Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Hijacker??? (HijackThis Log posted)


  • This topic is locked This topic is locked
10 replies to this topic

#1 kdm24

kdm24

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 14 May 2009 - 06:28 AM

Hope somebody can help, my father (of all people) downloaded LimeWire (since been deleted), and it came with al these nice little critters that seemed to infect our computer. I have BitDefender, CCleaner, and Spyware X-Terminator on here, ran them each, deleted what came up, and hoped that would be the end. Occasionally, still, when I open my internet explorer and use the search engine, any link that comes up will automatically redirect to a random ad site. No clue what's going on, if you need any of the other logs, I'll run a check again and post what I find, but for now, here is the HijackThis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:12 AM, on 5/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Old_data\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
C:\Old_data\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
C:\Old_data\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PerSono\perstray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [PPMemCheck] C:\Old_data\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
O4 - HKLM\..\Run: [Spyware X-terminator Control Center] C:\Old_data\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Old_data\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: SBE Reminder.lnk = C:\Program Files\Quicken Legal Products\Small Business Expert\Reminder.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Perstray.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120601162859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138349122187
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 9345 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:11 AM

Posted 15 May 2009 - 10:23 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 kdm24

kdm24
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 22 May 2009 - 05:02 AM

Hi Sam, sorry for the delay, I was out of town. Here are the logs you requested, first the two OTListIt2 logs:

OTListIt logfile created on: 5/20/2009 6:33:30 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Owners\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

703.48 Mb Total Physical Memory | 306.54 Mb Available Physical Memory | 43.57% Memory free
1.68 Gb Paging File | 1.13 Gb Available in Paging File | 67.40% Paging File free
Paging file location(s): C:\pagefile.sys 2 1056 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 58.13 Gb Free Space | 76.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HH
Current User Name: Owners
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/01/29 13:37:30 | 00,431,424 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2008/12/17 15:51:26 | 01,581,056 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/01/15 05:33:44 | 00,049,152 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2005/03/04 12:01:56 | 00,088,209 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2002/06/20 12:06:12 | 00,339,968 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon04.exe
PRC - [2004/04/02 16:11:54 | 00,148,480 | ---- | M] () -- C:\Old_data\Program Files\StompSoft\Spyware X-terminator\PPMemCheck.exe
PRC - [2004/03/31 13:24:00 | 00,061,440 | ---- | M] () -- C:\Old_data\Program Files\StompSoft\Spyware X-terminator\PPControl.exe
PRC - [2005/01/10 10:35:16 | 00,073,728 | ---- | M] (Computer Associates International) -- C:\Old_data\Program Files\StompSoft\Spyware X-terminator\CookiePatrol.exe
PRC - [2005/05/12 00:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2005/10/31 11:05:44 | 00,278,528 | ---- | M] (Walt Disney Internet Group) -- C:\Program Files\DIGStream\digstream.exe
PRC - [2005/10/31 11:18:48 | 00,101,888 | ---- | M] (Walt Disney Internet Group) -- C:\Program Files\ESPNRunTime\DIGServices.exe
PRC - [2005/03/15 02:46:45 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\type32.exe
PRC - [2007/04/27 09:41:54 | 00,282,624 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2007/05/26 12:45:54 | 00,257,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/01/09 12:51:44 | 00,741,376 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
PRC - [2005/05/12 00:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2002/04/29 14:33:44 | 00,040,960 | ---- | M] (Plantronics) -- C:\Program Files\PerSono\perstray.exe
PRC - [2005/09/22 16:01:54 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2004/07/13 23:44:40 | 00,585,728 | R--- | M] (VIA Technologies) -- C:\Program Files\VIA\RAID\raid_tool.exe
PRC - [2005/05/12 01:33:52 | 00,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2008/02/26 22:08:50 | 29,183,504 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2008/10/30 17:34:24 | 00,413,696 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
PRC - [2007/02/10 06:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2005/05/12 01:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2007/05/26 12:45:46 | 00,501,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/04/13 17:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2006/05/06 20:19:33 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/28 19:05:04 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Owners\Local Settings\Temp\Temporary Directory 2 for gmer.zip\gmer.exe
PRC - [2009/05/20 03:00:19 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owners\Desktop\OTListIt2.exe
PRC - [2008/10/15 00:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/13 17:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Running])
SRV - [2008/07/17 12:06:56 | 00,118,784 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3 [On_Demand | Stopped])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/04/15 20:16:13 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007/05/26 12:45:46 | 00,501,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/09/22 16:01:54 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2009/01/29 13:37:30 | 00,431,424 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/02/26 22:08:50 | 29,183,504 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [Auto | Running])
SRV - [2005/10/14 03:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2002/05/24 05:46:13 | 00,077,824 | ---- | M] (HP) -- C:\WINDOWS\system32\HPHipm11.exe -- (Pml Driver HPH11 [On_Demand | Stopped])
SRV - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2008/12/17 18:28:44 | 00,200,704 | ---- | M] (S.C. BitDefender S.R.L) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan [On_Demand | Stopped])
SRV - [2007/02/10 06:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2007/02/10 06:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2008/12/17 15:51:26 | 01,581,056 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2005/03/04 12:02:20 | 01,066,278 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2008/09/18 11:09:12 | 00,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm [On_Demand | Running])
DRV - [2009/02/03 17:03:56 | 00,104,328 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\system32\DRIVERS\bdfndisf.sys -- (Bdfndisf [On_Demand | Running])
DRV - [2008/12/10 19:42:46 | 00,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr [On_Demand | Running])
DRV - [2008/11/17 16:45:42 | 00,136,200 | ---- | M] (BitDefender LLC) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif [System | Running])
DRV - [2008/02/26 16:12:40 | 00,008,448 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr [On_Demand | Running])
DRV - [2008/10/06 17:16:16 | 00,082,696 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK [Auto | Running])
DRV - [2002/05/24 05:46:13 | 00,050,896 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\hphid411.sys -- (Dot4 HPH11 [On_Demand | Stopped])
DRV - [2002/05/24 05:46:13 | 00,016,112 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\hphipr11.sys -- (Dot4Print HPH11 [On_Demand | Stopped])
DRV - [2002/05/24 05:46:13 | 00,018,928 | R--- | M] (HP) -- C:\WINDOWS\System32\drivers\hphius11.sys -- (Dot4Usb HPH11 [On_Demand | Stopped])
DRV - [2005/05/17 10:53:12 | 00,043,008 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])
DRV - [2001/08/17 05:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
DRV - [2004/04/14 19:57:20 | 00,042,496 | R--- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\DRIVERS\fetnd5b.sys -- (FETNDISB [On_Demand | Stopped])
DRV - [2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/09/28 22:11:42 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2004/09/28 22:11:46 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2004/09/28 22:10:16 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2006/10/29 13:40:15 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
DRV - [2008/09/02 13:32:06 | 00,013,056 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/11/14 04:00:00 | 00,043,840 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/06/20 04:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Running])
DRV - [2007/07/10 07:00:42 | 00,036,736 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos [On_Demand | Stopped])
DRV - [2001/11/13 17:11:44 | 00,020,296 | ---- | M] (Micronas GmbH) -- C:\WINDOWS\system32\DRIVERS\uacflt.sys -- (uacFlt [Auto | Running])
DRV - [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2003/07/02 04:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1 [Boot | Running])
DRV - [2004/02/03 19:28:00 | 00,134,144 | R--- | M] (Copyright © VIA/S3 Graphics, Inc.) -- C:\WINDOWS\system32\DRIVERS\vtmini.sys -- (viagfx [On_Demand | Running])
DRV - [2004/05/18 01:55:26 | 00,074,112 | R--- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\DRIVERS\viamraid.sys -- (viamraid [Boot | Running])
DRV - [2005/04/08 11:48:18 | 00,179,968 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-790525478-1532298954-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-790525478-1532298954-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-790525478-1532298954-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKU\S-1-5-21-790525478-1532298954-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2....r={searchTerms}
IE - HKU\S-1-5-21-790525478-1532298954-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
IE - HKU\S-1-5-21-790525478-1532298954-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-790525478-1532298954-839522115-1004\S-1-5-21-790525478-1532298954-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\PROGRAM FILES\PAYPAL\PAYPAL PLUG-IN [2007/12/05 22:52:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\FFTOOLBAR\ [2009/03/31 22:15:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/21 21:29:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\TBEXTENSION\ [2009/03/31 22:15:01 | 00,000,000 | ---D | M]

