
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2005/03/07 14:59:44 | 00,338,056 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\SAVRT.SYS -- (SAVRT [On_Demand | Running])
DRV - [2005/03/07 14:59:50 | 00,050,312 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2004/07/21 11:24:04 | 00,341,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2007/12/05 19:24:44 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2007/03/28 18:41:12 | 00,011,480 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2006/09/15 22:52:12 | 00,124,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2007/03/28 18:41:14 | 00,171,928 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2007/03/28 18:41:20 | 00,037,016 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009/02/09 18:59:18 | 00,251,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20090506.001\symidsco.sys -- (SYMIDSCO [On_Demand | Running])
DRV - [2008/08/04 22:06:58 | 00,004,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2007/03/28 18:41:18 | 00,047,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2007/03/28 18:41:24 | 00,018,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2007/03/28 18:41:26 | 00,266,552 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2007/12/02 20:06:06 | 00,046,992 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\System32\Drivers\tcusb.sys -- (TcUsb [On_Demand | Running])
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2007/09/06 11:18:40 | 00,018,176 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\WaveFDE.sys -- (WaveFDE [On_Demand | Running])
DRV - [2007/09/10 11:55:00 | 00,161,280 | ---- | M] (Wave Systems Corp.) -- C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys -- (WavxDMgr [Auto | Running])
DRV - [2007/12/02 20:26:20 | 00,731,136 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0080227
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0080227


