Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With An Unknown Rootkit


  • This topic is locked This topic is locked
28 replies to this topic

#1 mrimd

mrimd

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego, Ca
  • Local time:02:15 AM

Posted 10 March 2010 - 03:19 PM

My laptop pc was reformatted several time because of slow and suspicious dis-functionalities. My first thought was to download some free antivirus, malware remover, blah blah blah...ended up downloading and paying for this program Cyber Defender out of desperation and of course it didn't work. So I called up the company to ask for a refund. The cs guy asked a few quick questions concerning my issue and immediately said "you have a rootkit installed onto your pc, and no matter how many times you format it, the kit will still be there" so I said that makes sense. Then he told me it would cost a tech $200 to remotely connect to my laptop and work on removing it. Thats when I said I'll get back to you about that and proceeded to work on it myself, in turn finding this website.


DDS (Ver_09-12-01.01) - NTFSx86
Run by imd at 2:02:56.04 on Tue 03/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2342 [GMT -8:00]

AV: The Shield Deluxe Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {7F3FC487-8CBA-4611-9FC8-F35ABE47F555}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exe
C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\seccenter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\CyberDefender\Registry Cleaner\CDregclean.exe
C:\Program Files\CyberDefender\AntiSpyware\cdasac.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\imd\My Documents\Downloads\Defogger.exe
C:\Documents and Settings\imd\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://safesearch.cyberdefender.com/smallsearch.html
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\imd\local settings\application data\cyberdefender\cdmyidd.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\imd\local settings\application data\cyberdefender\cdmyidd.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: The Shield Deluxe 2010 Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\the shield deluxe\the shield deluxe 2010\IEToolbar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\imd\local settings\application data\cyberdefender\cdmyidd.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [Google Update] "c:\documents and settings\imd\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [CyberDefender Registry Cleaner] c:\program files\cyberdefender\registry cleaner\CDregclean.exe
uRun: [CyberDefender Early Detection Center] "c:\program files\cyberdefender\antispyware\cdasac.exe" /minimize
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EPSON Stylus Photo RX500] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\the shield deluxe\the shield deluxe 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\the shield deluxe\the shield deluxe 2010\bdagent.exe"
mRun: [CyberDefender Registry Cleaner]
StartupFolder: c:\docume~1\imd\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\imd\applic~1\mozilla\firefox\profiles\0lyv8n1i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
FF - component: c:\documents and settings\imd\application data\mozilla\firefox\profiles\0lyv8n1i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\imd\application data\mozilla\firefox\profiles\0lyv8n1i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\imd\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2010-3-5 3968]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2006-2-15 14336]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-9-17 152328]
R3 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.sys [2010-3-4 67424]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-3-4 34760]
S3 Arrakis3;The Shield Deluxe Arrakis Server;c:\program files\common files\the shield deluxe\the shield deluxe arrakis server\bin\arrakis3.exe [2009-9-13 183880]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-3-4 24416]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\pedrv.sys --> c:\sysprep\PEDrv.sys [?]

=============== Created Last 30 ================

2010-03-09 09:47:05 376 ----a-w- c:\documents and settings\imd\Application Dataprivacy.xml
2010-03-05 09:40:09 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-03-05 07:04:26 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-03-05 07:04:26 43904 ----a-w- c:\windows\system32\drivers\sbp2port.sys
2010-03-05 01:30:50 0 d-----w- c:\program files\VirusTotalUploader2
2010-03-05 01:17:26 0 d-----w- C:\Backreg
2010-03-05 01:12:02 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-03-05 01:06:54 2 --shatr- c:\windows\winstart.bat
2010-03-05 01:06:25 35040 ----a-w- c:\windows\system32\Partizan.exe
2010-03-05 01:06:25 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-03-05 01:05:51 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-03-05 01:05:43 0 d-----w- c:\program files\UnHackMe
2010-03-04 23:45:36 68 ----a-w- c:\windows\st_affiliate.ini
2010-03-04 23:40:02 0 ----a-w- c:\documents and settings\imd\REGISTRY DEFENDER
2010-03-04 23:38:50 58 ----a-w- c:\windows\av_affiliate.ini
2010-03-04 23:38:46 58 ----a-w- c:\windows\as_affiliate.ini
2010-03-04 23:37:11 67424 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2010-03-01 21:01:31 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2010-03-01 21:01:31 572752 ----a-w- c:\windows\system32\wmvdmoe.dll
2010-03-01 21:01:31 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2010-03-01 21:01:30 285184 ----a-w- c:\windows\system32\wmidx2.ocx
2010-03-01 21:01:30 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
2010-03-01 20:59:54 0 d-----w- c:\program files\coolpro2
2010-03-01 08:01:22 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-03-01 08:01:21 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-03-01 08:01:19 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-03-01 08:01:19 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-27 21:41:23 0 d-----w- c:\docume~1\imd\applic~1\CyberDefender
2010-02-27 21:41:15 0 d-----w- c:\program files\CyberDefender
2010-02-25 05:20:11 0 d-sh--w- c:\documents and settings\imd\IECompatCache
2010-02-25 05:18:57 0 d-sh--w- c:\documents and settings\imd\PrivacIE
2010-02-25 01:14:20 9662 ----a-w- c:\windows\EPISME00.SWB
2010-02-22 22:47:08 3833 ----a-w- c:\windows\machine.ver
2010-02-22 11:38:41 0 ----a-w- c:\windows\system32\cid_store.dat
2010-02-22 10:59:33 0 d-----w- c:\docume~1\imd\applic~1\MxBoost
2010-02-22 10:55:50 0 d-----w- c:\program files\Maxthon2
2010-02-22 05:23:59 0 d-sh--w- c:\documents and settings\imd\IETldCache
2010-02-22 04:24:44 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-22 04:24:16 0 d-----w- c:\windows\ie8updates
2010-02-22 04:23:38 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-22 04:23:37 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-22 04:23:37 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-22 04:23:37 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-22 04:23:37 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-22 04:23:37 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-18 22:34:39 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2010-02-18 22:34:39 18944 ----a-w- c:\windows\system32\simptcp.dll
2010-02-17 21:30:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Azureus
2010-02-17 21:30:31 0 d-----w- c:\docume~1\imd\applic~1\Azureus
2010-02-17 21:27:32 0 d-----w- c:\program files\Vuze
2010-02-17 21:27:12 0 d-----w- c:\program files\Conduit
2010-02-17 21:27:11 0 d-----w- c:\program files\Vuze_Remote
2010-02-17 11:06:30 0 d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU
2010-02-17 10:59:56 156910 ----a-w- c:\windows\WMSysPr8.prx
2010-02-17 10:59:55 221215 ----a-w- c:\windows\system32\divxdec.ax
2010-02-17 10:59:52 82944 ----a-w- c:\windows\system32\vct3216.acm
2010-02-17 10:59:52 638976 ----a-w- c:\windows\system32\divx.dll
2010-02-17 10:59:52 53248 ----a-w- c:\windows\system32\xvid.ax
2010-02-17 10:59:52 524288 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-17 10:59:52 413760 ----a-w- c:\windows\system32\mpg4c32.dll
2010-02-17 10:59:52 261632 ----a-w- c:\windows\system32\mcdvd_32.dll
2010-02-17 10:59:52 139264 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-17 10:59:51 81920 ----a-w- c:\windows\system32\AC3ACM.acm
2010-02-17 10:59:51 38912 ----a-w- c:\windows\system32\alf2cd.acm
2010-02-17 10:59:51 0 d-----w- c:\program files\AVSMedia
2010-02-17 10:57:04 0 d-----w- c:\program files\common files\AVSMedia
2010-02-17 10:56:30 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-02-17 10:56:30 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-02-17 10:56:29 0 d-----w- c:\program files\AVS4YOU
2010-02-17 02:11:15 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-02-17 01:09:26 0 dc-h--w- c:\windows\ie8
2010-02-17 00:59:12 0 d-----w- C:\a57235a07d47d1266b0b37003b94
2010-02-17 00:57:19 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-02-17 00:54:51 385 ----a-w- c:\windows\system32\user_gensett.xml
2010-02-17 00:36:43 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-02-17 00:36:43 16 ----a-w- c:\windows\system32\asdict.dat
2010-02-17 00:36:43 0 ----a-w- c:\windows\system32\ab_bl.sig
2010-02-17 00:36:43 0 ----a-w- C:\pcwords2.dat
2010-02-17 00:36:43 0 ----a-w- C:\pcwords.dat
2010-02-17 00:36:43 0 ----a-w- C:\pcconf.ini
2010-02-17 00:36:43 0 ----a-w- C:\pc_sign.slf
2010-02-17 00:24:18 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender
2010-02-16 21:42:35 0 d-----w- c:\docume~1\imd\applic~1\The Shield Deluxe
2010-02-16 21:41:29 0 d-----w- c:\program files\The Shield Deluxe
2010-02-16 21:41:29 0 d-----w- c:\program files\common files\The Shield Deluxe
2010-02-16 21:41:29 0 d-----w- c:\docume~1\alluse~1\applic~1\The Shield Deluxe
2010-02-16 21:40:15 0 d-----w- c:\program files\common files\BitDefender
2010-02-16 21:25:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-16 21:25:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-16 11:57:50 0 d-----w- c:\windows\system32\XPSViewer
2010-02-16 11:56:56 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-16 11:56:56 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-16 11:56:56 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-16 11:56:56 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-16 11:56:56 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-16 11:56:56 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-16 11:56:56 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-16 11:56:55 0 d-----w- C:\bb68b33a27365ebda9e258a7
2010-02-16 11:26:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-02-16 11:26:08 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-02-16 11:24:58 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-02-16 11:24:26 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2010-02-16 11:24:26 55808 ----a-w- c:\windows\system32\devcon.exe
2010-02-16 11:24:22 0 d-----w- c:\program files\Driver Checker
2010-02-16 11:20:04 46080 ----a-w- c:\windows\system32\escimgd.dll
2010-02-16 11:20:04 29696 ----a-w- c:\windows\system32\escwiad.dll
2010-02-16 11:20:03 22528 ----a-w- c:\windows\system32\esccmd.dll
2010-02-16 11:16:55 98304 ----a-w- c:\windows\system32\E_SAGSET.DLL
2010-02-16 11:16:55 79622 ----a-w- c:\windows\system32\EBPMON24.DLL
2010-02-16 11:16:55 64000 ----a-w- c:\windows\system32\ECBTEG.DLL
2010-02-16 11:16:55 34304 ----a-w- c:\windows\system32\EBPCHP.DLL
2010-02-16 11:14:59 0 d-----w- c:\program files\EPSON
2010-02-16 11:14:33 0 d-----w- C:\epson
2010-02-16 11:13:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-02-16 11:13:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-02-16 11:03:50 0 d-----w- c:\program files\MSXML 4.0
2010-02-16 08:56:53 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-02-16 08:56:52 0 d-----w- c:\program files\MagicDisc
2010-02-16 08:46:45 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2010-02-16 08:41:25 326 ----a-w- c:\windows\system32\StuffItPath.ini
2010-02-16 08:41:22 568320 ----a-w- c:\windows\system32\StuffItOutlookAddinSetup.msi
2010-02-16 08:41:22 3691008 ----a-w- c:\windows\system32\StuffItOfficeAddInSetup.msi
2010-02-16 08:41:22 0 d-----w- c:\windows\system32\KB908002
2010-02-16 08:39:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Smith Micro
2010-02-16 08:39:44 0 d-----w- c:\program files\Smith Micro
2010-02-15 12:23:39 0 d-----w- c:\windows\network diagnostic
2010-02-15 12:23:35 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2010-02-15 12:22:23 19569 ----a-w- c:\windows\003461_.tmp
2010-02-15 11:34:01 22528 -c--a-w- c:\windows\system32\dllcache\lpdsvc.dll
2010-02-15 11:34:01 22528 ----a-w- c:\windows\system32\lpdsvc.dll
2010-02-15 11:30:40 18944 -c--a-w- c:\windows\system32\dllcache\lprmon.dll
2010-02-15 11:30:40 18944 ----a-w- c:\windows\system32\lprmon.dll
2010-02-15 11:30:19 35328 -c--a-w- c:\windows\system32\dllcache\iprip.dll
2010-02-15 11:30:19 35328 ----a-w- c:\windows\system32\iprip.dll
2010-02-15 11:29:57 0 d-----w- c:\windows\ServicePackFiles
2010-02-15 11:28:45 19528 ----a-w- c:\windows\000001_.tmp
2010-02-15 11:21:25 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-15 11:20:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-02-15 11:20:16 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-15 11:17:20 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-15 11:17:18 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-02-15 11:17:14 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-02-15 11:17:06 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-02-15 11:16:51 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-02-15 11:14:39 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-15 11:11:55 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-02-15 11:03:24 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2010-02-15 11:03:02 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-02-15 11:03:01 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2010-02-15 11:03:00 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-02-15 11:02:01 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-02-15 11:00:50 0 d-----w- c:\windows\system32\PreInstall
2010-02-15 11:00:36 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-15 11:00:28 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-15 11:00:26 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-15 10:19:11 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-02-15 09:15:41 0 d-----w- c:\docume~1\imd\applic~1\McAfee.com Personal Firewall
2010-02-15 09:15:04 0 d-----w- c:\docume~1\imd\applic~1\You've Got Pictures Screensaver
2010-02-15 09:15:04 0 d-----w- c:\docume~1\imd\applic~1\Intel
2010-02-15 09:15:04 0 d-----w- c:\docume~1\imd\applic~1\AOL
2010-02-15 09:14:10 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-02-15 09:08:29 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-02-15 09:06:03 61 ----a-w- c:\windows\smscfg.ini
2010-02-15 09:04:49 0 d-----w- c:\program files\AVerMedia
2010-02-15 09:04:13 0 d-----w- c:\program files\common files\InterVideo
2010-02-15 09:03:52 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-02-15 09:01:00 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-02-15 09:00:50 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-02-15 09:00:50 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-02-15 09:00:47 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-02-15 09:00:40 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-02-15 09:00:37 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

