Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please check this hijackthis log


  • This topic is locked This topic is locked
19 replies to this topic

#1 Erinkoiso

Erinkoiso

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 13 July 2009 - 12:15 AM

my computer was comprimised - I want to have my husbands log checked to see if he has had any issue also.
This was recommended by Syler - please let me know...
Thank you
Erinkoiso

Malwarebytes' Anti-Malware 1.38
Database version: 2412
Windows 5.1.2600 Service Pack 3

7/12/2009 4:51:19 PM
mbam-log-2009-07-12 (16-51-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 242628
Time elapsed: 1 hour(s), 23 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\WINDOWS\system32\Winhrt32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\hiro\local settings\temp\winpvroc.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\documents and settings\hiro\local settings\temp\winqtjgnt.exe (Virus.Sality) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\Winhrt32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:02 PM

Posted 13 July 2009 - 12:34 AM

Hello again Erinkoiso,

I will have a look at this one for you aswell since im dealing with your other machine. I have to say it doesn't look too good
from what MBAM has found, It has detected a virus that is a file infector known as sality. These types of viruses
overwrite legitamate files with .exe extensions turning them bad, although this can usually be disinfected they can cause
alot of damage to your system.


Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program.
  • Cancel any prompts to download the latest CureIt version and click Start.
  • At the prompt to "Start scan now", click Ok. Allow the setup.exe/driver to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Next

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.
  • Then post back with DDS.txt.
  • Also please attach, Attach.txt in your next reply.
Next

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • Dr Web report
  • DDS.txt
  • Attach.txt
  • Gmer log

unite.jpg


#3 Erinkoiso

Erinkoiso
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 13 July 2009 - 12:38 AM

Thank you Syler - doing this now....

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:02 PM

Posted 13 July 2009 - 12:43 AM

No problem, im off to sleep soon, so I will have a look at your logs and get back to you sometime tomorrow.

unite.jpg


#5 Erinkoiso

Erinkoiso
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 14 July 2009 - 09:39 AM

Dr.WebCure it log:
comp01.000/data015\data386;C:\Program Files\Common Files\aolback\comp01.000/data015;Probably DLOADER.Trojan;;
data015;C:\Program Files\Common Files\aolback;Archive contains infected objects;;
comp01.000;C:\Program Files\Common Files\aolback;Archive contains infected objects;Moved.;

on to next step...

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:02 PM

Posted 14 July 2009 - 06:58 PM

That looks ok from the dr web scan, nothing to worry about there. Please post the other logs together when you have them both.

Thanks
Syler

p.s. Have you managed to find the XP cd, for your other thread.

Edited by syler, 14 July 2009 - 06:59 PM.

unite.jpg


#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:02 PM

Posted 16 July 2009 - 07:52 PM

Are you still with me? your other topic is going to be closed tomorrow and this one in a couple of days, if I get no feedback.
Please let me no if you still need my help.

Syler

Edited by syler, 16 July 2009 - 07:52 PM.

unite.jpg


#8 Erinkoiso

Erinkoiso
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 17 July 2009 - 01:17 AM

Hey there Syler - sorry about taking so long - life got a little hectic here this week :thumbup2:

gmer log:
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-15 23:52:41
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs Tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)

Device \FileSystem\Fastfat \Fat F0F87D20

AttachedDevice \FileSystem\Fastfat \Fat Tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@EncoderType 1

---- EOF - GMER 1.0.15 ----


attach log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/11/2006 7:44:45 PM
System Uptime: 7/15/2009 7:45:25 PM (0 hours ago)