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0080227
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0080227
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1478294492-2269818328-730331972-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1478294492-2269818328-730331972-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1478294492-2269818328-730331972-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKU\S-1-5-21-1478294492-2269818328-730331972-1005\S-1-5-21-1478294492-2269818328-730331972-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/05/12 15:42:35 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1478294492-2269818328-730331972-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet ()
O4 - HKLM..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer (Symantec Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-21-1478294492-2269818328-730331972-1005..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1478294492-2269818328-730331972-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1478294492-2269818328-730331972-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1478294492-2269818328-730331972-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1478294492-2269818328-730331972-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1478294492-2269818328-730331972-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1478294492-2269818328-730331972-1005\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKU\S-1-5-21-1478294492-2269818328-730331972-1005\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKU\S-1-5-21-1478294492-2269818328-730331972-1005\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-1478294492-2269818328-730331972-1005\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-1478294492-2269818328-730331972-1005\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-1478294492-2269818328-730331972-1005\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-1478294492-2269818328-730331972-1005\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1478294492-2269818328-730331972-1005\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKU\S-1-5-21-1478294492-2269818328-730331972-1005\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} file:///D:/LTOCX14N.cab (LEAD Main Control (14.0))
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} https://setup.bellsouth.net/wizlet/PWReset/...aller_6-1-2.cab (Reg Error: Value error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {526A6151-EC5A-4989-9E67-17AC82882E33} http://www.weatherguard.com/vs/KnaackCtl_w..._downloader.cab (WEATHER GUARD Vehicle Solutions Control)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/11 14:14:33 | 00,002,524 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O33 - MountPoints2\{41e1adbf-9a6c-11dd-ba21-001d09b7edf5}\Shell\AutoRun\command - "" = F:\Start.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/13 20:02:32 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LaDilia\Desktop\OTListIt2.exe
[2009/05/13 19:32:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\LaDilia\Application Data\Malwarebytes
[2009/05/13 19:31:59 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/13 19:31:59 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/13 19:31:56 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/13 19:31:55 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/13 19:31:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/13 19:30:50 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\LaDilia\Desktop\mbam-setup.exe
[2009/05/12 16:32:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\LaDilia\Local Settings\temp
[2009/05/12 16:19:29 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/05/12 15:41:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/05/12 15:41:41 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/05/12 15:41:34 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/05/12 15:41:07 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/05/12 15:41:07 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/05/12 15:41:07 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/05/12 15:41:07 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/05/12 15:41:07 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/05/12 15:41:07 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/05/12 15:41:07 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/05/12 15:41:06 | 00,000,000 | ---D | C] -- C:\17d6971d1e5d179a9f07d26ec73e4269
[2009/05/12 15:40:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/05/12 15:38:53 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/05/12 15:12:55 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/12 15:12:51 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/12 15:12:50 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/12 15:11:22 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/12 15:11:22 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/12 15:11:22 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/12 15:11:22 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/12 15:11:22 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/12 15:11:22 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/12 15:11:22 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/12 15:11:22 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/12 15:08:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/12 15:07:04 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/11 22:33:09 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\LaDilia\Desktop\dds.scr
[2009/05/11 22:16:42 | 03,021,595 | R--- | C] () -- C:\Documents and Settings\LaDilia\Desktop\ComboFix.exe
[2009/05/11 21:58:51 | 00,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2009/05/11 21:47:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\syncdb
[2009/05/11 20:26:12 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
[2009/05/11 20:25:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/05/11 19:57:35 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/05/11 19:57:17 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/05/11 19:09:11 | 21,453,53728 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/11 14:30:03 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\LaDilia\My Documents\Kitchen Remodel.doc
[2009/05/11 14:14:33 | 00,002,524 | ---- | C] () -- C:\autorun.PNF
[2009/05/10 22:28:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/05/10 21:13:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\LaDilia\Application Data\Download Manager
[2009/05/10 20:44:42 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/05/10 20:44:42 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009/05/10 20:36:26 | 00,393,264 | ---- | C] () -- C:\WINDOWS\System32\D125UR.DAT
[2009/05/10 20:36:26 | 00,393,225 | ---- | C] () -- C:\WINDOWS\System32\D125UFWF.PLG
[2009/05/10 20:36:26 | 00,393,225 | ---- | C] () -- C:\WINDOWS\System32\D125UFWB.PLG
[2009/05/10 20:36:26 | 00,393,225 | ---- | C] () -- C:\WINDOWS\System32\D125UFW1.PLG
[2009/05/10 20:36:26 | 00,327,740 | ---- | C] (Canon) -- C:\WINDOWS\System32\UCS32P.DLL
[2009/05/10 20:36:26 | 00,008,575 | ---- | C] () -- C:\WINDOWS\System32\D125UFW.INI
[2009/05/10 20:36:26 | 00,000,000 | ---D | C] -- C:\CanoScan
[2009/05/06 08:59:55 | 00,364,651 | ---- | C] () -- C:\Documents and Settings\LaDilia\Desktop\Vendor Reg Application 0208[1].pdf
[2009/05/05 14:14:15 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\LaDilia\My Documents\dave master bath.doc
[2009/04/28 08:31:29 | 00,066,172 | ---- | C] () -- C:\Documents and Settings\LaDilia\Desktop\P4250182.JPG
[2009/04/15 12:30:09 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 12:30:08 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 12:30:08 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 12:30:08 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 12:30:08 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 12:30:08 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 12:30:08 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 12:30:08 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 12:30:08 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 12:30:08 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/15 12:29:31 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 12:29:31 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/15 12:29:31 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2008/08/15 08:52:32 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2008/08/15 08:52:32 | 00,000,139 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/08/15 08:50:25 | 00,013,760 | ---- | C] () -- C:\WINDOWS\hpdj6800.ini
[2008/08/15 08:50:21 | 00,005,492 | ---- | C] () -- C:\WINDOWS\hpf6800m.ini
[2008/08/04 21:50:43 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/27 04:25:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/27 04:23:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/02/27 04:22:39 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/27 04:10:53 | 00,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/02/27 04:08:18 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/02/27 04:08:18 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/02/27 04:02:38 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/02/27 04:02:37 | 00,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/02/27 03:41:44 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/02/27 03:41:44 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/02/27 03:41:43 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/02/27 03:41:43 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/02/27 03:40:21 | 00,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/13 16:42:30 | 00,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 16:42:30 | 00,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 16:42:28 | 00,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 16:42:28 | 00,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 16:42:28 | 00,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 16:42:28 | 00,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 16:42:26 | 00,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 16:42:26 | 00,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 16:42:26 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 16:42:26 | 00,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 16:36:24 | 00,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/12 17:05:08 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 17:04:46 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 17:04:26 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 17:04:06 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 17:03:44 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 17:03:24 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 17:03:04 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 17:02:44 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 17:02:22 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 17:02:02 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 11:53:26 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/06/15 12:19:20 | 00,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/08/14 13:02:10 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 10:01:16 | 00,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2004/09/10 15:34:00 | 00,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 15:34:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 19:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:00:37 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 19:00:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/13 20:02:52 | 00,554,258 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/13 20:02:52 | 00,463,768 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/13 20:02:52 | 00,080,628 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/13 20:02:36 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LaDilia\Desktop\OTListIt2.exe
[2009/05/13 19:58:58 | 00,030,107 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/05/13 19:58:46 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/13 19:58:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/13 19:58:11 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\LaDilia\Local Settings\desktop.ini
[2009/05/13 19:58:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/13 19:58:05 | 21,453,53728 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/13 19:31:59 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/13 19:31:03 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\LaDilia\Desktop\mbam-setup.exe
[2009/05/12 16:31:29 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/12 16:29:09 | 03,021,595 | R--- | M] () -- C:\Documents and Settings\LaDilia\Desktop\ComboFix.exe
[2009/05/12 16:02:24 | 00,276,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/12 15:12:55 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/11 22:33:09 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\LaDilia\Desktop\dds.scr
[2009/05/11 21:56:50 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/11 21:56:50 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/05/11 20:26:12 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
[2009/05/11 20:01:06 | 00,000,078 | -HS- | M] () -- C:\Documents and Settings\LaDilia\My Documents\desktop.ini
[2009/05/11 19:59:16 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/11 14:30:03 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\LaDilia\My Documents\Kitchen Remodel.doc
[2009/05/11 14:14:33 | 00,002,524 | ---- | M] () -- C:\autorun.PNF
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 08:59:55 | 00,364,651 | ---- | M] () -- C:\Documents and Settings\LaDilia\Desktop\Vendor Reg Application 0208[1].pdf
[2009/05/05 14:14:16 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\LaDilia\My Documents\dave master bath.doc
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/28 08:33:00 | 00,066,172 | ---- | M] () -- C:\Documents and Settings\LaDilia\Desktop\P4250182.JPG
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
< End of report >