==================== Find3M ====================

2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll

============= FINISH: 2:03:53.33 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 AM

Posted 13 March 2010 - 09:10 AM

Hello, mrimd.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.
  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!


Formatting will get rid of rootkits...it's about the only way to truly know they're gone. The good news is that I don't see evidence of a rootkit on your machine in the GMER log. Is there something you've seen that suggests you have a rootkit?

That being said, I do see some issues that could account for sluggishness. Let's get started.

I see you have two anviruses on your machine. That may cause some of the slowdown. The Sheild runs BitDefender which I have heard can slow down systems. I don't have any personal experience iwth that however, or Cyber Defender, so I can't recommend one over the other. I use the free version of Avast!

I also see that you have a registry cleaner installed (in your case Cyber Defender). Here at BC, we do not recommend using registry cleaners.

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578

I see Viewpoint is installed on your machine. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to the Control Panel, then Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case Vuze). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.



Step 1

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either The Shield Deluxe Antivirus or Cyber Defender Internet Security.



Step 2

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT


  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 mrimd

mrimd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego, Ca
  • Local time:02:15 AM

Posted 13 March 2010 - 05:43 PM

OTL logfile created on: 3/13/2010 2:35:16 PM - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 71.46 Gb Free Space | 76.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 5.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.91 Gb Total Space | 0.26 Gb Free Space | 13.82% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRASHER
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/13 14:10:08 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/02/05 10:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/13 14:10:08 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/10/30 12:34:12 | 001,916,248 | ---- | M] (Smith Micro Software, Inc.) [Auto | Stopped] -- C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe -- (Stuffit Archive Name Service)
SRV - [2009/09/24 12:37:26 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Threat Scanner\scan.dll -- (scan)
SRV - [2009/09/24 12:33:28 | 001,595,016 | ---- | M] (PCSecurityShield) [Auto | Stopped] -- C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exe -- (VSSERV)
SRV - [2009/09/24 12:33:16 | 000,346,168 | ---- | M] (PCSecurityShield) [Auto | Stopped] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/09/13 23:31:30 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2008/04/14 05:42:04 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 05:41:56 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2005/12/20 11:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/07/12 17:14:42 | 000,040,960 | ---- | M] () [Auto | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 16:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/20 05:40:04 | 000,010,328 | R--- | M] (America Online) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 12:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/28 00:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/08/10 04:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2004/08/10 04:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-119506194-70046555-1172815383-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-119506194-70046555-1172815383-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-119506194-70046555-1172815383-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdaphffext\ [2010/02/16 13:41:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/09 02:33:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/16 13:25:07 | 000,000,000 | ---D | M]

[2010/03/09 02:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/03/10 11:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qxmen2nz.default\extensions
[2010/03/10 11:47:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qxmen2nz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/09 02:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/13 22:10:06 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (The Shield Deluxe 2010 Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKU\S-1-5-21-119506194-70046555-1172815383-500\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe (PCSecurityShield)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe File not found
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-119506194-70046555-1172815383-500..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\imd\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-119506194-70046555-1172815383-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/15 07:38:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/05/11 14:13:39 | 000,000,279 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/10/25 15:33:00 | 000,000,090 | ---- | M] () - G:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2006/04/18 14:33:36 | 000,950,272 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/02/15 07:38:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {38539595-3E29-410d-ABBD-3D6A75BC9A73} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 14 Days ==========

[2010/03/13 14:33:57 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/03/13 14:31:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/03/13 14:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Vuze_Remote
[2010/03/13 14:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2010/03/13 14:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2010/03/13 14:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/03/10 11:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\U3
[2010/03/10 03:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\gmer.zip_1
[2010/03/10 02:34:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/03/09 02:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/03/09 02:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/03/09 02:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/03/09 01:12:14 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/03/09 01:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RegRun2
[2010/03/09 01:05:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/03/05 15:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/03/05 01:40:09 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys
[2010/03/05 01:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2010/03/04 17:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2010/03/04 17:17:26 | 000,000,000 | ---D | C] -- C:\Backreg
[2010/03/04 17:12:02 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010/03/04 17:05:51 | 000,012,752 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010/03/04 17:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\regruninfo
[2010/03/04 17:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/03/01 12:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\coolpro2
[2010/02/15 03:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/15 02:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2006/02/15 08:25:00 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2006/02/15 07:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/02/15 07:38:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/02/15 07:38:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[38 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/13 14:30:31 | 000,000,276 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/13 14:29:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/13 14:26:30 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\CD UNINSTALL SOLUTION.job
[2010/03/13 14:24:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-119506194-70046555-1172815383-500Core.job
[2010/03/13 14:18:56 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/13 14:16:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/13 14:15:41 | 000,000,132 | ---- | M] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2010/03/13 14:15:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/13 14:12:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/13 14:10:08 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/03/10 14:27:53 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/10 14:27:53 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/03/09 02:04:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-119506194-70046555-1172815383-1005UA.job
[2010/03/09 01:28:16 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010/03/05 15:58:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/04 23:04:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-119506194-70046555-1172815383-1005Core.job
[2010/03/04 21:33:42 | 000,000,853 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/04 17:08:17 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/04 17:08:17 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/03/04 17:08:17 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/03/04 15:57:30 | 000,164,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/04 15:45:36 | 000,000,068 | ---- | M] () -- C:\WINDOWS\st_affiliate.ini
[2010/03/01 13:01:32 | 000,156,910 | ---- | M] () -- C:\WINDOWS\WMSysPr8.prx
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[38 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/13 14:26:30 | 000,000,374 | ---- | C] () -- C:\WINDOWS\tasks\CD UNINSTALL SOLUTION.job
[2010/03/13 14:24:01 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-119506194-70046555-1172815383-500Core.job
[2010/03/13 14:18:55 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 17:06:54 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/03/04 15:45:36 | 000,000,068 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2010/02/17 02:59:52 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/17 02:59:52 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/16 00:41:25 | 000,000,326 | ---- | C] () -- C:\WINDOWS\System32\StuffItPath.ini
[2010/02/15 01:06:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/05/13 14:56:11 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/02/24 20:28:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/02/17 01:57:19 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/02/16 07:07:58 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/02/16 01:50:52 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/16 01:25:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/02/16 01:25:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/02/16 01:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/02/16 01:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/02/16 01:25:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/02/16 01:25:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/02/15 08:41:53 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/02/15 08:41:53 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/02/15 08:40:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/02/15 08:28:50 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/02/15 08:28:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/02/15 08:28:50 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/02/15 08:28:50 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/02/15 08:25:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/02/15 08:21:53 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/15 07:44:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/15 06:09:00 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/28 20:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 15:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2006/02/16 01:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2010/02/17 13:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/02/16 16:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2006/02/17 01:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2010/02/16 00:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smith Micro
[2010/02/16 13:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Shield Deluxe
[2006/02/16 01:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/05/13 15:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/05/13 15:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2006/02/16 01:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2010/02/17 15:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\imd\Application Data\Azureus
[2010/03/01 03:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\imd\Application Data\MxBoost
[2010/02/16 13:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\imd\Application Data\The Shield Deluxe
[2006/02/16 01:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\imd\Application Data\toshiba
[2010/03/13 14:26:30 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\CD UNINSTALL SOLUTION.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[38 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 04:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2009/06/25 16:04:32 | 000,001,536 | ---- | M] () MD5=8D4CD834292293F4055BAC313268E2DE -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Arrakis Server\lib\eventlog.dll