Motherboard: Dell Computer Corporation | | 0X8957
Processor: Intel® Celeron® M processor 1.40GHz | Microprocessor | 1395/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 53 GiB total, 33.563 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP268: 4/15/2009 6:27:04 PM - Software Distribution Service 3.0
RP269: 4/15/2009 7:37:32 PM - Software Distribution Service 3.0
RP270: 4/17/2009 11:58:21 PM - Restore Operation
RP271: 4/18/2009 11:36:56 PM - Software Distribution Service 3.0
RP272: 4/22/2009 6:56:39 PM - System Checkpoint
RP273: 4/27/2009 1:56:15 PM - System Checkpoint
RP274: 5/2/2009 11:52:35 PM - System Checkpoint
RP275: 5/4/2009 8:40:14 PM - System Checkpoint
RP276: 5/7/2009 6:11:48 PM - System Checkpoint
RP277: 5/8/2009 7:58:49 PM - System Checkpoint
RP278: 5/13/2009 7:22:07 AM - Software Distribution Service 3.0
RP279: 5/19/2009 9:34:12 PM - System Checkpoint
RP280: 5/22/2009 12:20:56 AM - Restore Operation
RP281: 5/25/2009 5:59:02 PM - System Checkpoint
RP282: 5/28/2009 9:52:45 PM - System Checkpoint
RP283: 5/30/2009 1:16:58 AM - Installed Twin Scan II
RP284: 5/30/2009 1:17:52 AM - Installed WEGO Log
RP285: 6/1/2009 8:42:32 PM - System Checkpoint
RP286: 6/6/2009 11:45:50 AM - System Checkpoint
RP287: 6/8/2009 9:55:18 PM - System Checkpoint
RP288: 6/12/2009 8:13:53 AM - Software Distribution Service 3.0
RP289: 6/14/2009 7:58:04 AM - System Checkpoint
RP290: 6/16/2009 8:39:56 AM - System Checkpoint
RP291: 6/18/2009 3:47:48 PM - System Checkpoint
RP292: 6/19/2009 11:30:25 PM - System Checkpoint
RP293: 6/21/2009 9:29:04 PM - System Checkpoint
RP294: 6/23/2009 5:50:28 PM - System Checkpoint
RP295: 6/24/2009 6:56:48 PM - System Checkpoint
RP296: 6/27/2009 8:12:11 PM - System Checkpoint
RP297: 6/28/2009 12:53:22 AM - Software Distribution Service 3.0
RP298: 7/3/2009 5:58:15 PM - System Checkpoint
RP299: 7/8/2009 9:44:25 PM - Installed Sony Picture Utility
RP300: 7/8/2009 9:45:08 PM - Installed Shared2
RP301: 7/8/2009 9:45:53 PM - Installed TapeUtility
RP302: 7/8/2009 9:47:05 PM - Installed PMBCore
RP303: 7/8/2009 9:49:20 PM - Installed VideoUtility
RP304: 7/8/2009 9:50:14 PM - Installed DirectX
RP305: 7/10/2009 9:02:18 AM - System Checkpoint
RP306: 7/11/2009 10:13:19 AM - System Checkpoint
RP307: 7/11/2009 7:59:14 PM - Restore Operation
RP308: 7/11/2009 11:29:43 PM - Restore Operation
RP309: 7/14/2009 8:26:45 AM - System Checkpoint

==== Installed Programs ======================

Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Illustrator 7.0J
Adobe Illustrator 9.0
Adobe Photoshop 5.0J
Adobe Photoshop 5.5
Adobe Reader 6.0.1
AiO_Scan
ALPS Touch Pad Driver
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Japan
AOLIcon
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Broadcom Management Programs 2
Conexant D480 MDC V.9x Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
Data Mode for Harley-Davidson Delphi v462
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
Dell Support Center
Dell System Restore
Dell Wireless WLAN Card
DellSupport
Digital Content Portal
Digital Line Detect
EarthLink setup files
EducateU
EFI Race Tuner Manuals v4.6.2 (Delphi)
ELIcon
Get High Speed Internet!
Google
Google Desktop
Google Toolbar for Internet Explorer
Harley-Davidson Super Tuner VCI Drivers (Driver Removal)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
Internal Network Card Power Management
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Helper
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch for Windows Media Player
MusicmatchR Jukebox
NetWaiting
NetZeroInstallers
Photo Click
PowerDVD 5.5
Primo
QFolder
QuickSet
QuickTime
RealPlayer Basic
Runtime
Scan
Screamin Eagle Pro Super Tuner
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SmartLinkIII Zippers
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sony Picture Utility
Trend Micro PC-cillin Internet Security 12
TTS DataMaster-HD Delphi v132
TTS MasterTune-HD Delphi v130
TTS MasterTune Delphi Manuals v131
TTS Software Updater v110
TTS VTune-HD v132
Tuning Mode for Harley-Davidson Delphi v462
Twin Scan II
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URL Assistant
Viewpoint Media Player (Remove Only)
WebCyberCoach 3.2 Dell
WebFldrs XP
WEGO Log
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinPEP 7
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