this is the extra llog created bby OTList

OTListIt Extras logfile created on: 5/13/2009 8:03:13 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\LaDilia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.75% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 81.21 Gb Free Space | 72.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D9RZYKF1
Current User Name: LaDilia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{624D19C3-D55D-4368-BC10-9B53036D8358}" = HP Driver Diagnostics
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92E0213D-2D81-4AC0-B9E5-BCB3AB8C2F9E}" = HP Deskjet 6800
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B81023A5-71ED-46EB-BE3B-9F974D1155F1}" = HP Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}" = Norton AntiVirus SYMLT MSI
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"DeskJet 6800 Installer" = HP Deskjet 6800
"HP Deskjet 6800 Series_Driver" = HP Deskjet 6800 Series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005 (Symantec Corporation)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1478294492-2269818328-730331972-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/12/2009 4:03:03 PM | Computer Name = D9RZYKF1 | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 2512 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 5/12/2009 4:03:03 PM | Computer Name = D9RZYKF1 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 5/12/2009 4:03:14 PM | Computer Name = D9RZYKF1 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 5/12/2009 4:03:32 PM | Computer Name = D9RZYKF1 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 5/12/2009 4:34:18 PM | Computer Name = D9RZYKF1 | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 2608 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 5/12/2009 4:34:18 PM | Computer Name = D9RZYKF1 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 5/13/2009 10:36:18 AM | Computer Name = D9RZYKF1 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 5/13/2009 7:58:44 PM | Computer Name = D9RZYKF1 | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 2556 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 5/13/2009 7:58:44 PM | Computer Name = D9RZYKF1 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 5/13/2009 7:59:11 PM | Computer Name = D9RZYKF1 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

[ System Events ]
Error - 5/7/2009 10:46:38 AM | Computer Name = D9RZYKF1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/7/2009 1:16:58 PM | Computer Name = D9RZYKF1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/8/2009 9:16:56 AM | Computer Name = D9RZYKF1 | Source = Print | ID = 54
Description = Document Vendor Reg Application 0208[1].pdf was corrupted and has
been deleted. The associated driver is: HP Deskjet 6800 Series.

Error - 5/11/2009 8:25:18 AM | Computer Name = D9RZYKF1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 60 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/11/2009 8:25:18 AM | Computer Name = D9RZYKF1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 5/11/2009 1:31:49 PM | Computer Name = D9RZYKF1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/11/2009 1:31:49 PM | Computer Name = D9RZYKF1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 5/11/2009 1:31:52 PM | Computer Name = D9RZYKF1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/11/2009 1:31:52 PM | Computer Name = D9RZYKF1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/11/2009 7:08:29 PM | Computer Name = D9RZYKF1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:01 AM

Posted 14 May 2009 - 10:25 AM

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

============


Run an online scan at Secunia Online Software Inspector
  • Click on the red button at the bottom of the screen that says Start Scanner.
  • Follow the prompts to install the scanning software.
  • Do not check the box for Enable thorough system inspection
  • Click the Start button.
  • The program will scan your system and identify insecure versions of software and missing security updates.
  • Using the links provided in the scan, download and install any current and secure versions that are needed.