< MD5 for: KR10N.SYS >
[2005/01/12 00:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\OemDir\KR10N.sys
[2005/01/12 00:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\system32\drivers\KR10N.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >



OTL Extras logfile created on: 3/13/2010 2:35:16 PM - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 71.46 Gb Free Space | 76.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 5.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.91 Gb Total Space | 0.26 Gb Free Space | 13.82% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRASHER
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-119506194-70046555-1172815383-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.Administrator] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Common Files\AOL\1147563008\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1147563008\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- (Yahoo!)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- File not found
"C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe" = C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe:*:Enabled:MxDownloadServer -- (Maxthon International ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{26A7FC57-FC21-4CA9-85BD-4324B3294D8B}" = StuffIt 2010
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CBA54E-98BE-4270-A394-11842534C4B5}" = StuffIt Plugins
"{74F642A7-0B0A-42A2-BBE3-C066F0F6FBC4}" = StuffIt Plugins For Office And Photoshop
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{BADC5319-A2A0-4BE1-A7C3-A271AE0E791D}" = The Shield Deluxe 2010
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}" = Toshiba Media Center Game Console
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FDF361F1-CB4E-4863-AD22-DAE6D2C64357}" = StuffIt Plugins
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"AVGantiRootkit" = AVG Anti-Rootkit Free
"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.19
"AVS Video Tools 5_is1" = AVS Video Tools 5.6
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"Desktop Dialer" = Desktop Dialer
"Driver Checker_is1" = Driver Checker v2.7.4
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESPNMotion" = ESPNMotion
"Google Desktop" = Google Desktop
"ie8" = Windows Internet Explorer 8
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Maxthon2" = Maxthon2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Picasa2" = Picasa 2
"Port Magic" = Pure Networks Port Magic
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA TV Tuner" = TOSHIBA TV Tuner 4.0.12.73
"UnHackMe_is1" = UnHackMe 5.70 release
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WT004723" = Blasterball 2 Revolution
"WT004829" = Polar Golfer
"WT006066" = FATE
"WT006448" = Blackhawk Striker 2
"WT006527" = Polar Bowler
"WT009503" = Penguins!
"WT009952" = Chuzzle Deluxe
"WT009953" = Mah Jong Quest
"WT009954" = SCRABBLE
"WT010043" = Bejeweled 2 Deluxe
"Yahoo! Music Engine" = Yahoo! Music Engine

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-119506194-70046555-1172815383-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/9/2010 5:41:26 AM | Computer Name = CRASHER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 3/9/2010 5:42:07 AM | Computer Name = CRASHER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/9/2010 5:42:08 AM | Computer Name = CRASHER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/9/2010 5:42:08 AM | Computer Name = CRASHER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/9/2010 5:43:08 AM | Computer Name = CRASHER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/9/2010 5:43:09 AM | Computer Name = CRASHER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/9/2010 5:43:12 AM | Computer Name = CRASHER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/10/2010 7:03:08 AM | Computer Name = CRASHER | Source = Application Error | ID = 1000
Description = Faulting application ehrec.exe, version 5.1.2600.5512, faulting module
ehrec.exe, version 5.1.2600.5512, fault address 0x00005f67.

Error - 3/10/2010 7:03:17 AM | Computer Name = CRASHER | Source = Application Error | ID = 1000
Description = Faulting application ehrec.exe, version 5.1.2600.5512, faulting module
ehrec.exe, version 5.1.2600.5512, fault address 0x00005f67.

Error - 3/13/2010 6:13:19 PM | Computer Name = CRASHER | Source = Application Error | ID = 1004
Description = Faulting application ehrec.exe, version 5.1.2600.5512, faulting module
ehrec.exe, version 5.1.2600.5512, fault address 0x00005f67.

[ System Events ]
Error - 3/13/2010 6:18:09 PM | Computer Name = CRASHER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/13/2010 6:18:34 PM | Computer Name = CRASHER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
bdfsfltr Fips intelppm

Error - 3/13/2010 6:20:32 PM | Computer Name = CRASHER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/13/2010 6:20:49 PM | Computer Name = CRASHER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/13/2010 6:23:05 PM | Computer Name = CRASHER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/13/2010 6:24:01 PM | Computer Name = CRASHER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/13/2010 6:24:02 PM | Computer Name = CRASHER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/13/2010 6:24:02 PM | Computer Name = CRASHER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/13/2010 6:24:36 PM | Computer Name = CRASHER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/13/2010 6:32:49 PM | Computer Name = CRASHER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >


#4 mrimd

mrimd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego, Ca
  • Local time:02:15 AM

Posted 13 March 2010 - 05:50 PM

etavares,

Thank you for all of your help also. It looks like a lot of code and a big headache to me.


mrimd

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 AM

Posted 14 March 2010 - 09:49 AM

Hello, mrimd.
No problem. No malware is visible, so let's get a second opinion.



Step 1

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push



Step 2

Please run an OTL scan as above and post it...but please run in Normal Mode, not Safe Mode.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 mrimd

mrimd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego, Ca
  • Local time:02:15 AM

Posted 14 March 2010 - 11:23 PM

Here are the scan text files. But this time while not in safe mode it would not bring up an "EXTRAS" file for me and I tried the scan twice. Also would not allow me to log into this site, so I am on another computer transferring info between the two. My laptop is def got some virus or malware on it no question, but what is it. Maybe remotely controlled by a hacker, the screen looks like a glass of juice slowly filling up for like five min @ login when im not even running any programs + its shuts of randomly in the middle of things, sometimes just the screen shuts of but the machine is still running. This win pc is on it's death bed for sure, That's why I run a Mac and my wife uses this; hopefully if it gets up n working properly again.

Thanks again for the asst.



C:\Documents and Settings\imd\Local Settings\Temporary Internet Files\Content.IE5\9LPSK3YC\index[3].htm JS/Exploit.Agent.AGC trojan cleaned by deleting - quarantined
C:\Documents and Settings\imd\Local Settings\Temporary Internet Files\Content.IE5\VIBFA58F\publ[1].txt HTML/Iframe.B.Gen virus deleted - quarantined


____________________________________________________________________________________________________________________________


OTL logfile created on: 3/14/2010 5:20:43 PM - Run 2
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
OTL logfile created on: 3/14/2010 7:17:17 PM - Run 2
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 68.38 Gb Free Space | 73.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 5.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.91 Gb Total Space | 0.26 Gb Free Space | 13.82% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRASHER
Current User Name: imd
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/13 15:10:08 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/02/05 11:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\imd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/12/22 15:38:24 | 000,594,144 | ---- | M] (Greatis Software) -- C:\Program Files\UnHackMe\hackmon.exe
PRC - [2009/10/30 13:34:12 | 001,916,248 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe
PRC - [2009/09/24 13:33:28 | 001,595,016 | ---- | M] (PCSecurityShield) -- C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exe
PRC - [2009/09/24 13:33:20 | 001,086,232 | ---- | M] (PCSecurityShield) -- C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\seccenter.exe
PRC - [2009/09/24 13:33:16 | 000,346,168 | ---- | M] (PCSecurityShield) -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exe
PRC - [2009/09/24 13:32:52 | 001,114,536 | ---- | M] (PCSecurityShield) -- C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/05 15:02:24 | 000,352,256 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2005/12/20 12:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/12/16 01:34:16 | 000,082,009 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/12/16 01:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2005/12/05 13:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/30 13:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/11/28 12:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 12:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/28 12:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 12:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 12:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/11/02 17:41:04 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/10/06 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/08/16 12:23:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/05/31 22:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 21:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 17:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/03/17 18:37:26 | 000,151,552 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2005/03/11 16:03:16 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe
PRC - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 01:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/10/20 06:40:04 | 000,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 13:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/08/28 01:37:00 | 000,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/18 04:37:44 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2004/08/10 05:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2003/06/02 04:00:00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2K1.EXE


========== Modules (SafeList) ==========

MOD - [2010/03/13 15:10:08 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/14 06:41:52 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2002/03/03 05:40:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/30 13:34:12 | 001,916,248 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe -- (Stuffit Archive Name Service)
SRV - [2009/09/24 13:37:26 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Threat Scanner\scan.dll -- (scan)
SRV - [2009/09/24 13:33:28 | 001,595,016 | ---- | M] (PCSecurityShield) [Auto | Running] -- C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exe -- (VSSERV)
SRV - [2009/09/24 13:33:16 | 000,346,168 | ---- | M] (PCSecurityShield) [Auto | Running] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/09/14 00:31:30 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2008/04/14 06:42:04 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 06:41:56 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2005/12/20 12:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/11/28 12:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 12:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 12:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/20 06:40:04 | 000,010,328 | R--- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/08/10 05:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2004/08/10 05:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-119506194-70046555-1172815383-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-119506194-70046555-1172815383-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-119506194-70046555-1172815383-1005\..\URLSearchHook: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-119506194-70046555-1172815383-1005\..\URLSearchHook: ~ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-119506194-70046555-1172815383-1005\..\URLSearchHook: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-119506194-70046555-1172815383-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=1#"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.5.6.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdaphffext\ [2010/02/16 14:41:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/09 03:33:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/16 14:25:07 | 000,000,000 | ---D | M]