7/9/2009 10:12:07 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
7/9/2009 10:12:07 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/14/2009 7:32:44 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/14/2009 4:36:18 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/12/2009 4:53:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
7/12/2009 10:45:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/12/2009 10:44:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tmtdi
7/12/2009 10:44:16 PM, error: Service Control Manager [7001] - The Trend Micro Proxy Service service depends on the Trend Micro TDI Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/12/2009 10:44:16 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/12/2009 10:44:16 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/12/2009 10:44:16 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/12/2009 10:44:16 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/12/2009 10:43:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/12/2009 10:43:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/11/2009 11:20:37 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0016CE171B43 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================


dds log:

DDS (Ver_09-06-26.01) - NTFSx86
Run by HIRO at 19:49:09.21 on 07/15/2009 Wed
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.1023.519 [GMT -7:00]

AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\HIRO\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-rel
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [MMTray] c:\progra~1\musicm~1\musicm~3\mm_tray.exe
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\hiro\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\`NK70G~1.LNK -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\AOL~1.lnk - c:\program files\aol 7.0a\aoltray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo1.walgreens.com/WalgreensActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144821494188
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146462920619
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-8-30 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-8-30 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-8-30 262215]
S3 silabenm;Harley-Davidson Super Tuner Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2009-3-28 17920]
S3 silabser;Harley-Davidson Super Tuner Driver;c:\windows\system32\drivers\silabser.sys [2009-3-28 61440]

=============== Created Last 30 ================

2009-07-12 22:44 <DIR> --d----- c:\documents and settings\hiro\DoctorWeb
2009-07-12 10:37 <DIR> --d----- c:\docume~1\hiro\applic~1\Malwarebytes
2009-07-12 10:37 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-12 10:37 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-12 10:37 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-12 10:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-11 23:30 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-07-11 19:45 14,336 a--sh--- c:\windows\system32\Thumbs.db
2009-07-08 21:50 <DIR> --d----- c:\windows\Logs
2009-07-08 21:45 <DIR> --d----- c:\program files\Sony
2009-07-08 21:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Corporation

==================== Find3M ====================

2009-06-30 22:54 7,518 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-28 21:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-28 21:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-28 21:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-28 21:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-28 21:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-28 21:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-28 21:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-28 21:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-28 21:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 02:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 02:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-24 22:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-24 22:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2008-05-21 21:34 50,896,944 ac------ c:\program files\drv_gc_w01_ENU.exe
2007-06-25 22:59 5,632 ac-sh--- c:\program files\Thumbs.db
2008-08-21 02:53 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082120080822\index.dat

============= FINISH: 19:49:30.39 ===============


Here you go - please let me know -
Please check my other post too - I have some questions to ask you...
Thanks,
Erin
P

#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:02 PM

Posted 17 July 2009 - 04:44 AM

Hi Erin,
No worries about the delay :thumbup2: Im glad to say this computer look a lot better, it looks like MBAM got the infection early before it
had a chance to spread, so we just have some bits to clean up.


Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Next

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
I have closed your other topic since their nothing more to do on that machine, so if you have any more questions you are welcome to ask them here.

Syler

unite.jpg


#10 Erinkoiso

Erinkoiso
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 17 July 2009 - 09:11 AM

Thanks Syler,
Running scan now... will post results after work today - thanks,
Erin

#11 Erinkoiso

Erinkoiso
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 17 July 2009 - 09:18 AM