============



Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
    O33 - MountPoints2\{41e1adbf-9a6c-11dd-ba21-001d09b7edf5}\Shell\AutoRun\command - "" = F:\Start.exe -- File not found
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

How is your computer behaving now?
Any more redirections?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 trifke

trifke
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 16 May 2009 - 12:33 PM

:thumbup2: Everything looks to be working better than normal... i can thank you enough...

no more redirects... computer loads much faster, thank you thank you thank you

here is the OTlist log after doing the things you suggested. can we start on my desk top next or should i post a new post? it has similar problems but more severe... the main screen has a large Virus detected warning on it and many of my features are disabled... i barely got it back to letting me navigate in windows...

here is the log and all is working great... thanks again Sam

========== OTLISTIT ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41e1adbf-9a6c-11dd-ba21-001d09b7edf5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41e1adbf-9a6c-11dd-ba21-001d09b7edf5}\ not found.
File F:\Start.exe not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\LaDilia\Local Settings\temp\~DF58AB.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LaDilia\Local Settings\temp\~DF58B9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LaDilia\Local Settings\temp\~DF591D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LaDilia\Local Settings\temp\~DF592B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LaDilia\Local Settings\temp\~DF5963.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LaDilia\Local Settings\temp\~DF59C0.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2cc.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_f10.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.15.7 log created on 05162009_132234

Files moved on Reboot...
File C:\Documents and Settings\LaDilia\Local Settings\temp\~DF58AB.tmp not found!
File C:\Documents and Settings\LaDilia\Local Settings\temp\~DF58B9.tmp not found!
File C:\Documents and Settings\LaDilia\Local Settings\temp\~DF591D.tmp not found!
File C:\Documents and Settings\LaDilia\Local Settings\temp\~DF592B.tmp not found!
File C:\Documents and Settings\LaDilia\Local Settings\temp\~DF5963.tmp not found!
File C:\Documents and Settings\LaDilia\Local Settings\temp\~DF59C0.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_2cc.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_f10.dat not found!

Registry entries deleted on Reboot...

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:01 AM

Posted 16 May 2009 - 02:54 PM

Looks good! :thumbup2:

I can take a look at your desktop now. Go ahead and run OTListit and post that log here.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 trifke

trifke
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 17 May 2009 - 10:24 AM