[2010/02/15 03:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\imd\Application Data\Mozilla\Extensions
[2010/03/09 03:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\imd\Application Data\Mozilla\Firefox\Profiles\0lyv8n1i.default\extensions
[2010/02/17 04:04:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\imd\Application Data\Mozilla\Firefox\Profiles\0lyv8n1i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/16 14:25:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\imd\Application Data\Mozilla\Firefox\Profiles\0lyv8n1i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/13 15:29:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\imd\Application Data\Mozilla\Firefox\Profiles\0lyv8n1i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/03/01 16:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\imd\Application Data\Mozilla\Firefox\Profiles\0lyv8n1i.default\extensions\dropio@dropio
[2010/02/22 02:40:01 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\imd\Application Data\Mozilla\Firefox\Profiles\0lyv8n1i.default\searchplugins\conduit.xml
[2010/03/09 03:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/13 23:10:06 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll

O1 HOSTS File: ([2004/08/10 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (The Shield Deluxe 2010 Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKU\S-1-5-21-119506194-70046555-1172815383-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe (PCSecurityShield)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe File not found
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-119506194-70046555-1172815383-1005..\Run: [CyberDefender Early Detection Center] C:\Program Files\CyberDefender\AntiSpyware\cdasac.exe File not found
O4 - HKU\S-1-5-21-119506194-70046555-1172815383-1005..\Run: [CyberDefender Registry Cleaner] C:\Program Files\CyberDefender\Registry Cleaner\CDregclean.exe File not found
O4 - HKU\S-1-5-21-119506194-70046555-1172815383-1005..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-119506194-70046555-1172815383-1005..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\imd\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-119506194-70046555-1172815383-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\imd\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\imd\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/15 08:38:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/05/11 15:13:39 | 000,000,279 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/10/25 15:33:00 | 000,000,090 | ---- | M] () - G:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{c9951669-1ad6-11df-a873-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{c9951669-1ad6-11df-a873-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c9951669-1ad6-11df-a873-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2006/04/18 15:33:36 | 000,950,272 | R--- | M] ()
O33 - MountPoints2\{c995166a-1ad6-11df-a873-00038a000015}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2006/04/18 15:33:36 | 000,950,272 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (0) - File not found
O34 - HKLM BootExecute: (09) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/14 17:06:10 | 000,034,760 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/03/14 17:06:09 | 000,035,040 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/03/10 03:34:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/03/09 02:12:14 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/03/05 02:40:09 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys
[2010/03/04 18:17:26 | 000,000,000 | ---D | C] -- C:\Backreg
[2010/03/04 18:12:02 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010/03/04 18:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\imd\My Documents\RegRun2
[2010/03/04 18:05:51 | 000,012,752 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010/03/04 18:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\regruninfo
[2006/02/15 09:25:00 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[38 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/14 19:04:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-119506194-70046555-1172815383-1005UA.job
[2010/03/14 17:06:10 | 000,035,040 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/03/14 17:06:10 | 000,034,760 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/03/14 17:05:50 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\imd\Application Dataprivacy.xml
[2010/03/14 16:55:10 | 000,523,844 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 16:55:10 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 16:55:10 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 16:50:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/14 16:50:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/14 16:50:19 | 3210,792,960 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/14 14:20:21 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-119506194-70046555-1172815383-500Core.job
[2010/03/14 14:20:21 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\CD UNINSTALL SOLUTION.job
[2010/03/14 14:20:14 | 000,164,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/13 15:30:31 | 000,000,276 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/13 15:29:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/13 15:15:41 | 000,000,132 | ---- | M] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2010/03/13 15:15:37 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\imd\NTUSER.DAT
[2010/03/13 15:15:37 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\imd\ntuser.ini
[2010/03/13 15:12:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/09 03:03:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\imd\defogger_reenable
[2010/03/09 02:28:16 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010/03/05 16:58:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/05 00:04:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-119506194-70046555-1172815383-1005Core.job
[2010/03/04 22:33:42 | 000,000,853 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/04 18:08:17 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/04 18:08:17 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/03/04 18:08:17 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/03/04 16:45:36 | 000,000,068 | ---- | M] () -- C:\WINDOWS\st_affiliate.ini
[2010/03/04 16:40:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\imd\REGISTRY DEFENDER
[2010/03/01 14:01:32 | 000,156,910 | ---- | M] () -- C:\WINDOWS\WMSysPr8.prx
[2010/03/01 02:01:06 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\imd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[38 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/14 16:50:19 | 3210,792,960 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/13 15:26:30 | 000,000,374 | ---- | C] () -- C:\WINDOWS\tasks\CD UNINSTALL SOLUTION.job
[2010/03/13 15:24:01 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-119506194-70046555-1172815383-500Core.job
[2010/03/09 03:03:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\imd\defogger_reenable
[2010/03/09 02:47:05 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\imd\Application Dataprivacy.xml
[2010/03/04 18:06:54 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/03/04 16:45:36 | 000,000,068 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2010/03/04 16:40:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\imd\REGISTRY DEFENDER
[2010/02/17 03:59:52 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/17 03:59:52 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/16 01:41:25 | 000,000,326 | ---- | C] () -- C:\WINDOWS\System32\StuffItPath.ini
[2010/02/15 03:48:41 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\imd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/15 02:15:06 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\imd\Local Settings\Application Data\fusioncache.dat
[2010/02/15 02:06:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/01/15 14:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2007/01/31 15:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/05/13 15:56:11 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/02/24 21:28:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/02/16 08:07:58 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/02/16 02:50:52 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/16 02:25:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/02/16 02:25:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/02/16 02:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/02/16 02:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/02/16 02:25:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/02/16 02:25:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/02/15 09:41:53 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/02/15 09:41:53 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/02/15 09:40:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/02/15 09:28:50 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/02/15 09:28:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/02/15 09:28:50 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/02/15 09:28:50 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/02/15 09:25:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/02/15 09:21:53 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/15 08:44:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/15 07:09:00 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/28 21:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 15:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 16:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/03/14 14:20:21 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\CD UNINSTALL SOLUTION.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[38 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2009/06/25 17:04:32 | 000,001,536 | ---- | M] () MD5=8D4CD834292293F4055BAC313268E2DE -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Arrakis Server\lib\eventlog.dll

< MD5 for: KR10N.SYS >
[2005/01/12 01:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\OemDir\KR10N.sys
[2005/01/12 01:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\system32\drivers\KR10N.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 AM

Posted 15 March 2010 - 10:07 PM

Hello, mrimd.
There is one file in the logs, so we can see if that's it. The sluggishness may not be caused by malware. That being said, let's dig a little deeper. It could also be caused by router settings that were changed by malware at some point.




Step 1

Do you connect to a router, or directly to a modem? (Or, how many boxes are connected between you computer and the internet cable in the wall?)

Do you get blocked in Internet Explorer, Firefox, or both?



Step 2

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as mrimdCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on mrimdCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 mrimd

mrimd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego, Ca
  • Local time:02:15 AM

Posted 16 March 2010 - 03:32 PM

No I am not blocked anymore, it was a password issue I believe and I connect wireless to an att&t uverse router.


ComboFix 10-03-16.01 - imd 03/16/2010 13:08:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2089 [GMT -7:00]
Running from: c:\documents and settings\imd\My Documents\Downloads\mrimdCF.exe.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: The Shield Deluxe Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\imd\Start Menu\Programs\Startup\MagicDisc.lnk
C:\install.exe
c:\program files\Internet Explorer\SET70.tmp
c:\program files\Internet Explorer\SET75.tmp
c:\recycler\S-1-5-21-3868997124-911790988-508925577-500
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
.