otl log:
OTL logfile created on: 7/17/2009 7:11:00 AM - Run 1
OTL by OldTimer - Version 3.0.8.0 Folder = C:\Documents and Settings\HIRO\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.23 Mb Total Physical Memory | 487.82 Mb Available Physical Memory | 47.67% Memory free
2.41 Gb Paging File | 1.95 Gb Available in Paging File | 81.04% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 33.81 Gb Free Space | 64.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HIROK
Current User Name: HIRO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2005/04/05 22:52:52 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2004/12/06 19:45:14 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe
PRC - [2004/12/06 19:45:12 | 00,872,556 | ---- | M] (Dell Inc) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2004/04/07 11:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2005/06/09 07:53:18 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
PRC - [2006/09/04 20:54:44 | 00,880,722 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe
PRC - [2005/08/30 15:30:32 | 00,290,889 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe
PRC - [2001/11/26 19:54:02 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2005/04/05 22:52:52 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/02/06 03:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2005/08/30 15:30:34 | 00,585,792 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe
PRC - [2005/10/07 05:13:38 | 00,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2003/11/19 16:48:14 | 00,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
PRC - [2005/08/30 15:30:26 | 00,823,362 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
PRC - [2005/04/05 22:05:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/09/01 16:24:08 | 00,684,032 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2004/06/28 14:56:12 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\HidFind.exe
PRC - [2004/12/06 19:45:14 | 00,696,425 | ---- | M] (Dell Inc) -- C:\WINDOWS\System32\WLTRAY.exe
PRC - [2005/02/23 15:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2005/01/27 00:02:00 | 00,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 18:20:46 | 00,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2005/07/27 07:41:08 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2006/03/13 09:23:47 | 00,169,472 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2005/11/16 17:08:40 | 00,106,496 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
PRC - [2006/04/11 22:48:54 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RealPlay.exe
PRC - [2005/05/31 05:33:00 | 00,122,941 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2006/03/13 09:23:47 | 00,554,496 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2006/04/11 19:39:22 | 00,176,201 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
PRC - [2008/04/13 17:12:15 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
PRC - [2005/09/08 18:20:46 | 00,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2005/09/08 18:20:46 | 00,464,384 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
PRC - [2006/03/13 09:23:47 | 00,415,744 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
PRC - [2009/03/18 22:58:44 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/03/13 09:23:47 | 00,195,072 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
PRC - [2003/10/29 01:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2008/11/13 10:33:46 | 00,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2005/08/30 15:30:34 | 00,262,215 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe
PRC - [2009/04/24 22:27:50 | 00,636,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/17 07:10:43 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HIRO\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/04/07 11:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/04/05 22:52:52 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/01/07 23:25:00 | 00,181,784 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2009/05/04 19:48:17 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/06/09 07:53:18 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - [2006/09/04 20:54:44 | 00,880,722 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe -- (PcCtlCom [Auto | Running])
SRV - [2005/08/30 15:30:32 | 00,290,889 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe -- (Tmntsrv [Auto | Running])
SRV - [2005/08/30 15:30:34 | 00,585,792 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe -- (TmPfw [Auto | Running])
SRV - [2005/08/30 15:30:34 | 00,262,215 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe -- (tmproxy [Auto | Running])
SRV - [2001/11/26 19:54:02 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService [Auto | Running])
SRV - [2004/12/06 19:45:14 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe -- (wltrysvc [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/03/13 09:08:59 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2005/09/28 11:57:18 | 00,113,847 | R--- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2005/08/03 09:44:16 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2006/03/13 09:14:38 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
DRV - [2005/04/05 22:58:48 | 01,035,776 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2004/12/06 20:09:58 | 00,369,024 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2004/05/26 19:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/04/22 03:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2005/04/21 02:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2004/08/04 04:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys -- (FsVga [System | Running])
DRV - [2009/02/17 12:19:44 | 00,057,672 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftdibus.sys -- (FTDIBUS [On_Demand | Stopped])
DRV - [2009/02/17 12:17:40 | 00,072,520 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftser2k.sys -- (FTSER2K [On_Demand | Stopped])
DRV - [2004/06/22 08:05:12 | 00,051,088 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2004/06/22 08:05:12 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2004/06/22 08:05:12 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2003/11/13 23:21:16 | 00,197,120 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
DRV - [2003/11/13 23:17:00 | 01,042,816 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2003/04/09 17:48:08 | 00,011,043 | R--- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2005/01/28 22:39:56 | 00,091,823 | ---- | M] (O2Micro) -- C:\WINDOWS\System32\DRIVERS\ozscr.sys -- (O2SCBUS [On_Demand | Running])
DRV - [2004/02/13 15:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/07/04 11:22:36 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/12/04 10:02:54 | 00,017,920 | R--- | M] (Silicon Laboratories, Inc.) -- C:\WINDOWS\System32\DRIVERS\silabenm.sys -- (silabenm [On_Demand | Stopped])
DRV - [2007/12/04 10:02:54 | 00,061,440 | R--- | M] (Silicon Laboratories) -- C:\WINDOWS\System32\DRIVERS\silabser.sys -- (silabser [On_Demand | Stopped])
DRV - [2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2005/05/13 10:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2005/05/13 10:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2005/01/31 15:29:12 | 00,264,440 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\stac97.sys -- (STAC97 [On_Demand | Running])
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2005/05/31 05:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2008/11/26 18:42:42 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TmXPFlt.sys -- (Tmfilter [Auto | Running])
DRV - [2008/11/26 18:42:40 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\Tmpreflt.sys -- (Tmpreflt [Auto | Running])
DRV - [2005/08/30 15:30:38 | 00,038,528 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\Drivers\tmtdi.sys -- (tmtdi [System | Running])
DRV - [2005/08/30 15:30:38 | 01,884,585 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\Drivers\tm_cfw.sys -- (tm_cfw [Auto | Running])
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/11/26 18:39:56 | 01,195,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\Vsapint.sys -- (Vsapint [Auto | Running])
DRV - [2003/01/10 15:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
DRV - [2003/11/13 23:18:36 | 00,679,808 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-rel
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-rel