OTListIt logfile created on: 5/17/2009 11:17:59 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.73 Mb Total Physical Memory | 201.02 Mb Available Physical Memory | 39.36% Memory free
1.22 Gb Paging File | 0.93 Gb Available in Paging File | 76.68% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 63.47 Gb Total Space | 17.78 Gb Free Space | 28.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 55.88 Gb Total Space | 31.65 Gb Free Space | 56.64% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRIFKE
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/02/21 20:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2007/07/20 00:40:48 | 00,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/07/20 00:38:54 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2003/06/20 03:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2001/08/23 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe
PRC - [2008/04/13 20:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe
PRC - [2002/09/20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2006/02/21 20:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2007/07/20 00:38:54 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2004/06/25 20:32:26 | 00,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
PRC - [2007/03/27 12:43:39 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2009/02/28 00:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/05/17 11:17:19 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/04/13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/02/21 20:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2004/08/03 21:10:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2007/04/13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/03/01 11:40:52 | 00,077,824 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\hpbpro.exe -- (HP Port Resolver [On_Demand | Stopped])
SRV - [2004/03/01 11:40:52 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\hpboid.exe -- (HP Status Server [On_Demand | Stopped])
SRV - [2006/10/30 10:36:32 | 00,492,608 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
SRV - [2001/08/23 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])
SRV - [2007/07/20 00:38:54 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
SRV - [2007/07/20 00:40:48 | 00,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2007/07/20 00:42:30 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
SRV - [2003/06/20 03:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2001/08/23 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (SimpTcp [Auto | Running])
SRV - [2008/04/13 20:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe -- (SNMP [Auto | Running])
SRV - [2002/09/20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/08/30 16:25:36 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [1997/04/22 10:16:00 | 00,006,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\aslm75.sys -- (aslm75 [Auto | Running])
DRV - [2006/02/21 20:46:26 | 01,505,792 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2003/08/05 22:43:04 | 00,159,744 | R--- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k [Boot | Running])
DRV - [2006/09/19 16:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/06/08 13:36:28 | 00,013,105 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV - [2004/06/08 13:35:18 | 00,054,817 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Running])
DRV - [2004/06/08 13:34:48 | 00,024,637 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidKE.Sys -- (LHidKe [On_Demand | Stopped])
DRV - [2004/06/08 13:35:26 | 00,038,081 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys -- (LHidUsbK [On_Demand | Stopped])
DRV - [2004/06/08 13:35:08 | 00,071,533 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Running])
DRV - [2004/06/08 13:36:20 | 00,014,975 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LUsbKbd.Sys -- (LUsbKbd [On_Demand | Stopped])
DRV - [2007/07/20 00:37:56 | 02,109,592 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LVcKap.sys -- (LVcKap [On_Demand | Running])
DRV - [2007/07/20 00:39:50 | 02,142,488 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys -- (LVMVDrv [On_Demand | Running])
DRV - [2007/07/18 17:42:42 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2007/07/18 20:44:00 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2007/06/18 15:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys -- (motmodem [On_Demand | Stopped])
DRV - [2007/07/18 20:39:14 | 00,013,848 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Running])
DRV - [2007/07/18 20:39:14 | 01,278,104 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LV302V32.SYS -- (PID_PEPI [On_Demand | Running])
DRV - [2001/08/23 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2003/07/15 16:00:00 | 00,578,368 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2003/07/02 04:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1 [Boot | Running])
DRV - [2001/10/18 12:00:00 | 00,006,144 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys -- (ViaIde [Boot | Running])
DRV - [2003/10/30 23:22:38 | 00,077,312 | R--- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\System32\DRIVERS\viasraid.sys -- (viasraid [Boot | Running])
DRV - [2005/09/19 08:41:00 | 00,241,280 | ---- | M] (Marvell) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])
DRV - [2006/08/24 14:44:14 | 00,477,696 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys -- (ZD1211BU(ZyDAS) [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1645522239-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
IE - HKU\S-1-5-21-1645522239-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1645522239-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
IE - HKU\S-1-5-21-1645522239-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1645522239-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1645522239-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-1645522239-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1645522239-1580436667-725345543-1003\S-1-5-21-1645522239-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-1580436667-725345543-1003\S-1-5-21-1645522239-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1645522239-1580436667-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [FinishOptions] C:\DOCUME~1\Mike\LOCALS~1\Temp\hpbinxst.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode File not found
O4 - HKU\S-1-5-21-1645522239-1580436667-725345543-1003..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 11.1.0.2016 ()
O4 - HKU\S-1-5-18..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 11.1.0.2016 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 1
O7 - HKU\S-1-5-21-1645522239-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://www1.snapfish.com/SnapfishOutlookImport.cab (Snapfish Outlook Import ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1156341894880 (MUWebControl Class)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - http://a1264.g.akamai.net/7/1264/734/1114c.../2006_FLHXI.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/30 14:27:21 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4788ee64-6dba-11db-a522-000ea6879c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{4788ee64-6dba-11db-a522-000ea6879c8d}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/17 11:17:19 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/05/17 11:17:17 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTListIt2.exe
[2009/05/17 11:09:54 | 00,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/05/17 11:09:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2009/05/17 11:03:47 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/05/17 11:03:47 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/05/17 11:03:46 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/05/17 11:02:30 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/05/17 11:02:30 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/05/17 11:02:30 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/05/17 11:02:30 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/05/17 11:02:30 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/05/17 11:02:30 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/05/17 11:02:30 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/05/17 11:02:29 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/05/17 11:02:29 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/02/05 17:49:25 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/02/05 17:49:25 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/07/18 17:42:42 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/06/16 08:10:04 | 00,000,205 | ---- | C] () -- C:\WINDOWS\FLCODES.INI
[2007/03/02 19:49:07 | 00,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/08/23 11:15:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2006/02/01 16:05:34 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/16 15:50:07 | 00,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/01/16 15:50:07 | 00,000,139 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2005/11/27 19:16:30 | 00,013,891 | ---- | C] () -- C:\WINDOWS\hpdj6800.ini
[2005/11/27 19:16:23 | 00,002,241 | ---- | C] () -- C:\WINDOWS\hpf6800m.ini
[2005/07/01 14:13:13 | 00,000,835 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/06/28 11:01:27 | 00,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/06/28 11:01:08 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004/08/31 23:18:42 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2004/08/30 22:15:59 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/30 20:48:32 | 00,008,575 | R--- | C] () -- C:\WINDOWS\System32\D125UFW.INI
[2004/08/30 17:15:14 | 00,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2004/08/30 14:48:14 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/08/30 14:39:53 | 00,003,272 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004/08/30 14:39:52 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2001/09/19 13:41:46 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2001/08/23 08:00:00 | 00,000,650 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[28 C:\WINDOWS\*.tmp files]
[2009/05/17 11:17:19 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTListIt2.exe
[2009/05/17 11:16:18 | 00,471,326 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/17 11:16:18 | 00,401,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/17 11:16:18 | 00,062,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/17 11:13:29 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/05/17 11:13:01 | 02,058,534 | ---- | M] () -- C:\WINDOWS\hpf6800m.his
[2009/05/17 11:13:01 | 00,002,241 | ---- | M] () -- C:\WINDOWS\hpf6800m.ini
[2009/05/17 11:13:01 | 00,000,460 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2009/05/17 11:12:59 | 00,013,708 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/17 11:12:56 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Mike\Local Settings\desktop.ini
[2009/05/17 11:12:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/17 11:12:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/17 11:12:09 | 00,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/17 11:10:30 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:01 AM