2010-03-16 19:58 . 2010-03-16 19:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-03-15 10:02 . 2010-03-15 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2010-03-15 09:58 . 2009-11-11 18:14 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-03-15 09:58 . 2009-11-11 18:14 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-03-15 09:58 . 2009-11-11 18:14 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-03-15 09:58 . 2009-07-16 19:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-03-15 09:57 . 2010-03-15 09:58 -------- d-----w- c:\program files\Common Files\McAfee
2010-03-15 09:57 . 2010-03-15 09:57 -------- d-----w- c:\program files\McAfee.com
2010-03-15 09:54 . 2009-11-11 18:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-03-14 23:52 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-14 21:24 . 2010-03-14 21:24 -------- d-----w- c:\program files\ESET
2010-03-13 22:31 . 2010-03-13 22:31 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-03-13 22:24 . 2010-03-13 22:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-03-10 19:55 . 2006-04-06 03:38 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe
2010-03-10 19:53 . 2010-03-10 19:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-03-09 10:33 . 2010-03-09 10:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-03-09 09:05 . 2010-03-09 09:05 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-05 23:58 . 2010-03-05 23:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-03-05 07:04 . 2008-04-14 08:10 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-03-05 07:04 . 2008-04-14 08:10 43904 ----a-w- c:\windows\system32\drivers\sbp2port.sys
2010-03-05 01:30 . 2010-03-15 09:46 -------- d-----w- c:\program files\VirusTotalUploader2
2010-03-05 01:17 . 2010-03-05 01:17 -------- d-----w- C:\Backreg
2010-03-05 01:06 . 2010-03-05 01:08 2 --shatr- c:\windows\winstart.bat
2010-03-05 01:05 . 2010-03-15 09:46 -------- d-----w- c:\program files\UnHackMe
2010-03-02 01:38 . 2010-03-02 01:38 -------- d-----w- c:\documents and settings\imd\Application Data\AdobeUM
2010-03-01 21:01 . 2010-03-01 21:01 -------- d-----w- c:\documents and settings\imd\Application Data\Syntrillium
2010-03-01 21:01 . 2001-10-19 22:40 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2010-03-01 21:01 . 2001-10-19 22:40 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2010-03-01 21:01 . 2001-10-19 22:39 572752 ----a-w- c:\windows\system32\wmvdmoe.dll
2010-03-01 21:01 . 2001-10-19 22:40 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
2010-03-01 20:59 . 2010-03-01 21:07 -------- d-----w- c:\program files\coolpro2
2010-03-01 08:01 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-03-01 08:01 . 2008-04-14 13:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-03-01 08:01 . 2008-04-14 08:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-03-01 08:01 . 2008-04-14 08:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-25 05:20 . 2010-02-25 05:20 -------- d-sh--w- c:\documents and settings\imd\IECompatCache
2010-02-25 05:18 . 2010-02-25 05:18 -------- d-sh--w- c:\documents and settings\imd\PrivacIE
2010-02-23 19:55 . 2010-02-23 19:55 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-22 11:38 . 2010-02-22 11:38 0 ----a-w- c:\windows\system32\cid_store.dat
2010-02-22 10:59 . 2010-03-15 09:35 -------- d-----w- c:\documents and settings\imd\Application Data\MxBoost
2010-02-22 10:55 . 2010-02-22 11:11 -------- d-----w- c:\program files\Maxthon2
2010-02-22 05:23 . 2010-02-22 05:23 -------- d-sh--w- c:\documents and settings\imd\IETldCache
2010-02-22 04:24 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-22 04:24 . 2010-02-24 11:01 -------- d-----w- c:\windows\ie8updates
2010-02-22 04:23 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-22 04:23 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-22 04:23 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-22 04:23 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-22 04:23 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-22 04:23 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-19 06:42 . 2010-02-19 06:42 -------- d-----w- c:\documents and settings\imd\Local Settings\Application Data\PCHealth
2010-02-18 22:34 . 2004-08-10 12:00 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2010-02-18 22:34 . 2004-08-10 12:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2010-02-17 21:30 . 2010-02-17 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-02-17 21:30 . 2010-02-17 23:04 -------- d-----w- c:\documents and settings\imd\Application Data\Azureus
2010-02-17 21:27 . 2010-02-17 21:27 -------- d-----w- c:\documents and settings\imd\Local Settings\Application Data\Conduit
2010-02-17 11:06 . 2010-02-17 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-02-17 10:59 . 2007-02-28 03:36 638976 ----a-w- c:\windows\system32\divx.dll
2010-02-17 10:59 . 2007-02-28 03:36 524288 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-17 10:59 . 2007-02-28 03:36 413760 ----a-w- c:\windows\system32\mpg4c32.dll
2010-02-17 10:59 . 2007-02-28 03:36 261632 ----a-w- c:\windows\system32\mcdvd_32.dll
2010-02-17 10:59 . 2007-02-28 03:36 139264 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-17 10:59 . 2010-02-17 10:59 -------- d-----w- c:\program files\AVSMedia
2010-02-17 10:57 . 2010-02-17 11:03 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-17 10:56 . 2007-02-28 02:36 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-02-17 10:56 . 2007-02-28 02:36 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-02-17 10:56 . 2010-02-17 10:58 -------- d-----w- c:\program files\AVS4YOU
2010-02-17 02:11 . 2010-03-15 09:41 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-02-17 01:09 . 2010-02-22 04:23 -------- dc-h--w- c:\windows\ie8
2010-02-17 00:59 . 2010-02-17 00:59 -------- d-----w- C:\a57235a07d47d1266b0b37003b94
2010-02-17 00:36 . 2010-02-17 00:36 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-02-17 00:36 . 2010-02-17 00:36 16 ----a-w- c:\windows\system32\asdict.dat
2010-02-17 00:36 . 2010-02-17 00:36 0 ----a-w- C:\pcwords2.dat
2010-02-17 00:36 . 2010-02-17 00:36 0 ----a-w- C:\pcwords.dat
2010-02-17 00:24 . 2010-02-17 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-02-16 21:42 . 2010-02-16 21:42 -------- d-----w- c:\documents and settings\imd\Application Data\The Shield Deluxe
2010-02-16 21:41 . 2010-03-15 09:43 -------- d-----w- c:\documents and settings\All Users\Application Data\The Shield Deluxe
2010-02-16 21:41 . 2010-02-16 21:42 -------- d-----w- c:\program files\Common Files\The Shield Deluxe
2010-02-16 21:41 . 2010-02-16 21:41 -------- d-----w- c:\program files\The Shield Deluxe
2010-02-16 21:40 . 2010-02-16 21:40 -------- d-----w- c:\program files\Common Files\BitDefender
2010-02-16 21:25 . 2010-02-16 21:25 348160 ----a-w- c:\documents and settings\imd\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1381c5b9-n\msvcr71.dll
2010-02-16 21:25 . 2010-02-16 21:25 503808 ----a-w- c:\documents and settings\imd\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1381c5b9-n\msvcp71.dll
2010-02-16 21:25 . 2010-02-16 21:25 499712 ----a-w- c:\documents and settings\imd\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1381c5b9-n\jmc.dll
2010-02-16 21:25 . 2010-02-16 21:25 61440 ----a-w- c:\documents and settings\imd\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-214311f5-n\decora-sse.dll
2010-02-16 21:25 . 2010-02-16 21:25 12800 ----a-w- c:\documents and settings\imd\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-214311f5-n\decora-d3d.dll
2010-02-16 21:25 . 2010-02-16 21:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-16 20:43 . 2010-02-16 20:43 -------- d-----w- c:\documents and settings\imd\Application Data\Apple Computer
2010-02-16 20:32 . 2010-02-16 20:32 -------- d-----w- c:\program files\Common Files\Apple
2010-02-16 20:32 . 2010-02-16 20:33 -------- d-----w- c:\program files\QuickTime
2010-02-16 20:32 . 2010-02-16 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-16 20:32 . 2010-02-16 20:32 -------- d-----w- c:\documents and settings\imd\Local Settings\Application Data\Apple
2010-02-16 20:32 . 2010-02-16 20:32 -------- d-----w- c:\program files\Apple Software Update
2010-02-16 20:32 . 2010-02-16 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-02-16 20:32 . 2010-02-16 20:32 -------- d-----w- c:\documents and settings\imd\Local Settings\Application Data\Apple Computer
2010-02-16 11:24 . 2008-04-14 13:41 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-02-16 11:24 . 2008-12-04 01:40 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2010-02-16 11:24 . 2002-11-15 06:32 55808 ----a-w- c:\windows\system32\devcon.exe
2010-02-16 11:24 . 2010-02-16 11:25 -------- d-----w- c:\program files\Driver Checker
2010-02-16 11:23 . 2006-04-06 03:38 110592 ----a-w- c:\documents and settings\imd\Application Data\U3\temp\cleanup.exe
2010-02-16 11:20 . 2003-07-01 08:00 46080 ----a-w- c:\windows\system32\escimgd.dll
2010-02-16 11:20 . 2003-07-01 08:00 29696 ----a-w- c:\windows\system32\escwiad.dll
2010-02-16 11:20 . 2003-07-01 08:00 22528 ----a-w- c:\windows\system32\esccmd.dll
2010-02-16 11:16 . 2004-05-21 13:04 79622 ----a-w- c:\windows\system32\EBPMON24.DLL
2010-02-16 11:16 . 2004-02-18 09:10 98304 ----a-w- c:\windows\system32\E_SAGSET.DLL
2010-02-16 11:16 . 2003-05-21 10:27 64000 ----a-w- c:\windows\system32\ECBTEG.DLL
2010-02-16 11:16 . 2000-06-07 09:01 34304 ----a-w- c:\windows\system32\EBPCHP.DLL
2010-02-16 11:14 . 2010-02-16 11:14 -------- d-----w- c:\program files\EPSON
2010-02-16 11:14 . 2010-02-16 11:19 -------- d-----w- C:\epson
2010-02-16 11:13 . 2008-04-14 08:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-02-16 11:13 . 2008-04-14 08:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-02-16 11:09 . 2010-03-06 00:12 -------- d-----w- c:\documents and settings\imd\Application Data\U3
2010-02-16 11:03 . 2010-02-16 11:03 -------- d-----w- c:\program files\MSXML 4.0
2010-02-16 08:56 . 2009-02-25 02:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-02-16 08:56 . 2010-02-16 08:57 -------- d-----w- c:\program files\MagicDisc
2010-02-16 08:46 . 2009-12-09 05:53 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2010-02-16 08:41 . 2010-02-16 08:41 412 ----a-w- c:\windows\system32\KB908002\InstallPlugins.bat
2010-02-16 08:41 . 2010-02-16 08:41 0 ----a-w- c:\windows\system32\KB908002\UnInstallPlugins.bat
2010-02-15 23:54 . 2010-02-15 23:54 -------- d-----w- c:\documents and settings\imd\Application Data\Sonic
2010-02-15 12:23 . 2008-04-14 08:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2010-02-15 11:34 . 2008-04-14 13:41 22528 -c--a-w- c:\windows\system32\dllcache\lpdsvc.dll
2010-02-15 11:34 . 2008-04-14 13:41 22528 ----a-w- c:\windows\system32\lpdsvc.dll
2010-02-15 11:30 . 2008-04-14 13:41 18944 -c--a-w- c:\windows\system32\dllcache\lprmon.dll
2010-02-15 11:30 . 2008-04-14 13:41 18944 ----a-w- c:\windows\system32\lprmon.dll
2010-02-15 11:30 . 2008-04-14 13:41 35328 -c--a-w- c:\windows\system32\dllcache\iprip.dll
2010-02-15 11:30 . 2008-04-14 13:41 35328 ----a-w- c:\windows\system32\iprip.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 10:03 . 2006-05-13 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-15 10:02 . 2006-05-13 23:44 -------- d-----w- c:\program files\McAfee
2010-03-15 09:53 . 2006-02-16 16:59 36240 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-13 22:29 . 2006-02-25 07:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-13 22:18 . 2006-05-13 23:30 -------- d-----w- c:\program files\America Online 9.0
2010-02-16 21:24 . 2006-02-16 09:28 -------- d-----w- c:\program files\Java
2010-02-16 20:28 . 2006-02-16 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-02-16 11:57 . 2010-02-16 11:57 -------- d-----w- c:\program files\MSBuild
2010-02-16 11:57 . 2010-02-16 11:57 -------- d-----w- c:\program files\Reference Assemblies
2010-02-16 11:26 . 2010-02-16 11:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-02-16 11:26 . 2010-02-16 11:26 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-02-16 08:41 . 2010-02-16 08:39 -------- d-----w- c:\program files\Smith Micro
2010-02-16 08:41 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-16 08:40 . 2010-02-15 09:15 -------- d-----w- c:\documents and settings\imd\Application Data\McAfee.com Personal Firewall
2010-02-16 08:40 . 2010-02-16 08:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Smith Micro
2010-02-15 12:33 . 2006-02-15 15:37 87931 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-15 09:13 . 2006-02-15 16:18 -------- d-----w- c:\program files\Intel
2010-02-15 09:13 . 2010-02-15 09:15 -------- d-----w- c:\documents and settings\imd\Application Data\Intel
2010-02-15 09:04 . 2006-02-16 09:25 -------- d-----w- c:\program files\InterVideo
2010-01-06 01:04 . 2010-01-06 01:04 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-12-31 16:50 . 2006-02-15 14:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-02-15 14:04 916480 ----a-w- c:\windows\system32\wininet.dll
2009-09-14 06:10 . 2010-02-17 00:26 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Google Update"="c:\documents and settings\imd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-15 135664]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"EPSON Stylus Photo RX500"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" [2003-06-02 99840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Auto EPSON Stylus Photo RX500 on EMPRESS"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" [2003-06-02 99840]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147563008\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/15/2010 3:02 AM 203280]
S2 0093411268647079mcinstcleanup;McAfee Application Installer Cleanup (0093411268647079);c:\docume~1\imd\LOCALS~1\Temp\009341~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\imd\LOCALS~1\Temp\009341~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0093411268647079MCINSTCLEANUP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119506194-70046555-1172815383-1005Core.job
- c:\documents and settings\imd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-15 10:54]