[2009/04/22 03:17:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owners\Application Data\mozilla\Extensions
[2009/04/22 03:17:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owners\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/20 20:41:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owners\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/04/22 03:17:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owners\Application Data\mozilla\Firefox\Profiles\n1kwc74j.default\extensions
[2008/12/16 17:52:16 | 00,061,440 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (&ESPN) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll (Walt Disney Internet Group)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\..\Toolbar\WebBrowser: (no name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" (BitDefender)
O4 - HKLM..\Run: [CookiePatrol] C:\Old_data\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe (Computer Associates International)
O4 - HKLM..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24 (Walt Disney Internet Group)
O4 - HKLM..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe (Walt Disney Internet Group)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PPMemCheck] C:\Old_data\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Spyware X-terminator Control Center] C:\Old_data\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [VTTimer] VTTimer.exe (S3 Graphics, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKU\S-1-5-21-790525478-1532298954-839522115-1004..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-790525478-1532298954-839522115-1004..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-790525478-1532298954-839522115-1004..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Perstray.lnk = C:\Program Files\PerSono\perstray.exe (Plantronics)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
O4 - Startup: C:\Documents and Settings\Owners\Start Menu\Programs\Startup\SBE Reminder.lnk = C:\Program Files\Quicken Legal Products\Small Business Expert\Reminder.exe (Parsons Technology)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-790525478-1532298954-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab (Reg Error: Key error.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab (EPUImageControl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1120601162859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1138349122187 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/07/05 11:08:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a1252ff0-ed91-11d9-9c2b-001109a5f39a}\Shell\AutoRun\command - "" = E:\.\scan.bat -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/20 03:03:48 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[10 C:\WINDOWS\System32\*.tmp files]
[2009/05/20 03:03:48 | 00,278,221 | ---- | C] () -- C:\Documents and Settings\Owners\Desktop\gmer.zip
[2009/05/20 03:00:19 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owners\Desktop\OTListIt2.exe
[2009/05/14 03:50:29 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owners\Desktop\HijackThis.lnk
[2009/05/14 03:50:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/14 03:43:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/05/14 03:25:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owners\Application Data\MSNInstaller
[2009/05/07 16:54:19 | 00,003,895 | ---- | C] () -- C:\Documents and Settings\Owners\My Documents\SILVER DOGS 5-01-09.rtf
[2009/05/07 13:13:53 | 00,323,159 | ---- | C] () -- C:\Documents and Settings\Owners\My Documents\5-01-2009 relist BALI gold.rtf
[2009/05/05 11:26:04 | 00,003,958 | ---- | C] () -- C:\Documents and Settings\Owners\My Documents\Drywall Invoice 341 Lake Bay Lp OBC 5-01-09.rtf
[2009/05/05 11:25:43 | 00,001,782 | ---- | C] () -- C:\Documents and Settings\Owners\My Documents\Letter on Lake bay to OBC 5-01-09.rtf
[2009/05/05 08:43:54 | 00,003,955 | ---- | C] () -- C:\Documents and Settings\Owners\My Documents\Paint invoice 341 Lake Bay Lp OBC 5-01-09.rtf
[2009/04/30 22:04:15 | 00,003,189 | ---- | C] () -- C:\Documents and Settings\Owners\My Documents\Paint Invoice 321 N Razor CLam Brunk 4-23-09.rtf
[2009/04/30 22:03:47 | 00,003,488 | ---- | C] () -- C:\Documents and Settings\Owners\My Documents\DRYWALL invoice 321 N Razor Clam Brunk 4-23-09.rtf
[2009/04/27 13:53:53 | 00,007,837 | ---- | C] () -- C:\Documents and Settings\Owners\My Documents\BALI DOG JEWELRY IDEAS 4-27-09.rtf
[2009/04/22 03:17:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/22 03:15:59 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/04/21 23:05:08 | 00,003,896 | ---- | C] () -- C:\Documents and Settings\Owners\My Documents\FINAL DRYWALL INVOICE BRIAS 4-21-09.rtf
[2009/04/21 21:52:11 | 00,003,707 | ---- | C] () -- C:\Documents and Settings\Owners\My Documents\labor draw 341 lake bay lp OBC 4-21-09.rtf
[2009/03/05 22:41:54 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/02/03 21:31:09 | 00,000,075 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2008/10/09 15:31:54 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/08/20 20:14:06 | 00,000,062 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2008/08/20 20:14:06 | 00,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2008/08/20 20:14:06 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2008/07/14 20:22:04 | 00,000,646 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/06 19:31:47 | 00,000,030 | ---- | C] () -- C:\WINDOWS\EZLEGAL.INI
[2007/01/31 13:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/08/30 10:37:35 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/16 19:59:15 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/05/27 14:01:31 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/05/27 13:57:54 | 00,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/05/27 13:57:35 | 00,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/05/27 13:55:30 | 00,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/03/28 12:41:28 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/25 20:38:58 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/11/15 23:44:40 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/20 20:09:03 | 00,000,028 | ---- | C] () -- C:\WINDOWS\SW_Win2000X32.DLL
[2005/10/20 20:06:36 | 00,003,074 | ---- | C] () -- C:\WINDOWS\CX_SearchHistory.INI
[2005/10/20 19:55:09 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2005/10/20 19:55:09 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2005/10/20 19:55:08 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll
[2005/10/20 19:55:08 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll
[2005/10/08 23:49:26 | 00,000,380 | ---- | C] () -- C:\WINDOWS\SBE.INI
[2005/10/08 23:49:26 | 00,000,083 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2005/09/13 00:03:38 | 00,000,068 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2005/07/06 22:01:06 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/07/06 18:22:13 | 00,000,337 | ---- | C] () -- C:\WINDOWS\RPSLIGHT.INI
[2005/07/06 18:06:30 | 00,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2005/07/05 14:27:22 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/04 05:00:00 | 00,000,647 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,288 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/09/04 22:13:30 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2002/06/20 12:09:10 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll

========== Files - Modified Within 30 Days ==========

[10 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/20 06:11:01 | 00,074,720 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Folders.dbx
[2009/05/20 06:10:59 | 00,009,656 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Offline.dbx
[2009/05/20 06:10:38 | 22,029,808 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Inbox.dbx
[2009/05/20 06:10:38 | 00,715,476 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Outbox.dbx
[2009/05/20 06:10:38 | 00,009,404 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Pop3uidl.dbx
[2009/05/20 03:03:48 | 00,278,221 | ---- | M] () -- C:\Documents and Settings\Owners\Desktop\gmer.zip
[2009/05/20 03:00:19 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owners\Desktop\OTListIt2.exe
[2009/05/19 23:40:21 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4BD29C15-2F17-4270-86A6-4EB4743570FC}.job
[2009/05/19 22:34:33 | 35,813,772 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Sent Items.dbx
[2009/05/19 22:08:58 | 16,968,404 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Deleted Items.dbx
[2009/05/18 14:50:40 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/18 14:49:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/18 14:49:51 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owners\Local Settings\desktop.ini
[2009/05/18 14:49:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/17 01:05:42 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/05/14 03:50:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owners\Desktop\HijackThis.lnk
[2009/05/14 03:23:36 | 00,000,041 | ---- | M] () -- C:\Documents and Settings\Owners\Application Data\sversion.ini
[2009/05/10 11:42:43 | 00,139,376 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\BUSINESS.dbx
[2009/05/10 11:36:56 | 02,800,496 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\CLASSICLINE DRYWALL INC.dbx
[2009/05/10 11:36:49 | 00,060,116 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\CLASSICLINE DRYWALL.dbx
[2009/05/10 11:36:48 | 02,378,736 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Drafts.dbx
[2009/05/10 11:29:26 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/07 16:57:00 | 00,000,337 | ---- | M] () -- C:\WINDOWS\RPSLIGHT.INI
[2009/05/07 16:55:24 | 00,030,986 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\1-01-2007.rtf
[2009/05/07 16:55:18 | 00,323,159 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\5-01-2009 relist BALI gold.rtf
[2009/05/07 16:54:19 | 00,003,895 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\SILVER DOGS 5-01-09.rtf
[2009/05/07 13:15:58 | 00,046,665 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\12-01-07.rtf
[2009/05/07 12:56:13 | 00,032,421 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\9-15-2007 PHOENIX.rtf
[2009/05/05 17:08:31 | 00,003,896 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\FINAL DRYWALL INVOICE BRIAS 4-21-09.rtf
[2009/05/05 11:26:22 | 00,003,932 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\drywall invoice itswoot 4-12-2009 obc.rtf
[2009/05/05 11:26:04 | 00,003,958 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Drywall Invoice 341 Lake Bay Lp OBC 5-01-09.rtf
[2009/05/05 11:25:43 | 00,001,782 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Letter on Lake bay to OBC 5-01-09.rtf
[2009/05/05 08:44:22 | 00,003,955 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Paint invoice 341 Lake Bay Lp OBC 5-01-09.rtf
[2009/05/04 15:36:20 | 03,562,992 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\DOG CONTACTS EMAILS LETTERS PHONE CALLS.dbx
[2009/05/04 15:36:19 | 00,060,116 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\AUTHORIZE.NET.dbx
[2009/05/04 15:36:13 | 00,329,456 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\SALES REPS DOGS.dbx
[2009/04/30 22:04:28 | 00,003,488 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\DRYWALL invoice 321 N Razor Clam Brunk 4-23-09.rtf
[2009/04/30 22:04:15 | 00,003,189 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Paint Invoice 321 N Razor CLam Brunk 4-23-09.rtf
[2009/04/28 20:31:15 | 00,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2009/04/27 13:53:53 | 00,007,837 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\BALI DOG JEWELRY IDEAS 4-27-09.rtf
[2009/04/22 03:17:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/04/21 23:09:13 | 00,003,457 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Drias drywall labor draw.rtf
[2009/04/21 21:52:11 | 00,003,707 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\labor draw 341 lake bay lp OBC 4-21-09.rtf
< End of report >

OTListIt Extras logfile created on: 5/20/2009 3:01:02 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Owners\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

703.48 Mb Total Physical Memory | 254.92 Mb Available Physical Memory | 36.24% Memory free
1.68 Gb Paging File | 1.12 Gb Available in Paging File | 66.66% Paging File free
Paging file location(s): C:\pagefile.sys 2 1056 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 58.14 Gb Free Space | 76.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HH
Current User Name: Owners
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2007/05/26 12:45:48 | 14,774,336 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/10/15 00:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer
[2005/07/06 20:56:58 | 00,424,960 | ---- | M] (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173) -- C:\Program Files\WS_FTP PRO\FTP95PRO.exe:*:Enabled:WS_FTP 95