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-rel
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-rel
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-rel
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-rel
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2176268499-2091116143-3395090675-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-rel
IE - HKU\S-1-5-21-2176268499-2091116143-3395090675-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2176268499-2091116143-3395090675-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-2176268499-2091116143-3395090675-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2176268499-2091116143-3395090675-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-2176268499-2091116143-3395090675-1006\S-1-5-21-2176268499-2091116143-3395090675-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-2176268499-2091116143-3395090675-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-2176268499-2091116143-3395090675-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [Dell Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Google Desktop Search] File not found
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe (Trend Micro Incorporated.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKU\S-1-5-21-2176268499-2091116143-3395090675-1006..\Run: [DellSupport] File not found
O4 - HKU\S-1-5-21-2176268499-2091116143-3395090675-1006..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2176268499-2091116143-3395090675-1006..\Run: [OE_OEM] C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-2176268499-2091116143-3395090675-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\‚`‚n‚k 7.0 ƒgƒŒƒCƒAƒCƒRƒ“.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 7.0 トレイアイコン.lnk = C:\Program Files\AOL 7.0a\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\HIRO\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2176268499-2091116143-3395090675-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2176268499-2091116143-3395090675-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2176268499-2091116143-3395090675-1006\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1144821494188 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1146462920619 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{40c05bf6-19c6-11de-852d-0016ce171b43}\Shell - "" = AutoRun
O33 - MountPoints2\{40c05bf6-19c6-11de-852d-0016ce171b43}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{40c05bf6-19c6-11de-852d-0016ce171b43}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{40c05bf8-19c6-11de-852d-0016ce171b43}\Shell - "" = AutoRun
O33 - MountPoints2\{40c05bf8-19c6-11de-852d-0016ce171b43}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{40c05bf8-19c6-11de-852d-0016ce171b43}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{40c05bfb-19c6-11de-852d-0016ce171b43}\Shell - "" = AutoRun
O33 - MountPoints2\{40c05bfb-19c6-11de-852d-0016ce171b43}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{40c05bfb-19c6-11de-852d-0016ce171b43}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{40c05bfd-19c6-11de-852d-0016ce171b43}\Shell - "" = AutoRun
O33 - MountPoints2\{40c05bfd-19c6-11de-852d-0016ce171b43}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{40c05bfd-19c6-11de-852d-0016ce171b43}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/07/17 07:10:31 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HIRO\Desktop\OTL.exe
[2009/07/14 07:35:35 | 10,730,00448 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/14 07:32:50 | 00,000,286 | ---- | C] () -- C:\Documents and Settings\HIRO\Desktop\DrWeb.csv
[2009/07/14 07:32:12 | 00,000,286 | ---- | C] () -- C:\Documents and Settings\HIRO\My Documents\DrWeb.csv
[2009/07/12 22:40:19 | 14,906,128 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\HIRO\Desktop\drweb-cureit.exe
[2009/07/12 22:40:15 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\HIRO\Desktop\s8wcnp9y.exe
[2009/07/12 22:40:00 | 00,359,929 | ---- | C] () -- C:\Documents and Settings\HIRO\Desktop\dds.scr
[2009/07/12 10:37:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HIRO\Application Data\Malwarebytes
[2009/07/12 10:37:16 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/12 10:37:13 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/12 10:37:11 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/12 10:37:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/12 10:37:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/12 10:36:05 | 03,561,752 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HIRO\Desktop\mbam-setup.exe
[2009/07/10 19:49:53 | 79,675,488 | ---- | C] () -- C:\Documents and Settings\HIRO\Desktop\KINDERGARTEN 2009_1.wmv
[2009/07/08 23:39:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HIRO\Desktop\tools
[2009/07/08 22:33:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HIRO\My Documents\MapView
[2009/07/08 22:31:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HIRO\My Documents\Picture Motion Browser
[2009/07/08 22:14:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HIRO\Application Data\Sony Corporation