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119506194-70046555-1172815383-1005UA.job
- c:\documents and settings\imd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-15 10:54]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119506194-70046555-1172815383-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-13 22:23]

2010-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-15 19:22]

2010-03-15 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-15 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\imd\Application Data\Mozilla\Firefox\Profiles\0lyv8n1i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\imd\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
URLSearchHooks-~ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
URLSearchHooks-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
HKCU-Run-CyberDefender Registry Cleaner - c:\program files\CyberDefender\Registry Cleaner\CDregclean.exe
HKCU-Run-CyberDefender Early Detection Center - c:\program files\CyberDefender\AntiSpyware\cdasac.exe
HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 13:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3428)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\eHome\ehRec.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Smith Micro\StuffIt 2010\ArcNameService.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\ehome\mcrdsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TDispVol.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\AGRSMMSG.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\TPSMain.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-16 13:27:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-16 20:27

Pre-Run: 73,620,934,656 bytes free
Post-Run: 73,623,994,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - E59BC3A6B5E3A104A5D6C76A9930F30D


#9 mrimd

mrimd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego, Ca
  • Local time:02:15 AM

Posted 16 March 2010 - 03:46 PM

still sluggish, and slow to load/minimize pages/graphics and programs.

#10 mrimd

mrimd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego, Ca
  • Local time:02:15 AM

Posted 16 March 2010 - 04:03 PM

now when i restated and tried to run my mcafee antivirus, it locked up and froze so that i could not open any program at all.

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 AM

Posted 16 March 2010 - 09:33 PM

Hello, mrimd.
Do you still have two antiviruses installed?

QUOTE
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: The Shield Deluxe Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}


It could be an imcomplete uninstallation. Having two antiviruses can cause the sluggishness and system issues.

You did have a backdoor:


One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.



Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
File::
c:\windows\winstart.bat
c:\windows\system32\rezumatenoi.dat
c:\windows\system32\aspdict-en.dat
c:\windows\system32\asdict.dat
C:\pcwords2.dat
C:\pcwords.dat
Folder::
C:\a57235a07d47d1266b0b37003b94


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 mrimd

mrimd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego, Ca
  • Local time:02:15 AM

Posted 17 March 2010 - 03:48 AM

Lets try and fix it.



ComboFix 10-03-16.01 - imd 03/17/2010 1:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2571 [GMT -7:00]
Running from: c:\documents and settings\imd\My Documents\Downloads\mrimdCF.exe.exe
Command switches used :: c:\documents and settings\imd\My Documents\Downloads\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: The Shield Deluxe Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"C:\pcwords.dat"
"C:\pcwords2.dat"
"c:\windows\system32\asdict.dat"
"c:\windows\system32\aspdict-en.dat"
"c:\windows\system32\rezumatenoi.dat"
"c:\windows\winstart.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\a57235a07d47d1266b0b37003b94
c:\a57235a07d47d1266b0b37003b94\$shtdwn$.req
c:\a57235a07d47d1266b0b37003b94\admparse.dll
c:\a57235a07d47d1266b0b37003b94\admparse.dll.mui
c:\a57235a07d47d1266b0b37003b94\advpack.dll
c:\a57235a07d47d1266b0b37003b94\advpack.dll.mui
c:\a57235a07d47d1266b0b37003b94\browseui.dll
c:\a57235a07d47d1266b0b37003b94\corpol.dll
c:\a57235a07d47d1266b0b37003b94\dxtmsft.dll
c:\a57235a07d47d1266b0b37003b94\dxtrans.dll
c:\a57235a07d47d1266b0b37003b94\extexport.exe
c:\a57235a07d47d1266b0b37003b94\feeddisc.wav
c:\a57235a07d47d1266b0b37003b94\hmmapi.dll
c:\a57235a07d47d1266b0b37003b94\hmmapi.dll.mui
c:\a57235a07d47d1266b0b37003b94\html.iec
c:\a57235a07d47d1266b0b37003b94\html.iec.mui
c:\a57235a07d47d1266b0b37003b94\icardie.dll
c:\a57235a07d47d1266b0b37003b94\icardie.dll.mui
c:\a57235a07d47d1266b0b37003b94\icrav03.rat
c:\a57235a07d47d1266b0b37003b94\ie4uinit.exe
c:\a57235a07d47d1266b0b37003b94\ie4uinit.exe.mui
c:\a57235a07d47d1266b0b37003b94\ie8props.propdesc
c:\a57235a07d47d1266b0b37003b94\ieakeng.dll
c:\a57235a07d47d1266b0b37003b94\ieakeng.dll.mui
c:\a57235a07d47d1266b0b37003b94\ieakmmc.chm
c:\a57235a07d47d1266b0b37003b94\ieaksie.dll
c:\a57235a07d47d1266b0b37003b94\ieaksie.dll.mui
c:\a57235a07d47d1266b0b37003b94\ieakui.dll
c:\a57235a07d47d1266b0b37003b94\ieakui.dll.mui
c:\a57235a07d47d1266b0b37003b94\ieapfltr.dat
c:\a57235a07d47d1266b0b37003b94\ieapfltr.dll
c:\a57235a07d47d1266b0b37003b94\iecompat.dll
c:\a57235a07d47d1266b0b37003b94\iedkcs32.dll
c:\a57235a07d47d1266b0b37003b94\iedkcs32.dll.mui
c:\a57235a07d47d1266b0b37003b94\iedvtool.dll
c:\a57235a07d47d1266b0b37003b94\iedvtool.dll.mui
c:\a57235a07d47d1266b0b37003b94\ieeula.chm
c:\a57235a07d47d1266b0b37003b94\ieframe.dll
c:\a57235a07d47d1266b0b37003b94\ieframe.dll.mui
c:\a57235a07d47d1266b0b37003b94\iepeers.dll
c:\a57235a07d47d1266b0b37003b94\iepeers.dll.mui
c:\a57235a07d47d1266b0b37003b94\ieproxy.dll
c:\a57235a07d47d1266b0b37003b94\iernonce.dll
c:\a57235a07d47d1266b0b37003b94\iernonce.dll.mui
c:\a57235a07d47d1266b0b37003b94\iertutil.dll
c:\a57235a07d47d1266b0b37003b94\iertutil.dll.mui
c:\a57235a07d47d1266b0b37003b94\iesetup.dll
c:\a57235a07d47d1266b0b37003b94\iesetup.dll.mui
c:\a57235a07d47d1266b0b37003b94\iesupp.chm
c:\a57235a07d47d1266b0b37003b94\ieudinit.exe
c:\a57235a07d47d1266b0b37003b94\ieudinit.exe.mui
c:\a57235a07d47d1266b0b37003b94\ieui.dll
c:\a57235a07d47d1266b0b37003b94\ieui.dll.mui
c:\a57235a07d47d1266b0b37003b94\ieuinit.inf
c:\a57235a07d47d1266b0b37003b94\iexplore.chm
c:\a57235a07d47d1266b0b37003b94\iexplore.exe
c:\a57235a07d47d1266b0b37003b94\iexplore.exe.mui
c:\a57235a07d47d1266b0b37003b94\imgutil.dll
c:\a57235a07d47d1266b0b37003b94\inetcorp.iem
c:\a57235a07d47d1266b0b37003b94\inetcpl.cpl
c:\a57235a07d47d1266b0b37003b94\inetcpl.cpl.mui
c:\a57235a07d47d1266b0b37003b94\inetres.adm
c:\a57235a07d47d1266b0b37003b94\inetset.iem
c:\a57235a07d47d1266b0b37003b94\infobar.wav
c:\a57235a07d47d1266b0b37003b94\inseng.dll
c:\a57235a07d47d1266b0b37003b94\inseng.dll.mui
c:\a57235a07d47d1266b0b37003b94\install.ins
c:\a57235a07d47d1266b0b37003b94\jscript.dll
c:\a57235a07d47d1266b0b37003b94\jscript.dll.mui
c:\a57235a07d47d1266b0b37003b94\jsdbgui.dll
c:\a57235a07d47d1266b0b37003b94\jsdbgui.dll.mui
c:\a57235a07d47d1266b0b37003b94\jsdebuggeride.dll
c:\a57235a07d47d1266b0b37003b94\jsdebuggeride.dll.mui
c:\a57235a07d47d1266b0b37003b94\jsprofilercore.dll
c:\a57235a07d47d1266b0b37003b94\jsprofilercore.dll.mui
c:\a57235a07d47d1266b0b37003b94\jsprofilerui.dll
c:\a57235a07d47d1266b0b37003b94\jsprofilerui.dll.mui
c:\a57235a07d47d1266b0b37003b94\jsproxy.dll
c:\a57235a07d47d1266b0b37003b94\licmgr10.dll
c:\a57235a07d47d1266b0b37003b94\licmgr10.dll.mui
c:\a57235a07d47d1266b0b37003b94\msdbg2.dll
c:\a57235a07d47d1266b0b37003b94\msfeeds.dll
c:\a57235a07d47d1266b0b37003b94\msfeeds.mof
c:\a57235a07d47d1266b0b37003b94\msfeedsbs.dll
c:\a57235a07d47d1266b0b37003b94\msfeedsbs.dll.mui
c:\a57235a07d47d1266b0b37003b94\msfeedsbs.mof
c:\a57235a07d47d1266b0b37003b94\msfeedssync.exe
c:\a57235a07d47d1266b0b37003b94\mshta.exe
c:\a57235a07d47d1266b0b37003b94\mshta.exe.mui
c:\a57235a07d47d1266b0b37003b94\mshtml.dll
c:\a57235a07d47d1266b0b37003b94\mshtml.dll.mui
c:\a57235a07d47d1266b0b37003b94\mshtml.tlb
c:\a57235a07d47d1266b0b37003b94\mshtmled.dll
c:\a57235a07d47d1266b0b37003b94\mshtmler.dll
c:\a57235a07d47d1266b0b37003b94\mshtmler.dll.mui
c:\a57235a07d47d1266b0b37003b94\msls31.dll
c:\a57235a07d47d1266b0b37003b94\msrating.dll
c:\a57235a07d47d1266b0b37003b94\msrating.dll.mui
c:\a57235a07d47d1266b0b37003b94\mstime.dll
c:\a57235a07d47d1266b0b37003b94\navstart.wav
c:\a57235a07d47d1266b0b37003b94\occache.dll
c:\a57235a07d47d1266b0b37003b94\occache.dll.mui
c:\a57235a07d47d1266b0b37003b94\occache.ini
c:\a57235a07d47d1266b0b37003b94\pdm.dll
c:\a57235a07d47d1266b0b37003b94\pngfilt.dll
c:\a57235a07d47d1266b0b37003b94\popupblk.wav
c:\a57235a07d47d1266b0b37003b94\shdocvw.dll
c:\a57235a07d47d1266b0b37003b94\shlwapi.dll
c:\a57235a07d47d1266b0b37003b94\spmsg.dll
c:\a57235a07d47d1266b0b37003b94\spuninst.exe
c:\a57235a07d47d1266b0b37003b94\spupdsvc.exe
c:\a57235a07d47d1266b0b37003b94\sqmapi.dll
c:\a57235a07d47d1266b0b37003b94\support\idndl.dll
c:\a57235a07d47d1266b0b37003b94\support\nlsdl.dll
c:\a57235a07d47d1266b0b37003b94\support\normaliz.dll
c:\a57235a07d47d1266b0b37003b94\support\normidna.nls
c:\a57235a07d47d1266b0b37003b94\support\normnfc.nls
c:\a57235a07d47d1266b0b37003b94\support\normnfd.nls
c:\a57235a07d47d1266b0b37003b94\support\normnfkc.nls
c:\a57235a07d47d1266b0b37003b94\support\normnfkd.nls
c:\a57235a07d47d1266b0b37003b94\support\xmllite.dll
c:\a57235a07d47d1266b0b37003b94\tdc.ocx
c:\a57235a07d47d1266b0b37003b94\ticrf.rat
c:\a57235a07d47d1266b0b37003b94\update\eula.rtf
c:\a57235a07d47d1266b0b37003b94\update\ie8.cat
c:\a57235a07d47d1266b0b37003b94\update\iecustom.dll
c:\a57235a07d47d1266b0b37003b94\update\iesetup.exe
c:\a57235a07d47d1266b0b37003b94\update\sqmapi.dll
c:\a57235a07d47d1266b0b37003b94\update\update.exe
c:\a57235a07d47d1266b0b37003b94\update\update.exe.manifest
c:\a57235a07d47d1266b0b37003b94\update\update.inf
c:\a57235a07d47d1266b0b37003b94\update\update.ver
c:\a57235a07d47d1266b0b37003b94\update\updspapi.dll
c:\a57235a07d47d1266b0b37003b94\url.dll
c:\a57235a07d47d1266b0b37003b94\urlmon.dll
c:\a57235a07d47d1266b0b37003b94\urlmon.dll.mui
c:\a57235a07d47d1266b0b37003b94\vbscript.dll
c:\a57235a07d47d1266b0b37003b94\vbscript.dll.mui
c:\a57235a07d47d1266b0b37003b94\vgx.dll
c:\a57235a07d47d1266b0b37003b94\webcheck.dll
c:\a57235a07d47d1266b0b37003b94\webcheck.dll.mui
c:\a57235a07d47d1266b0b37003b94\webcheck.ini
c:\a57235a07d47d1266b0b37003b94\winfxdocobj.exe
c:\a57235a07d47d1266b0b37003b94\winfxdocobj.exe.mui
c:\a57235a07d47d1266b0b37003b94\wininet.dll
c:\a57235a07d47d1266b0b37003b94\wininet.dll.mui
c:\a57235a07d47d1266b0b37003b94\xpshims.dll
C:\pcwords.dat
C:\pcwords2.dat
c:\windows\system32\asdict.dat
c:\windows\system32\aspdict-en.dat
c:\windows\system32\rezumatenoi.dat
c:\windows\winstart.bat