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184EB198-1DBA-46DB-B728-7A5FC13D5C2B}_is1" = Yahoo! Photos Print-at-Home Tool
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{37C39957-B0B3-40DC-8BA4-2363241159ED}" = LightScribe 1.4.44.1
"{53C398FE-CD56-412E-B3C7-B27F4B8B07D1}" = Microsoft IntelliType Pro 5.3
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6E93572D-F31E-496F-8B2F-F400B3A2BC4E}" = iTunes
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{83682B4C-B98C-4BEB-97CC-8EAD2AF9E4C6}" = MyIdentityDefender Toolbar (CyberDefender Corporation)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C85FDDDE-B087-48FB-B0B2-52ABB465C304}" = BitDefender Internet Security 2009
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}" = Sibelius Scorch (ActiveX Only)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D63F2860-678D-11D4-B355-0010A4F75374}" = PerSono
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DE12AC99-F988-4EE5-BDE9-62623EE42E3B}" = MyAttorney Home And Business
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E432C362-6A71-4E8A-A68A-AE5246520656}" = Art Explosion Scrapbook Factory Deluxe
"{E6A31482-989E-4E3C-B0C0-1ED4DBD5BC83}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F1670367-C07F-411f-A196-79D2C65CBEC0}" = PS8200
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"BL 2001 Registration" = BL 2001 Registration
"CCleaner" = CCleaner (remove only)
"Comcast Rhapsody" = Comcast Rhapsody
"Convert XLS_is1" = Convert XLS
"ESPN RunTime" = ESPN RunTime
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"hphuni04" = Photosmart 130,230,7150,7345,7350,7550 (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"InstallShield_{DE12AC99-F988-4EE5-BDE9-62623EE42E3B}" = MyAttorney Home And Business
"Jarte_is1" = Jarte 3.1
"Juicy Business Cards_is1" = Juicy Business Cards 1.20
"Locked Programs" = Locked Programs
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyPublisher" = MyPublisher
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Perfect Label Maker" = Perfect Label Maker
"Quicken Business Lawyer 2001" = Quicken Business Lawyer 2001
"RealPlayer 6.0" = RealPlayer
"S3" = UniChrome IGP Driver and Utilities
"Small Business Expert" = Small Business Expert
"Small Business Legal Smarts" = Small Business Legal Smarts
"The Plain-Language Law Dictionary" = The Plain-Language Law Dictionary
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-790525478-1532298954-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/15/2009 1:31:54 AM | Computer Name = HH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/15/2009 1:32:04 AM | Computer Name = HH | Source = Application Hang | ID = 1001
Description = Fault bucket 1015682910.

Error - 5/15/2009 1:40:59 AM | Computer Name = HH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/15/2009 1:40:59 AM | Computer Name = HH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/15/2009 1:41:05 AM | Computer Name = HH | Source = Application Hang | ID = 1001
Description = Fault bucket 1015682910.

Error - 5/15/2009 1:41:05 AM | Computer Name = HH | Source = Application Hang | ID = 1001
Description = Fault bucket 1015682910.

Error - 5/15/2009 1:54:34 AM | Computer Name = HH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/15/2009 1:54:38 AM | Computer Name = HH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/15/2009 1:29:57 PM | Computer Name = HH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/15/2009 1:30:07 PM | Computer Name = HH | Source = Application Hang | ID = 1001
Description = Fault bucket 1015682910.

[ System Events ]
Error - 5/3/2009 2:11:47 PM | Computer Name = HH | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/5/2009 2:11:49 PM | Computer Name = HH | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/6/2009 6:21:02 PM | Computer Name = HH | Source = Service Control Manager | ID = 7023
Description = The Security Center service terminated with the following error: %%16389

Error - 5/7/2009 2:11:50 PM | Computer Name = HH | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/9/2009 2:11:51 PM | Computer Name = HH | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/11/2009 2:11:52 PM | Computer Name = HH | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/13/2009 2:11:53 PM | Computer Name = HH | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/15/2009 2:11:54 PM | Computer Name = HH | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/17/2009 2:11:55 PM | Computer Name = HH | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/19/2009 2:11:56 PM | Computer Name = HH | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

Here's the GMER log:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-21 10:16:42
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xF095DBCE]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xF095DCBC]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xF095DB32]

Code 83327D48 ZwEnumerateKey
Code 835E7490 ZwFlushInstructionCache
Code 833EE640 ZwQueryValueKey
Code F61D9C80 pIofCallDriver
Code F61DA5D5 pIofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F2 5 Bytes JMP 833EE644
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 83327D4C
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 835E7494

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1860] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1860] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1860] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1860] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1860] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1860] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1860] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1860] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1860] WININET.dll!HttpSendRequestA 7806CD40 5 Bytes JMP 0016F610
.text C:\Program Files\Internet Explorer\iexplore.exe[1860] WININET.dll!HttpSendRequestW 78080825 5 Bytes JMP 0016F64D
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] WININET.dll!HttpSendRequestA 7806CD40 5 Bytes JMP 0016F610
.text C:\Program Files\Internet Explorer\iexplore.exe[3252] WININET.dll!HttpSendRequestW 78080825 5 Bytes JMP 0016F64D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\gaopdxvyjrvjrb.sys (*** hidden *** ) F61D8000-F6200000 (163840 bytes)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\gaopdxvyjrvjrb.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxvyjrvjrb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxvyjrvjrb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxkxydqxul.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxvyjrvjrb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxvyjrvjrb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxkxydqxul.dll
Reg HKLM\SOFTWARE\Classes\gaopdxvx
Reg HKLM\SOFTWARE\Classes\gaopdxvx@gaopdxrun 71
Reg HKLM\SOFTWARE\Classes\gaopdxvx@gaopdxpff 7960
Reg HKLM\SOFTWARE\Classes\gaopdxvx@gaopdxaff 2956
Reg HKLM\SOFTWARE\Classes\gaopdxvx@gaopdxsrv -1056770279
Reg HKLM\SOFTWARE\Classes\gaopdxvx@gaopdxpos "xs}}t}n=efhd`gbgx<jammhkYWB

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Owners\Cookies\owners@go[2].txt 0 bytes
File C:\WINDOWS\system32\drivers\gaopdxixdwjcjs.sys 74240 bytes executable
File C:\WINDOWS\system32\drivers\gaopdxvyjrvjrb.sys 71168 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\gaopdxkxydqxul.dll 56832 bytes executable

---- EOF - GMER 1.0.15 ----

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:11 AM

Posted 22 May 2009 - 03:49 PM

No problem. Let's get you fixed up. :thumbup2:


Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O3 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\..\Toolbar\WebBrowser: (no name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O33 - MountPoints2\{a1252ff0-ed91-11d9-9c2b-001109a5f39a}\Shell\AutoRun\command - "" = E:\.\scan.bat -- File not found
    
    
    :Files
    C:\windows\system32\drivers\TDSS*.*
    C:\windows\system32\TDSS*.*
    C:\windows\system32\drivers\UACd*.*
    C:\windows\system32\UACd*.*
    C:\windows\system32\drivers\gaopdx*.*
    C:\windows\system32\gaopdx*.*
    C:\windows\system32\drivers\ovfsthx*.*
    C:\windows\system32\ovfsthx*.*
    C:\WINDOWS\Tasks\At*.job
    C:\WINDOWS\System32\*.tmp
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL2 log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 kdm24

kdm24
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 23 May 2009 - 12:11 AM

Here are the results:

========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry value HKEY_USERS\S-1-5-21-790525478-1532298954-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-790525478-1532298954-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
Registry value HKEY_USERS\S-1-5-21-790525478-1532298954-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-790525478-1532298954-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-790525478-1532298954-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-790525478-1532298954-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-790525478-1532298954-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1252ff0-ed91-11d9-9c2b-001109a5f39a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1252ff0-ed91-11d9-9c2b-001109a5f39a}\ not found.
File E:\.\scan.bat not found.
========== FILES ==========
File\Folder C:\windows\system32\drivers\TDSS*.* not found.
File\Folder C:\windows\system32\TDSS*.* not found.
File\Folder C:\windows\system32\drivers\UACd*.* not found.
File\Folder C:\windows\system32\UACd*.* not found.
File\Folder C:\windows\system32\drivers\gaopdx*.* not found.
File\Folder C:\windows\system32\gaopdx*.* not found.
File\Folder C:\windows\system32\drivers\ovfsthx*.* not found.
File\Folder C:\windows\system32\ovfsthx*.* not found.
File\Folder C:\WINDOWS\Tasks\At*.job not found.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET3AD.tmp moved successfully.
C:\WINDOWS\System32\SET3B8.tmp moved successfully.
C:\WINDOWS\System32\SET3C4.tmp moved successfully.
C:\WINDOWS\System32\SET3D5.tmp moved successfully.
C:\WINDOWS\System32\SET3D7.tmp moved successfully.
C:\WINDOWS\System32\SET3E6.tmp moved successfully.
C:\WINDOWS\System32\SET409.tmp moved successfully.
C:\WINDOWS\System32\SET40B.tmp moved successfully.
C:\WINDOWS\System32\SET40E.tmp moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Owners\Local Settings\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owners\Local Settings\Temp\Perflib_Perfdata_b30.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owners\Local Settings\Temp\_hphtra07.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owners\Local Settings\Temp\~DF8883.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owners\Local Settings\Temp\~DF8888.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owners\Local Settings\Temp\~DFF299.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_290.dat scheduled to be deleted on reboot.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_230.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05222009_220100

Files moved on Reboot...
C:\Documents and Settings\Owners\Local Settings\Temp\hpodvd09.log moved successfully.
File C:\Documents and Settings\Owners\Local Settings\Temp\Perflib_Perfdata_b30.dat not found!
C:\Documents and Settings\Owners\Local Settings\Temp\_hphtra07.log moved successfully.
File C:\Documents and Settings\Owners\Local Settings\Temp\~DF8883.tmp not found!
File C:\Documents and Settings\Owners\Local Settings\Temp\~DF8888.tmp not found!
File C:\Documents and Settings\Owners\Local Settings\Temp\~DFF299.tmp not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_290.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_230.dat not found!

Registry entries deleted on Reboot...

And here is the new log:

OTListIt logfile created on: 5/22/2009 10:07:52 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Owners\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