[2009/07/08 21:51:52 | 00,001,829 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DCR-SR47 ハンドブック (PDF).lnk
[2009/07/08 21:50:35 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/07/08 21:50:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/07/08 21:50:02 | 00,001,861 | ---- | C] () -- C:\Documents and Settings\HIRO\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
[2009/07/08 21:48:32 | 00,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB.lnk
[2009/07/08 21:48:32 | 00,001,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB Launcher.lnk
[2009/07/08 21:48:32 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB Guide.lnk
[2009/07/08 21:45:09 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2009/07/08 21:43:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2009/07/08 21:39:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HIRO\Application Data\InstallShield
[2009/06/30 00:09:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HIRO\Desktop\2010
[2006/11/16 23:13:57 | 00,000,222 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/11/16 23:13:56 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/07/14 23:21:20 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/04/12 01:06:26 | 00,000,152 | RHS- | C] () -- C:\WINDOWS\System32\76BDB28FFC.sys
[2006/04/11 20:13:10 | 00,007,518 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/13 09:26:15 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/13 09:15:10 | 00,000,354 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/13 08:27:56 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(4).dll
[2006/03/13 08:27:18 | 00,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/04 20:58:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:51:28 | 00,000,601 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 11:51:26 | 00,000,319 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[23 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/07/17 07:10:43 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HIRO\Desktop\OTL.exe
[2009/07/17 07:08:45 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/16 23:12:40 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/16 23:12:36 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\HIRO\Application Data\QSWWShare
[2009/07/16 23:11:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/16 23:11:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/16 23:11:49 | 10,730,00448 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/15 23:52:54 | 00,000,601 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/14 23:56:51 | 04,847,532 | -H-- | M] () -- C:\Documents and Settings\HIRO\Local Settings\Application Data\IconCache.db
[2009/07/14 07:32:50 | 00,000,286 | ---- | M] () -- C:\Documents and Settings\HIRO\Desktop\DrWeb.csv
[2009/07/14 07:32:12 | 00,000,286 | ---- | M] () -- C:\Documents and Settings\HIRO\My Documents\DrWeb.csv
[2009/07/12 22:40:19 | 14,906,128 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\HIRO\Desktop\drweb-cureit.exe
[2009/07/12 22:40:19 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\HIRO\Desktop\s8wcnp9y.exe
[2009/07/12 22:40:02 | 00,359,929 | ---- | M] () -- C:\Documents and Settings\HIRO\Desktop\dds.scr
[2009/07/12 10:37:16 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/12 10:36:05 | 03,561,752 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HIRO\Desktop\mbam-setup.exe
[2009/07/09 10:59:34 | 00,249,856 | ---- | M] () -- C:\Documents and Settings\HIRO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/09 08:14:09 | 79,675,488 | ---- | M] () -- C:\Documents and Settings\HIRO\Desktop\KINDERGARTEN 2009_1.wmv
[2009/07/08 22:15:40 | 00,047,128 | ---- | M] () -- C:\Documents and Settings\HIRO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/08 21:51:52 | 00,001,829 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DCR-SR47 ハンドブック (PDF).lnk
[2009/07/08 21:50:02 | 00,001,861 | ---- | M] () -- C:\Documents and Settings\HIRO\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
[2009/07/08 21:48:32 | 00,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PMB.lnk
[2009/07/08 21:48:32 | 00,001,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PMB Launcher.lnk
[2009/07/08 21:48:32 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PMB Guide.lnk
[2009/07/07 08:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/06/30 22:54:13 | 00,007,518 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/06/30 22:54:13 | 00,000,152 | RHS- | M] () -- C:\WINDOWS\System32\76BDB28FFC.sys
[2009/06/22 20:26:24 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files - Unicode (All) ==========
[2006/04/11 22:21:05 | 00,000,746 | ---- | C] ()(C:\Documents and Settings\All Users\Start Menu\Programs\Startup\?`?n?k 7.0 ?g???C?A?C?R?“.lnk) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\‚`‚n‚k 7.0 ƒgƒŒƒCƒAƒCƒRƒ“.lnk
[2006/04/11 22:21:05 | 00,000,746 | ---- | M] ()(C:\Documents and Settings\All Users\Start Menu\Programs\Startup\?`?n?k 7.0 ?g???C?A?C?R?“.lnk) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\‚`‚n‚k 7.0 ƒgƒŒƒCƒAƒCƒRƒ“.lnk
< End of report >