.
((((((((((((((((((((((((( Files Created from 2010-02-17 to 2010-03-17 )))))))))))))))))))))))))))))))
.

2010-03-16 19:58 . 2010-03-16 19:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-03-15 10:02 . 2010-03-15 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2010-03-15 09:58 . 2009-11-11 18:14 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-03-15 09:58 . 2009-11-11 18:14 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-03-15 09:58 . 2009-11-11 18:14 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-03-15 09:58 . 2009-07-16 19:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-03-15 09:57 . 2010-03-15 09:58 -------- d-----w- c:\program files\Common Files\McAfee
2010-03-15 09:57 . 2010-03-15 09:57 -------- d-----w- c:\program files\McAfee.com
2010-03-15 09:54 . 2009-11-11 18:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-03-14 23:52 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-14 21:24 . 2010-03-14 21:24 -------- d-----w- c:\program files\ESET
2010-03-13 22:31 . 2010-03-13 22:31 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-03-13 22:24 . 2010-03-13 22:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-03-10 19:55 . 2006-04-06 03:38 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe
2010-03-10 19:53 . 2010-03-10 19:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-03-09 10:33 . 2010-03-09 10:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-03-09 09:05 . 2010-03-09 09:05 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-05 23:58 . 2010-03-05 23:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-03-05 07:04 . 2008-04-14 08:10 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-03-05 07:04 . 2008-04-14 08:10 43904 ----a-w- c:\windows\system32\drivers\sbp2port.sys
2010-03-05 01:30 . 2010-03-15 09:46 -------- d-----w- c:\program files\VirusTotalUploader2
2010-03-05 01:17 . 2010-03-05 01:17 -------- d-----w- C:\Backreg
2010-03-05 01:05 . 2010-03-15 09:46 -------- d-----w- c:\program files\UnHackMe
2010-03-02 01:38 . 2010-03-02 01:38 -------- d-----w- c:\documents and settings\imd\Application Data\AdobeUM
2010-03-01 21:01 . 2010-03-01 21:01 -------- d-----w- c:\documents and settings\imd\Application Data\Syntrillium
2010-03-01 21:01 . 2001-10-19 22:40 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2010-03-01 21:01 . 2001-10-19 22:40 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2010-03-01 21:01 . 2001-10-19 22:39 572752 ----a-w- c:\windows\system32\wmvdmoe.dll
2010-03-01 21:01 . 2001-10-19 22:40 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
2010-03-01 20:59 . 2010-03-01 21:07 -------- d-----w- c:\program files\coolpro2
2010-03-01 08:01 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-03-01 08:01 . 2008-04-14 13:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-03-01 08:01 . 2008-04-14 08:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-03-01 08:01 . 2008-04-14 08:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-25 05:20 . 2010-02-25 05:20 -------- d-sh--w- c:\documents and settings\imd\IECompatCache
2010-02-25 05:18 . 2010-02-25 05:18 -------- d-sh--w- c:\documents and settings\imd\PrivacIE
2010-02-23 19:55 . 2010-02-23 19:55 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-22 11:38 . 2010-02-22 11:38 0 ----a-w- c:\windows\system32\cid_store.dat
2010-02-22 10:59 . 2010-03-15 09:35 -------- d-----w- c:\documents and settings\imd\Application Data\MxBoost
2010-02-22 10:55 . 2010-02-22 11:11 -------- d-----w- c:\program files\Maxthon2
2010-02-22 05:23 . 2010-02-22 05:23 -------- d-sh--w- c:\documents and settings\imd\IETldCache
2010-02-22 04:24 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-22 04:24 . 2010-02-24 11:01 -------- d-----w- c:\windows\ie8updates
2010-02-22 04:23 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-22 04:23 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-22 04:23 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-22 04:23 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-22 04:23 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-22 04:23 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-19 06:42 . 2010-02-19 06:42 -------- d-----w- c:\documents and settings\imd\Local Settings\Application Data\PCHealth
2010-02-18 22:34 . 2004-08-10 12:00 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2010-02-18 22:34 . 2004-08-10 12:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2010-02-17 21:30 . 2010-02-17 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-02-17 21:30 . 2010-02-17 23:04 -------- d-----w- c:\documents and settings\imd\Application Data\Azureus
2010-02-17 21:27 . 2010-02-17 21:27 -------- d-----w- c:\documents and settings\imd\Local Settings\Application Data\Conduit
2010-02-17 11:06 . 2010-02-17 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-02-17 10:59 . 2007-02-28 03:36 638976 ----a-w- c:\windows\system32\divx.dll
2010-02-17 10:59 . 2007-02-28 03:36 524288 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-17 10:59 . 2007-02-28 03:36 413760 ----a-w- c:\windows\system32\mpg4c32.dll
2010-02-17 10:59 . 2007-02-28 03:36 261632 ----a-w- c:\windows\system32\mcdvd_32.dll
2010-02-17 10:59 . 2007-02-28 03:36 139264 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-17 10:59 . 2010-02-17 10:59 -------- d-----w- c:\program files\AVSMedia
2010-02-17 10:57 . 2010-02-17 11:03 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-17 10:56 . 2007-02-28 02:36 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-02-17 10:56 . 2007-02-28 02:36 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-02-17 10:56 . 2010-02-17 10:58 -------- d-----w- c:\program files\AVS4YOU
2010-02-17 01:09 . 2010-02-22 04:23 -------- dc-h--w- c:\windows\ie8
2010-02-17 00:24 . 2010-02-17 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-02-16 21:42 . 2010-02-16 21:42 -------- d-----w- c:\documents and settings\imd\Application Data\The Shield Deluxe
2010-02-16 21:41 . 2010-03-15 09:43 -------- d-----w- c:\documents and settings\All Users\Application Data\The Shield Deluxe
2010-02-16 21:41 . 2010-02-16 21:42 -------- d-----w- c:\program files\Common Files\The Shield Deluxe
2010-02-16 21:41 . 2010-02-16 21:41 -------- d-----w- c:\program files\The Shield Deluxe
2010-02-16 21:40 . 2010-02-16 21:40 -------- d-----w- c:\program files\Common Files\BitDefender
2010-02-16 21:25 . 2010-02-16 21:25 348160 ----a-w- c:\documents and settings\imd\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1381c5b9-n\msvcr71.dll
2010-02-16 21:25 . 2010-02-16 21:25 503808 ----a-w- c:\documents and settings\imd\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1381c5b9-n\msvcp71.dll
2010-02-16 21:25 . 2010-02-16 21:25 499712 ----a-w- c:\documents and settings\imd\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1381c5b9-n\jmc.dll
2010-02-16 21:25 . 2010-02-16 21:25 61440 ----a-w- c:\documents and settings\imd\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-214311f5-n\decora-sse.dll
2010-02-16 21:25 . 2010-02-16 21:25 12800 ----a-w- c:\documents and settings\imd\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-214311f5-n\decora-d3d.dll
2010-02-16 21:25 . 2010-02-16 21:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-16 20:43 . 2010-02-16 20:43 -------- d-----w- c:\documents and settings\imd\Application Data\Apple Computer
2010-02-16 20:32 . 2010-02-16 20:32 -------- d-----w- c:\program files\Common Files\Apple
2010-02-16 20:32 . 2010-02-16 20:33 -------- d-----w- c:\program files\QuickTime
2010-02-16 20:32 . 2010-02-16 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-16 20:32 . 2010-02-16 20:32 -------- d-----w- c:\documents and settings\imd\Local Settings\Application Data\Apple
2010-02-16 20:32 . 2010-02-16 20:32 -------- d-----w- c:\program files\Apple Software Update
2010-02-16 20:32 . 2010-02-16 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-02-16 20:32 . 2010-02-16 20:32 -------- d-----w- c:\documents and settings\imd\Local Settings\Application Data\Apple Computer
2010-02-16 11:24 . 2008-04-14 13:41 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-02-16 11:24 . 2008-12-04 01:40 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2010-02-16 11:24 . 2002-11-15 06:32 55808 ----a-w- c:\windows\system32\devcon.exe
2010-02-16 11:24 . 2010-02-16 11:25 -------- d-----w- c:\program files\Driver Checker
2010-02-16 11:23 . 2006-04-06 03:38 110592 ----a-w- c:\documents and settings\imd\Application Data\U3\temp\cleanup.exe