Posted 17 May 2009 - 10:31 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


Update me on the problems that you're still having.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 trifke

trifke
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 18 May 2009 - 03:49 PM

Malwarebytes' Anti-Malware 1.36
Database version: 2149
Windows 5.1.2600 Service Pack 3

5/18/2009 4:43:47 PM
mbam-log-2009-05-18 (16-43-47).txt

Scan type: Quick Scan
Objects scanned: 94319
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 12
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\rhca66j0ea0n (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhca66j0ea0n (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Mike\Application Data\rhca66j0ea0n (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\rhca66j0ea0n\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\rhca66j0ea0n\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\rhca66j0ea0n\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\rhca66j0ea0n\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\rhca66j0ea0n\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\rhca66j0ea0n\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\rhca66j0ea0n\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\rhca66j0ea0n\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\rhca66j0ea0n\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\rhca66j0ea0n\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\t21k.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
C:\t3fg.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
C:\t3lc.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phce66j0ea0n.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.



Sam,
besides slow as watching water boil... some of my menu options are greyed out... video settings are limited... it took forever to figure out how to get rid of the """warning, antivirus dedected a virus""" wallpaper and internet was always frozen.... i tried a few things myself when the virus hit and got it somewhat working but have not really worked on it since.... thanks, ladilia :thumbup2:

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:01 AM

Posted 18 May 2009 - 05:02 PM

Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

===============


Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 trifke

trifke
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 19 May 2009 - 04:54 PM

Tuesday, May 19, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, May 19, 2009 12:27:45
Records in database: 2196013


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\

Scan statistics
Files scanned 90871
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 02:19:44

No malware has been detected. The scan area is clean.
The selected area was scanned.


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++=



GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-19 17:52:00
Windows 5.1.2600 Service Pack 3


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1520] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1520] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1520] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1520] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1520] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1520] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1520] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1520] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[1972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F82F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F82CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F82D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F82CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BB2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BB2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BB2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BB2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Mike\Desktop\sk2k9rxk.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Mike\Desktop\sk2k9rxk.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Mike\Desktop\sk2k9rxk.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Mike\Desktop\sk2k9rxk.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- EOF - GMER 1.0.15 ----

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:01 AM

Posted 20 May 2009 - 11:21 AM

Your logs don't indicate any type of active infection. The issues you are describing don't appear to be related to malware. You may want to open up a new topic on the Windows XP forum. One of the experts over there will probably be able to troubleshoot your issue better than I.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 trifke

trifke
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 21 May 2009 - 06:13 AM

thank you so much, i am thrilled that u and this site are available for us. much appreciated and thank you again.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:01 AM

Posted 21 May 2009 - 09:17 AM

Glad I could help! :)


Run OTListIt again and click on the CleanUp button.
Reboot when prompted to.




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :step4:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users