703.48 Mb Total Physical Memory | 313.33 Mb Available Physical Memory | 44.54% Memory free
1.68 Gb Paging File | 1.23 Gb Available in Paging File | 73.33% Paging File free
Paging file location(s): C:\pagefile.sys 2 1056 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 58.36 Gb Free Space | 76.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HH
Current User Name: Owners
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/01/29 13:37:30 | 00,431,424 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2008/12/17 15:51:26 | 01,581,056 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/01/15 05:33:44 | 00,049,152 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2005/03/04 12:01:56 | 00,088,209 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2002/06/20 12:06:12 | 00,339,968 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon04.exe
PRC - [2004/04/02 16:11:54 | 00,148,480 | ---- | M] () -- C:\Old_data\Program Files\StompSoft\Spyware X-terminator\PPMemCheck.exe
PRC - [2004/03/31 13:24:00 | 00,061,440 | ---- | M] () -- C:\Old_data\Program Files\StompSoft\Spyware X-terminator\PPControl.exe
PRC - [2005/01/10 10:35:16 | 00,073,728 | ---- | M] (Computer Associates International) -- C:\Old_data\Program Files\StompSoft\Spyware X-terminator\CookiePatrol.exe
PRC - [2005/05/12 00:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2005/10/31 11:05:44 | 00,278,528 | ---- | M] (Walt Disney Internet Group) -- C:\Program Files\DIGStream\digstream.exe
PRC - [2005/10/31 11:18:48 | 00,101,888 | ---- | M] (Walt Disney Internet Group) -- C:\Program Files\ESPNRunTime\DIGServices.exe
PRC - [2006/05/06 20:19:33 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/03/15 02:46:45 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\type32.exe
PRC - [2007/04/27 09:41:54 | 00,282,624 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2007/05/26 12:45:54 | 00,257,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/01/09 12:51:44 | 00,741,376 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
PRC - [2009/02/27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
PRC - [2005/05/12 00:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2002/04/29 14:33:44 | 00,040,960 | ---- | M] (Plantronics) -- C:\Program Files\PerSono\perstray.exe
PRC - [2004/07/13 23:44:40 | 00,585,728 | R--- | M] (VIA Technologies) -- C:\Program Files\VIA\RAID\raid_tool.exe
PRC - [2005/05/12 01:33:52 | 00,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/09/22 16:01:54 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2008/10/30 17:34:24 | 00,413,696 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
PRC - [2008/02/26 22:08:50 | 29,183,504 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/02/10 06:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2005/05/12 01:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2008/04/13 17:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2007/05/26 12:45:46 | 00,501,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/08/30 17:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2008/10/15 00:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/05/20 03:00:19 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owners\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/13 17:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Running])
SRV - [2008/07/17 12:06:56 | 00,118,784 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3 [On_Demand | Stopped])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/04/15 20:16:13 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007/05/26 12:45:46 | 00,501,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/09/22 16:01:54 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2009/01/29 13:37:30 | 00,431,424 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/02/26 22:08:50 | 29,183,504 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [Auto | Running])
SRV - [2005/10/14 03:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2002/05/24 05:46:13 | 00,077,824 | ---- | M] (HP) -- C:\WINDOWS\system32\HPHipm11.exe -- (Pml Driver HPH11 [On_Demand | Stopped])
SRV - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2008/12/17 18:28:44 | 00,200,704 | ---- | M] (S.C. BitDefender S.R.L) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan [On_Demand | Stopped])
SRV - [2007/02/10 06:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2007/02/10 06:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2008/12/17 15:51:26 | 01,581,056 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2005/03/04 12:02:20 | 01,066,278 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2008/09/18 11:09:12 | 00,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm [On_Demand | Running])
DRV - [2009/02/03 17:03:56 | 00,104,328 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\system32\DRIVERS\bdfndisf.sys -- (Bdfndisf [On_Demand | Running])
DRV - [2008/12/10 19:42:46 | 00,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr [On_Demand | Running])
DRV - [2008/11/17 16:45:42 | 00,136,200 | ---- | M] (BitDefender LLC) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif [System | Running])
DRV - [2008/02/26 16:12:40 | 00,008,448 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr [On_Demand | Running])
DRV - [2008/10/06 17:16:16 | 00,082,696 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK [Auto | Running])
DRV - [2002/05/24 05:46:13 | 00,050,896 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\hphid411.sys -- (Dot4 HPH11 [On_Demand | Stopped])
DRV - [2002/05/24 05:46:13 | 00,016,112 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\hphipr11.sys -- (Dot4Print HPH11 [On_Demand | Stopped])
DRV - [2002/05/24 05:46:13 | 00,018,928 | R--- | M] (HP) -- C:\WINDOWS\System32\drivers\hphius11.sys -- (Dot4Usb HPH11 [On_Demand | Stopped])
DRV - [2005/05/17 10:53:12 | 00,043,008 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])
DRV - [2001/08/17 05:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
DRV - [2004/04/14 19:57:20 | 00,042,496 | R--- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\DRIVERS\fetnd5b.sys -- (FETNDISB [On_Demand | Stopped])
DRV - [2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/09/28 22:11:42 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2004/09/28 22:11:46 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2004/09/28 22:10:16 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2006/10/29 13:40:15 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
DRV - [2008/09/02 13:32:06 | 00,013,056 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/11/14 04:00:00 | 00,043,840 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/06/20 04:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Running])
DRV - [2007/07/10 07:00:42 | 00,036,736 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos [On_Demand | Stopped])
DRV - [2001/11/13 17:11:44 | 00,020,296 | ---- | M] (Micronas GmbH) -- C:\WINDOWS\system32\DRIVERS\uacflt.sys -- (uacFlt [Auto | Running])
DRV - [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2003/07/02 04:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1 [Boot | Running])
DRV - [2004/02/03 19:28:00 | 00,134,144 | R--- | M] (Copyright © VIA/S3 Graphics, Inc.) -- C:\WINDOWS\system32\DRIVERS\vtmini.sys -- (viagfx [On_Demand | Running])
DRV - [2004/05/18 01:55:26 | 00,074,112 | R--- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\DRIVERS\viamraid.sys -- (viamraid [Boot | Running])
DRV - [2005/04/08 11:48:18 | 00,179,968 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-790525478-1532298954-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-790525478-1532298954-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-790525478-1532298954-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKU\S-1-5-21-790525478-1532298954-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2....r={searchTerms}
IE - HKU\S-1-5-21-790525478-1532298954-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
IE - HKU\S-1-5-21-790525478-1532298954-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-790525478-1532298954-839522115-1004\S-1-5-21-790525478-1532298954-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\PROGRAM FILES\PAYPAL\PAYPAL PLUG-IN [2007/12/05 22:52:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\FFTOOLBAR\ [2009/03/31 22:15:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/21 21:29:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\TBEXTENSION\ [2009/03/31 22:15:01 | 00,000,000 | ---D | M]

