Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help - Trojan SHeur

Started by Coba , May 13 2009 12:14 AM

  • Please log in to reply

#1
Coba
Posted 13 May 2009 - 12:14 AM

Coba

    Member

  • Member
  • PipPip
  • 27 posts
Hi,

My AVG just gave me a warning that my computer was infected by Trojan SHeur.

I run the Malwarebytes and the scan result:

Malwarebytes' Anti-Malware 1.36
Database version: 2120
Windows 5.1.2600 Service Pack 2

5/12/2009 10:56:07 PM
mbam-log-2009-05-12 (22-56-07).txt

Scan type: Quick Scan
Objects scanned: 76830
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\pavuppad.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\pavuppad.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pavuppad.exe (Trojan.Agent) -> Delete on reboot.



I tried to run the rooter, but it gave me an error (something related to inseritng CD).

The results of the scan from the OTList2:

OTListIt logfile created on: 5/12/2009 11:04:19 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\Arka\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.23 Mb Total Physical Memory | 168.39 Mb Available Physical Memory | 32.94% Memory free
1.22 Gb Paging File | 0.91 Gb Available in Paging File | 74.56% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 1.58 Gb Free Space | 5.39% Space Free | Partition Type: NTFS
Drive D: | 45.23 Gb Total Space | 3.13 Gb Free Space | 6.93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PENTIUM4
Current User Name: Arka
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\runservice.exe ()
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dumprep.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dumprep.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Arka\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LicCtrlService [Auto | Running]) -- C:\WINDOWS\runservice.exe ()
SRV - (matlabserver [On_Demand | Stopped]) -- C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe ()
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (MioNet [Auto | Stopped]) -- C:\Program Files\MioNet\MioNetManager.exe ()
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (SoundMAX Agent Service (default) [Auto | Running]) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (dtscsi [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\dtscsi.sys ()
DRV - (fsbts [Boot | Running]) -- C:\WINDOWS\system32\Drivers\fsbts.sys ()
DRV - (hamachi [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys (Applied Networking Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (MidiSyn [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\yukonwxp.sys (Marvell Semiconductor Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (48 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 microsoft
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...AB?38205.908125 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/07/29 17:54:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ad66d013-af5c-11dd-9fd2-00112f0e67ae}\Shell\AutoRun\command - "" = G:\Install FreeAgent Tools.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/05/12 22:58:19 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/12 22:49:12 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Arka\Desktop\OTListIt2.exe
[2009/05/12 21:08:08 | 41,618,398 | ---- | C] () -- C:\Documents and Settings\Arka\Desktop\Hiroyuki_Utatane,_Countdown_Sex_Bombs_(www.hentairules.net)_(English,_HQ_re-scan).zip
[2009/05/10 14:33:31 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Arka\Desktop\µTorrent.lnk
[2009/05/10 14:33:29 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/05/10 11:55:18 | 00,000,000 | ---D | C] -- C:\Program Files\BitTornado
[2009/05/10 10:06:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Arka\Application Data\uTorrent
[2009/05/08 19:20:30 | 00,167,640 | ---- | C] () -- C:\Documents and Settings\Arka\My Documents\Koylu (1994).pdf
[2009/05/08 10:45:05 | 03,371,136 | ---- | C] () -- C:\Documents and Settings\Arka\Desktop\Naruto_-_Kanashimi_wo_Yasashisa_ni.mp3
[2009/05/06 19:56:25 | 00,078,028 | ---- | C] () -- C:\Documents and Settings\Arka\Desktop\Chapter 8.pdf
[2009/05/02 19:28:30 | 00,128,774 | ---- | C] () -- C:\Documents and Settings\Arka\My Documents\Soot Vaporation in LII.pdf
[2009/05/02 19:28:16 | 00,687,430 | ---- | C] () -- C:\Documents and Settings\Arka\My Documents\AO_published_Chakrabarty_2007.pdf