2010-02-16 11:20 . 2003-07-01 08:00 46080 ----a-w- c:\windows\system32\escimgd.dll
2010-02-16 11:20 . 2003-07-01 08:00 29696 ----a-w- c:\windows\system32\escwiad.dll
2010-02-16 11:20 . 2003-07-01 08:00 22528 ----a-w- c:\windows\system32\esccmd.dll
2010-02-16 11:16 . 2004-05-21 13:04 79622 ----a-w- c:\windows\system32\EBPMON24.DLL
2010-02-16 11:16 . 2004-02-18 09:10 98304 ----a-w- c:\windows\system32\E_SAGSET.DLL
2010-02-16 11:16 . 2003-05-21 10:27 64000 ----a-w- c:\windows\system32\ECBTEG.DLL
2010-02-16 11:16 . 2000-06-07 09:01 34304 ----a-w- c:\windows\system32\EBPCHP.DLL
2010-02-16 11:14 . 2010-02-16 11:14 -------- d-----w- c:\program files\EPSON
2010-02-16 11:14 . 2010-02-16 11:19 -------- d-----w- C:\epson
2010-02-16 11:13 . 2008-04-14 08:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-02-16 11:13 . 2008-04-14 08:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-02-16 11:09 . 2010-03-06 00:12 -------- d-----w- c:\documents and settings\imd\Application Data\U3
2010-02-16 11:03 . 2010-02-16 11:03 -------- d-----w- c:\program files\MSXML 4.0
2010-02-16 08:56 . 2009-02-25 02:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-02-16 08:56 . 2010-02-16 08:57 -------- d-----w- c:\program files\MagicDisc
2010-02-16 08:46 . 2009-12-09 05:53 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2010-02-16 08:41 . 2010-02-16 08:41 412 ----a-w- c:\windows\system32\KB908002\InstallPlugins.bat
2010-02-16 08:41 . 2010-02-16 08:41 0 ----a-w- c:\windows\system32\KB908002\UnInstallPlugins.bat
2010-02-15 23:54 . 2010-02-15 23:54 -------- d-----w- c:\documents and settings\imd\Application Data\Sonic
2010-02-15 12:23 . 2008-04-14 08:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2010-02-15 11:34 . 2008-04-14 13:41 22528 -c--a-w- c:\windows\system32\dllcache\lpdsvc.dll
2010-02-15 11:34 . 2008-04-14 13:41 22528 ----a-w- c:\windows\system32\lpdsvc.dll
2010-02-15 11:30 . 2008-04-14 13:41 18944 -c--a-w- c:\windows\system32\dllcache\lprmon.dll
2010-02-15 11:30 . 2008-04-14 13:41 18944 ----a-w- c:\windows\system32\lprmon.dll
2010-02-15 11:30 . 2008-04-14 13:41 35328 -c--a-w- c:\windows\system32\dllcache\iprip.dll
2010-02-15 11:30 . 2008-04-14 13:41 35328 ------w- c:\windows\system32\iprip.dll
2010-02-15 11:29 . 2010-02-15 12:31 -------- d-----w- c:\windows\ServicePackFiles
2010-02-15 11:21 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-15 11:20 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-02-15 11:20 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-15 11:18 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-02-15 11:18 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-02-15 11:18 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 10:03 . 2006-05-13 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-15 10:02 . 2006-05-13 23:44 -------- d-----w- c:\program files\McAfee
2010-03-15 09:53 . 2006-02-16 16:59 36240 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-13 22:29 . 2006-02-25 07:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-13 22:18 . 2006-05-13 23:30 -------- d-----w- c:\program files\America Online 9.0
2010-02-16 21:24 . 2006-02-16 09:28 -------- d-----w- c:\program files\Java
2010-02-16 20:28 . 2006-02-16 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-02-16 11:57 . 2010-02-16 11:57 -------- d-----w- c:\program files\MSBuild
2010-02-16 11:57 . 2010-02-16 11:57 -------- d-----w- c:\program files\Reference Assemblies
2010-02-16 11:26 . 2010-02-16 11:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-02-16 11:26 . 2010-02-16 11:26 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-02-16 08:41 . 2010-02-16 08:39 -------- d-----w- c:\program files\Smith Micro
2010-02-16 08:41 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-16 08:40 . 2010-02-15 09:15 -------- d-----w- c:\documents and settings\imd\Application Data\McAfee.com Personal Firewall
2010-02-16 08:40 . 2010-02-16 08:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Smith Micro
2010-02-15 12:33 . 2006-02-15 15:37 87931 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-15 09:13 . 2006-02-15 16:18 -------- d-----w- c:\program files\Intel
2010-02-15 09:13 . 2010-02-15 09:15 -------- d-----w- c:\documents and settings\imd\Application Data\Intel
2010-02-15 09:04 . 2006-02-16 09:25 -------- d-----w- c:\program files\InterVideo
2010-01-06 01:04 . 2010-01-06 01:04 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-12-31 16:50 . 2006-02-15 14:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-02-15 14:04 916480 ------w- c:\windows\system32\wininet.dll
2009-09-14 06:10 . 2010-02-17 00:26 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Google Update"="c:\documents and settings\imd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-15 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"EPSON Stylus Photo RX500"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" [2003-06-02 99840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Auto EPSON Stylus Photo RX500 on EMPRESS"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" [2003-06-02 99840]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147563008\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/15/2010 3:02 AM 203280]
S2 0093411268647079mcinstcleanup;McAfee Application Installer Cleanup (0093411268647079);c:\docume~1\imd\LOCALS~1\Temp\009341~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\imd\LOCALS~1\Temp\009341~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119506194-70046555-1172815383-1005Core.job
- c:\documents and settings\imd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-15 10:54]

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119506194-70046555-1172815383-1005UA.job
- c:\documents and settings\imd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-15 10:54]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119506194-70046555-1172815383-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-13 22:23]

2010-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-15 19:22]

2010-03-15 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-15 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\imd\Application Data\Mozilla\Firefox\Profiles\0lyv8n1i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\imd\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-17 01:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-03-17 01:43:38
ComboFix-quarantined-files.txt 2010-03-17 08:43
ComboFix2.txt 2010-03-16 20:27

Pre-Run: 73,635,041,280 bytes free
Post-Run: 73,559,351,296 bytes free

- - End Of File - - 8680A0F6B98F955E10809851760DF8E6


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 AM

Posted 17 March 2010 - 06:16 PM

Hello, mrimd.
Ok, on we go. how is it running now?



Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Step 2

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 mrimd

mrimd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego, Ca
  • Local time:02:15 AM

Posted 18 March 2010 - 02:57 AM

Ok I ran the free scan tool, and it took nearly all day but found no threats, so was no text file to export.

What now?

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 AM

Posted 18 March 2010 - 05:38 PM

Hello, mrimd.

How is your computer running now?

Other than that, let's close a few security holes.



Step 1

You are using and outdated version of Adobe Reader. Adobe has since been updated and the update closes many security holes and provides new features.

First, uninstall earlier versions of Adobe Reader.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all versions of Adobe Reader.
  • Check (highlight) any item with Adobe Reader in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Adobe Reader version.

Please download the latest version from:
http://get.adobe.com/reader/

And install it. Once installed, launch it, select Help --> Check for Updates and install any updates.


You may also try the free Foxit PDF reader if you prefer:
http://www.foxitsoftware.com/pdf/reader/



Step 2

You appear to have up to date Java 1.6 Update 18, but I noticed an older version still on your computer.

Please go to the Control Panel, then Add Remove Programs and uninstall:
Remove J2SE Runtime Environment 5.0 Update 4



Step 3

In your response, please reboot your comptuer after Step 2 if you haven't already, then post an updated DDS log and let me know how everything is running now.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users