extra log:

TL Extras logfile created on: 7/17/2009 7:11:00 AM - Run 1
OTL by OldTimer - Version 3.0.8.0 Folder = C:\Documents and Settings\HIRO\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.23 Mb Total Physical Memory | 487.82 Mb Available Physical Memory | 47.67% Memory free
2.41 Gb Paging File | 1.95 Gb Available in Paging File | 81.04% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 33.81 Gb Free Space | 64.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HIROK
Current User Name: HIRO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Documents and Settings\HIRO\Local Settings\Temporary Internet Files\Content.IE5\TEYQAWH9\Trend Micro Internet Security\TisEzIns.exe" = C:\Documents and Settings\HIRO\Local Settings\Temporary Internet Files\Content.IE5\TEYQAWH9\Trend Micro Internet Security\TisEzIns.exe:*:Enabled:Trend Micro Internet Security -- File not found
"C:\Program Files\AOL 7.0a\waol.exe" = C:\Program Files\AOL 7.0a\waol.exe:*:Disabled:AOL -- (America Online, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{220907F4-9264-4FC7-8077-E8C4FD190C82}" = WEGO Log
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2ED5B784-3D85-4DC1-8724-3C0CA21083AB}" = Data Mode for Harley-Davidson Delphi v462
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30DADB96-48E0-413A-A04F-0C03121FFE95}" = Tuning Mode for Harley-Davidson Delphi v462
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4D86DA34-4BA5-45A6-A7D7-19561529FE53}" = Screamin Eagle Pro Super Tuner
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7698EDA5-A90F-4205-99CB-8FF6F9048ED9}" = Trend Micro PC-cillin Internet Security 12
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatchฎ Jukebox
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0568C61-9443-43F3-9938-E573A3BEFB7B}" = WinPEP 7
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A18002D3-6490-4B13-A9B0-9684CB4969A2}" = TTS DataMaster-HD Delphi v132
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEF43C85-7B9B-412B-8237-A461E9510C55}" = TTS MasterTune-HD Delphi v130
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D612ADE0-4FB2-4924-AE36-FD01AC3DE6A0}" = TTS MasterTune Delphi Manuals v131
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Google
"{DFD92127-C269-4A73-850C-01001672948A}" = EFI Race Tuner Manuals v4.6.2 (Delphi)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E43BB4A5-67F9-4E98-B041-0A1879504B2D}" = TTS VTune-HD v132
"{E5A0F12F-E171-43AF-A7BA-57846F595886}" = Twin Scan II
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EF1A40CA-3B0B-4F0A-A111-DB1CF9CA6C69}" = SmartLinkIII Zippers
"{FB26A5C6-95EE-429D-87B6-2ED6C3E47FF8}" = TTS Software Updater v110
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Illustrator 7.0J" = Adobe Illustrator 7.0J
"Adobe Illustrator 9.0" = Adobe Illustrator 9.0
"Adobe Photoshop 5.0J" = Adobe Photoshop 5.0J
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"All ATI Software" = ATI - Software Uninstall Utility
"America Online ja" = AOL Japan
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Google Desktop" = Google Desktop
"HDVCCOMM&125E&1802" = Harley-Davidson Super Tuner VCI Drivers (Driver Removal)
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"InstallShield_{A0568C61-9443-43F3-9938-E573A3BEFB7B}" = WinPEP 7
"InstallShield_{EF1A40CA-3B0B-4F0A-A111-DB1CF9CA6C69}" = SmartLinkIII Zippers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/1/2009 8:28:36 PM | Computer Name = HIROK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16850, faulting
module goec62~1.dll, version 0.0.0.0, fault address 0x00003dfb.