[2009/04/30 08:35:39 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2009/04/29 22:40:08 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Arka\Desktop\~$0363-01_P.doc
[2009/04/29 17:59:37 | 00,335,228 | ---- | C] () -- C:\Documents and Settings\Arka\My Documents\Kataura-Synth-Met-103-2555.pdf
[2009/04/29 17:45:16 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Arka\Desktop\Menu_May_2009.xls
[2009/04/28 06:29:07 | 00,101,708 | ---- | C] () -- C:\Documents and Settings\Arka\My Documents\Lorentz-Drude Dispersion Model.pdf
[2009/04/26 17:07:58 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\bookls
[2009/04/24 21:10:58 | 00,313,979 | ---- | C] () -- C:\Documents and Settings\Arka\My Documents\Coating effect on optical properties.pdf
[2009/04/24 20:59:24 | 01,032,564 | ---- | C] () -- C:\Documents and Settings\Arka\My Documents\Berg_Sorensen.pdf
[2009/04/24 20:12:21 | 00,157,488 | ---- | C] () -- C:\Documents and Settings\Arka\My Documents\Inversion method.pdf
[2009/04/24 20:11:41 | 00,517,779 | ---- | C] () -- C:\Documents and Settings\Arka\My Documents\History of m =1.56+0.57i.pdf
[2009/04/24 13:32:46 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Arka\My Documents\Comment-SR.doc
[2009/04/24 12:07:33 | 01,094,606 | ---- | C] () -- C:\Documents and Settings\Arka\My Documents\Sorensen (2001).pdf
[2009/04/23 00:32:21 | 00,167,625 | ---- | C] () -- C:\Documents and Settings\Arka\My Documents\Faeth-Turbulent Soot.pdf
[2009/04/22 12:29:01 | 00,129,060 | ---- | C] () -- C:\Documents and Settings\Arka\My Documents\Bouzezar et al 2 (2001).pdf
[2009/04/22 12:28:24 | 00,478,160 | ---- | C] () -- C:\Documents and Settings\Arka\My Documents\Bouzezar et al (2001).pdf
[2009/04/22 10:18:31 | 00,760,610 | ---- | C] () -- C:\Documents and Settings\Arka\My Documents\Minutolo et al (1998) - Tauc law.pdf
[2009/04/22 10:13:58 | 03,106,691 | ---- | C] () -- C:\Documents and Settings\Arka\My Documents\Diamond-like carbon.pdf
[2009/04/21 23:29:31 | 01,265,229 | ---- | C] () -- C:\Documents and Settings\Arka\My Documents\Optical Properties of Propane Soot.pdf
[2009/04/21 23:29:25 | 00,119,380 | ---- | C] () -- C:\Documents and Settings\Arka\My Documents\Bond GRL 2001GL013652.pdf
[2009/04/15 13:39:45 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 13:39:45 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 13:39:45 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 13:39:45 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 13:39:45 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/04/15 13:39:44 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 13:39:05 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/03/25 16:56:35 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2008/07/24 04:49:19 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/04/14 01:29:25 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/04/14 01:29:25 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/26 18:33:07 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/28 00:43:02 | 00,000,049 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/04/28 20:09:01 | 00,000,285 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2006/11/27 23:28:13 | 00,001,657 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2006/11/27 23:28:12 | 00,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2006/10/20 16:28:57 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/08/08 18:54:58 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/08/08 10:09:52 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/08/08 10:07:07 | 00,664,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/08/08 10:07:07 | 00,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd0685.sys
[2004/09/02 19:08:13 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2004/08/07 18:09:34 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/08/07 18:07:12 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS38.DLL