[2009/04/22 03:17:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owners\Application Data\mozilla\Extensions
[2009/04/22 03:17:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owners\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/20 20:41:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owners\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/04/22 03:17:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owners\Application Data\mozilla\Firefox\Profiles\n1kwc74j.default\extensions
[2008/12/16 17:52:16 | 00,061,440 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (&ESPN) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll (Walt Disney Internet Group)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" (BitDefender)
O4 - HKLM..\Run: [CookiePatrol] C:\Old_data\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe (Computer Associates International)
O4 - HKLM..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24 (Walt Disney Internet Group)
O4 - HKLM..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe (Walt Disney Internet Group)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PPMemCheck] C:\Old_data\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Spyware X-terminator Control Center] C:\Old_data\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [VTTimer] VTTimer.exe (S3 Graphics, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKU\S-1-5-21-790525478-1532298954-839522115-1004..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-790525478-1532298954-839522115-1004..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-790525478-1532298954-839522115-1004..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Perstray.lnk = C:\Program Files\PerSono\perstray.exe (Plantronics)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
O4 - Startup: C:\Documents and Settings\Owners\Start Menu\Programs\Startup\SBE Reminder.lnk = C:\Program Files\Quicken Legal Products\Small Business Expert\Reminder.exe (Parsons Technology)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-790525478-1532298954-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-790525478-1532298954-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab (Reg Error: Key error.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab (EPUImageControl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1120601162859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1138349122187 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/07/05 11:08:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/22 22:04:00 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/05/22 22:01:00 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/20 03:03:48 | 00,278,221 | ---- | C] () -- C:\Documents and Settings\Owners\Desktop\gmer.zip
[2009/05/20 03:00:19 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owners\Desktop\OTListIt2.exe
[2009/05/14 03:50:29 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owners\Desktop\HijackThis.lnk
[2009/05/14 03:50:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/14 03:43:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/05/14 03:25:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owners\Application Data\MSNInstaller
[2009/05/07 16:54:19 | 00,003,895 | ---- | C] () -- C:\Documents and Settings\Owners\My Documents\SILVER DOGS 5-01-09.rtf
[2009/05/07 13:13:53 | 00,323,159 | ---- | C] () -- C:\Documents and Settings\Owners\My Documents\5-01-2009 relist BALI gold.rtf
[2009/05/05 11:26:04 | 00,003,958 | ---- | C] () -- C:\Documents and Settings\Owners\My Documents\Drywall Invoice 341 Lake Bay Lp OBC 5-01-09.rtf
[2009/05/05 11:25:43 | 00,001,782 | ---- | C] () -- C:\Documents and Settings\Owners\My Documents\Letter on Lake bay to OBC 5-01-09.rtf
[2009/05/05 08:43:54 | 00,003,955 | ---- | C] () -- C:\Documents and Settings\Owners\My Documents\Paint invoice 341 Lake Bay Lp OBC 5-01-09.rtf
[2009/04/30 22:04:15 | 00,003,189 | ---- | C] () -- C:\Documents and Settings\Owners\My Documents\Paint Invoice 321 N Razor CLam Brunk 4-23-09.rtf
[2009/04/30 22:03:47 | 00,003,488 | ---- | C] () -- C:\Documents and Settings\Owners\My Documents\DRYWALL invoice 321 N Razor Clam Brunk 4-23-09.rtf
[2009/04/28 19:05:04 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Owners\Desktop\gmer.exe
[2009/04/27 13:53:53 | 00,007,837 | ---- | C] () -- C:\Documents and Settings\Owners\My Documents\BALI DOG JEWELRY IDEAS 4-27-09.rtf
[2009/03/05 22:41:54 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/02/03 21:31:09 | 00,000,075 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2008/10/09 15:31:54 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/08/20 20:14:06 | 00,000,062 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2008/08/20 20:14:06 | 00,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2008/08/20 20:14:06 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2008/07/14 20:22:04 | 00,000,646 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/06 19:31:47 | 00,000,030 | ---- | C] () -- C:\WINDOWS\EZLEGAL.INI
[2007/01/31 13:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/08/30 10:37:35 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/16 19:59:15 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/05/27 14:01:31 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/05/27 13:57:54 | 00,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/05/27 13:57:35 | 00,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/05/27 13:55:30 | 00,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/03/28 12:41:28 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/25 20:38:58 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/11/15 23:44:40 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/20 20:09:03 | 00,000,028 | ---- | C] () -- C:\WINDOWS\SW_Win2000X32.DLL
[2005/10/20 20:06:36 | 00,003,074 | ---- | C] () -- C:\WINDOWS\CX_SearchHistory.INI
[2005/10/20 19:55:09 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2005/10/20 19:55:09 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2005/10/20 19:55:08 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll
[2005/10/20 19:55:08 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll
[2005/10/08 23:49:26 | 00,000,380 | ---- | C] () -- C:\WINDOWS\SBE.INI
[2005/10/08 23:49:26 | 00,000,083 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2005/09/13 00:03:38 | 00,000,068 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2005/07/06 22:01:06 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/07/06 18:22:13 | 00,000,337 | ---- | C] () -- C:\WINDOWS\RPSLIGHT.INI
[2005/07/06 18:06:30 | 00,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2005/07/05 14:27:22 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/04 05:00:00 | 00,000,647 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,288 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/09/04 22:13:30 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2002/06/20 12:09:10 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/05/22 22:04:43 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/22 22:03:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/22 22:03:56 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owners\Local Settings\desktop.ini
[2009/05/22 22:03:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/22 22:00:02 | 22,029,808 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Inbox.dbx
[2009/05/22 22:00:02 | 00,715,476 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Outbox.dbx
[2009/05/22 22:00:02 | 00,074,720 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Folders.dbx
[2009/05/22 22:00:02 | 00,009,656 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Offline.dbx
[2009/05/22 22:00:02 | 00,009,404 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Pop3uidl.dbx
[2009/05/22 21:45:24 | 16,968,404 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Deleted Items.dbx
[2009/05/22 21:25:39 | 35,813,772 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Sent Items.dbx
[2009/05/22 03:04:47 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/05/22 01:02:13 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4BD29C15-2F17-4270-86A6-4EB4743570FC}.job
[2009/05/20 06:39:54 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Owners\Desktop\gmer.exe
[2009/05/20 03:03:48 | 00,278,221 | ---- | M] () -- C:\Documents and Settings\Owners\Desktop\gmer.zip
[2009/05/20 03:00:19 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owners\Desktop\OTListIt2.exe
[2009/05/14 03:50:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owners\Desktop\HijackThis.lnk
[2009/05/14 03:23:36 | 00,000,041 | ---- | M] () -- C:\Documents and Settings\Owners\Application Data\sversion.ini
[2009/05/10 11:42:43 | 00,139,376 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\BUSINESS.dbx
[2009/05/10 11:36:56 | 02,800,496 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\CLASSICLINE DRYWALL INC.dbx
[2009/05/10 11:36:49 | 00,060,116 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\CLASSICLINE DRYWALL.dbx
[2009/05/10 11:36:48 | 02,378,736 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Drafts.dbx
[2009/05/10 11:29:26 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/07 16:57:00 | 00,000,337 | ---- | M] () -- C:\WINDOWS\RPSLIGHT.INI
[2009/05/07 16:55:24 | 00,030,986 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\1-01-2007.rtf
[2009/05/07 16:55:18 | 00,323,159 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\5-01-2009 relist BALI gold.rtf
[2009/05/07 16:54:19 | 00,003,895 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\SILVER DOGS 5-01-09.rtf
[2009/05/07 13:15:58 | 00,046,665 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\12-01-07.rtf
[2009/05/07 12:56:13 | 00,032,421 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\9-15-2007 PHOENIX.rtf
[2009/05/05 17:08:31 | 00,003,896 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\FINAL DRYWALL INVOICE BRIAS 4-21-09.rtf
[2009/05/05 11:26:22 | 00,003,932 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\drywall invoice itswoot 4-12-2009 obc.rtf
[2009/05/05 11:26:04 | 00,003,958 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Drywall Invoice 341 Lake Bay Lp OBC 5-01-09.rtf
[2009/05/05 11:25:43 | 00,001,782 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Letter on Lake bay to OBC 5-01-09.rtf
[2009/05/05 08:44:22 | 00,003,955 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Paint invoice 341 Lake Bay Lp OBC 5-01-09.rtf
[2009/05/04 15:36:20 | 03,562,992 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\DOG CONTACTS EMAILS LETTERS PHONE CALLS.dbx
[2009/05/04 15:36:19 | 00,060,116 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\AUTHORIZE.NET.dbx
[2009/05/04 15:36:13 | 00,329,456 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\SALES REPS DOGS.dbx
[2009/04/30 22:04:28 | 00,003,488 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\DRYWALL invoice 321 N Razor Clam Brunk 4-23-09.rtf
[2009/04/30 22:04:15 | 00,003,189 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\Paint Invoice 321 N Razor CLam Brunk 4-23-09.rtf
[2009/04/28 20:31:15 | 00,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2009/04/27 13:53:53 | 00,007,837 | ---- | M] () -- C:\Documents and Settings\Owners\My Documents\BALI DOG JEWELRY IDEAS 4-27-09.rtf
< End of report >

Search engine is still redirecting to other random sites, hopefully we're closer to a fix though...