Error - 7/2/2009 9:02:53 PM | Computer Name = HIROK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16850, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/4/2009 8:11:43 PM | Computer Name = HIROK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16850, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/4/2009 11:10:03 PM | Computer Name = HIROK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16850, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/6/2009 10:38:53 AM | Computer Name = HIROK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16850, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/10/2009 11:34:11 AM | Computer Name = HIROK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/11/2009 12:27:26 PM | Computer Name = HIROK | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AD7E1C28B064EF8F6003402014C3D0E3370EB58A.crt>
with error: This operation returned because the timeout period expired.

Error - 7/11/2009 12:27:26 PM | Computer Name = HIROK | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AD7E1C28B064EF8F6003402014C3D0E3370EB58A.crt>
with error: The specified server cannot perform the requested operation.

Error - 7/11/2009 12:33:03 PM | Computer Name = HIROK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16850, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/11/2009 10:40:40 PM | Computer Name = HIROK | Source = Application Hang | ID = 1002
Description = Hanging application mmjb.exe, version 10.10.0.97, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/13/2009 9:22:11 PM | Computer Name = HIROK | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 7/13/2009 9:22:11 PM | Computer Name = HIROK | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 7/13/2009 9:22:11 PM | Computer Name = HIROK | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 7/13/2009 9:22:11 PM | Computer Name = HIROK | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 7/13/2009 9:22:11 PM | Computer Name = HIROK | Source = Service Control Manager | ID = 7001
Description = The Trend Micro Proxy Service service depends on the Trend Micro TDI
Driver service which failed to start because of the following error: %%31

Error - 7/13/2009 9:22:11 PM | Computer Name = HIROK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD APPDRV Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tmtdi

Error - 7/14/2009 10:32:44 AM | Computer Name = HIROK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/14/2009 10:34:24 AM | Computer Name = HIROK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/14/2009 7:36:18 PM | Computer Name = HIROK | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/14/2009 7:36:18 PM | Computer Name = HIROK | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >


thank you!

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:02 PM

Posted 17 July 2009 - 09:33 PM

Hi Erin,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKU\S-1-5-21-2176268499-2091116143-3395090675-1006..\Run: [DellSupport] File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\‚`‚n‚k 7.0 ƒgƒŒƒCƒAƒCƒRƒ“.lnk = File not found
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Documents and Settings\HIRO\Local Settings\Temporary Internet Files\Content.IE5\TEYQAWH9\Trend Micro Internet Security\TisEzIns.exe"=-
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.
Next

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Then please post back here with the following:
  • OTL results
  • New OTL log
  • Kaspersky report
Thanks

unite.jpg


#13 Erinkoiso

Erinkoiso
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 17 July 2009 - 10:39 PM

otl log:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2176268499-2091116143-3395090675-1006\Software\Microsoft\Windows\CurrentVersion\Run\\DellSupport deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\‚`‚n‚k 7.0 ƒgƒŒƒCƒAƒCƒRƒ“.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall"|dword:00000000 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\HIRO\Local Settings\Temporary Internet Files\Content.IE5\TEYQAWH9\Trend Micro Internet Security\TisEzIns.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: HIRO
->Temp folder emptied: 69043648 bytes
->Temporary Internet Files folder emptied: 721459705 bytes
->Java cache emptied: 1031963 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 4205021 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 14341137 bytes
Windows Temp folder emptied: 1781136 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 774.33 mb


OTL by OldTimer - Version 3.0.8.0 log created on 07172009_202559

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#14 Erinkoiso

Erinkoiso
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 18 July 2009 - 10:31 AM

Friday, July 17, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, July 18, 2009 05:44:45
Records in database: 2485853


Scan settings
kapersky log:

Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\

Scan statistics
Files scanned 126120
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:52:22

No malware has been detected. The scan area is clean.
The selected area was scanned.

#15 Erinkoiso

Erinkoiso
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 18 July 2009 - 10:32 AM

Syler,
regarding my other computer - can Itunes be taken off of that and download onto ipod touch without problem?
my son got a new ipod touch and he wanted to download his music off of itunes - is that possible or should we not chance it?

Thanks,
Erin




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users