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:11 AM

Posted 23 May 2009 - 01:49 PM

Yes we are. :thumbup2:



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 kdm24

kdm24
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 05 June 2009 - 06:26 AM

Sorry for the delay, here is the log you requested:

ComboFix 09-06-04.08 - Owners 06/05/2009 4:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.419 [GMT -7:00]
Running from: c:\documents and settings\Owners\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owners\Application Data\FunWebProducts
c:\documents and settings\Owners\Application Data\FunWebProducts\Data\Owners\avatar.dat
c:\documents and settings\Owners\Start Menu\Programs\videoplay
C:\resycled
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\drivers\gaopdxixdwjcjs.sys
c:\windows\system32\drivers\gaopdxvyjrvjrb.sys
c:\windows\system32\gaopdxkxydqxul.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.

2009-05-23 05:01 . 2009-05-23 05:01 -------- d-----w- C:\_OTListIt
2009-05-14 10:50 . 2009-05-14 10:50 -------- d-----w- c:\program files\Trend Micro
2009-05-14 10:43 . 2009-05-14 10:44 -------- d-----w- c:\windows\system32\NtmsData
2009-05-14 10:25 . 2009-05-14 10:25 -------- d-----w- c:\documents and settings\Owners\Application Data\MSNInstaller
2009-05-06 22:26 . 2009-05-06 22:26 152576 ----a-w- c:\documents and settings\Owners\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 11:18 . 2009-03-10 03:19 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-05 10:47 . 2006-05-06 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DIGStream
2009-06-02 04:59 . 2008-02-25 05:43 -------- d-----w- c:\documents and settings\Owners\Application Data\Jarte
2009-05-14 10:32 . 2005-07-07 05:25 -------- d-----w- c:\program files\Yahoo!
2009-05-07 18:19 . 2005-07-07 04:54 -------- d-----w- c:\program files\Jarte
2009-05-07 03:55 . 2009-03-21 03:39 -------- d-----w- c:\documents and settings\Owners\Application Data\LimeWire
2009-05-06 22:27 . 2005-07-09 00:34 -------- d-----w- c:\program files\Java
2009-04-29 05:00 . 2009-05-14 08:49 142890 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2009-04-24 02:25 . 2009-04-16 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-04-24 02:25 . 2009-04-16 02:50 -------- d-----w- c:\program files\NOS
2009-04-22 10:17 . 2009-04-22 10:17 0 ----a-w- c:\windows\nsreg.dat
2009-04-16 03:16 . 2006-02-04 02:09 -------- d-----w- c:\program files\Google
2009-04-16 03:04 . 2009-04-16 03:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-14 04:17 . 2005-07-07 04:08 -------- d-----w- c:\program files\Perfect PRO Office1.1.2
2009-04-13 03:42 . 2005-10-09 06:47 -------- d-----w- c:\program files\Quicken Legal Products
2009-03-09 12:19 . 2009-01-22 04:30 410984 ----a-w- c:\windows\system32\deploytk.dll
2008-02-25 05:42 . 2008-02-25 05:42 2709464 ----a-w- c:\program files\jarte_31_setup.exe
2008-12-17 00:52 . 2009-04-24 02:28 61440 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-06-20 339968]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-05-24 49152]
"PPMemCheck"="c:\old_data\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe" [2004-04-02 148480]
"Spyware X-terminator Control Center"="c:\old_data\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe" [2004-03-31 61440]
"CookiePatrol"="c:\old_data\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe" [2005-01-10 73728]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"DIGStream"="c:\program files\DIGStream\digstream.exe" [2005-10-31 278528]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-10-31 101888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-07 180269]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-05-26 257088]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-09 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-18 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-01-15 49152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Owners\Start Menu\Programs\Startup\
SBE Reminder.lnk - c:\program files\Quicken Legal Products\Small Business Expert\Reminder.exe [2009-4-12 182272]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Perstray.lnk - c:\program files\PerSono\perstray.exe [2007-1-2 40960]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-7-5 585728]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WS_FTP PRO\\FTP95PRO.exe"=

R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [10/6/2008 5:16 PM 82696]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/26/2008 10:08 PM 29183504]
R2 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver;c:\windows\system32\drivers\uacflt.sys [1/2/2007 9:07 PM 20296]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [9/18/2008 11:09 AM 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2/3/2009 5:03 PM 104328]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [7/17/2008 12:06 PM 118784]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-06-04 c:\windows\Tasks\User_Feed_Synchronization-{4BD29C15-2F17-4270-86A6-4EB4743570FC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 02:36]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys
SafeBoot-OneCareMP


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZU&fl=0&ptb=4GId4cBIeE6LctmqpSO19g&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 04:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-05 4:22
ComboFix-quarantined-files.txt 2009-06-05 11:21

Pre-Run: 62,302,195,712 bytes free
Post-Run: 62,815,481,856 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

146 --- E O F --- 2009-01-14 00:03

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:11 AM

Posted 05 June 2009 - 11:02 AM

Please uninstall these older insecure version of Java.

J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 3



How is your computer behaving now?
Are you still experiencing the redirections?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 kdm24

kdm24
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 21 June 2009 - 07:17 AM

So sorry I was so slow on replies!!! Very hectic, but thankfully the cpu is working great, no redirections, no problems anymore, thank you SO MUCH for your patience and help!:thumbup2: This is def. a site I will frequent in the future!

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:11 AM

Posted 21 June 2009 - 09:58 AM

Glad to hear it! :)
Just a few final steps and recommendations for you.


We need to remove Combofix now that we're done with it.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :step4:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:11 AM

Posted 28 June 2009 - 10:27 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users