[2004/07/29 18:54:30 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/29 18:11:53 | 00,000,139 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2004/07/29 18:05:15 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2004/07/29 18:05:14 | 00,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2004/07/29 18:05:14 | 00,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2004/07/29 17:59:13 | 00,003,455 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004/07/29 17:59:12 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2002/03/21 14:39:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/20 21:01:06 | 00,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 21:00:20 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 21:00:20 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 21:00:18 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 21:00:18 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001/08/23 05:00:00 | 00,000,558 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/12 22:58:10 | 00,003,731 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/12 22:57:44 | 00,001,657 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2009/05/12 22:57:44 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Arka\Local Settings\desktop.ini
[2009/05/12 22:57:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/12 22:57:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/12 22:49:20 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Arka\Desktop\OTListIt2.exe
[2009/05/12 21:08:18 | 41,618,398 | ---- | M] () -- C:\Documents and Settings\Arka\Desktop\Hiroyuki_Utatane,_Countdown_Sex_Bombs_(www.hentairules.net)_(English,_HQ_re-scan).zip
[2009/05/12 20:56:09 | 00,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2009/05/12 18:45:29 | 36,026,761 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/12 18:45:29 | 00,053,730 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/10 14:33:31 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Arka\Desktop\µTorrent.lnk
[2009/05/10 11:50:59 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/09 11:29:56 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/05/09 11:29:56 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/05/09 11:29:56 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/05/09 11:29:35 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/05/08 10:45:05 | 03,371,136 | ---- | M] () -- C:\Documents and Settings\Arka\Desktop\Naruto_-_Kanashimi_wo_Yasashisa_ni.mp3
[2009/05/06 19:56:26 | 00,078,028 | ---- | M] () -- C:\Documents and Settings\Arka\Desktop\Chapter 8.pdf
[2009/05/05 15:12:00 | 00,167,640 | ---- | M] () -- C:\Documents and Settings\Arka\My Documents\Koylu (1994).pdf
[2009/05/04 08:04:46 | 00,000,285 | ---- | M] () -- C:\WINDOWS\matlab.ini
[2009/05/03 11:19:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/03 00:48:36 | 00,000,139 | ---- | M] () -- C:\WINDOWS\msicpl.ini
[2009/05/02 19:28:30 | 00,128,774 | ---- | M] () -- C:\Documents and Settings\Arka\My Documents\Soot Vaporation in LII.pdf
[2009/05/02 19:28:20 | 00,687,430 | ---- | M] () -- C:\Documents and Settings\Arka\My Documents\AO_published_Chakrabarty_2007.pdf
[2009/04/29 22:40:08 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Arka\Desktop\~$0363-01_P.doc
[2009/04/29 17:59:39 | 00,335,228 | ---- | M] () -- C:\Documents and Settings\Arka\My Documents\Kataura-Synth-Met-103-2555.pdf
[2009/04/29 17:46:29 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Arka\Desktop\Menu_May_2009.xls
[2009/04/28 06:29:07 | 00,101,708 | ---- | M] () -- C:\Documents and Settings\Arka\My Documents\Lorentz-Drude Dispersion Model.pdf
[2009/04/24 21:11:00 | 00,313,979 | ---- | M] () -- C:\Documents and Settings\Arka\My Documents\Coating effect on optical properties.pdf
[2009/04/24 20:59:29 | 01,032,564 | ---- | M] () -- C:\Documents and Settings\Arka\My Documents\Berg_Sorensen.pdf
[2009/04/24 20:12:22 | 00,157,488 | ---- | M] () -- C:\Documents and Settings\Arka\My Documents\Inversion method.pdf
[2009/04/24 20:11:42 | 00,517,779 | ---- | M] () -- C:\Documents and Settings\Arka\My Documents\History of m =1.56+0.57i.pdf
[2009/04/24 13:32:46 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Arka\My Documents\Comment-SR.doc
[2009/04/24 12:07:39 | 01,094,606 | ---- | M] () -- C:\Documents and Settings\Arka\My Documents\Sorensen (2001).pdf
[2009/04/23 00:32:22 | 00,167,625 | ---- | M] () -- C:\Documents and Settings\Arka\My Documents\Faeth-Turbulent Soot.pdf
[2009/04/22 23:16:28 | 00,966,478 | ---- | M] () -- C:\Documents and Settings\Arka\My Documents\Aerosol warming.pdf
[2009/04/22 12:29:01 | 00,129,060 | ---- | M] () -- C:\Documents and Settings\Arka\My Documents\Bouzezar et al 2 (2001).pdf
[2009/04/22 12:28:24 | 00,478,160 | ---- | M] () -- C:\Documents and Settings\Arka\My Documents\Bouzezar et al (2001).pdf
[2009/04/22 10:18:31 | 00,760,610 | ---- | M] () -- C:\Documents and Settings\Arka\My Documents\Minutolo et al (1998) - Tauc law.pdf
[2009/04/22 10:13:59 | 03,106,691 | ---- | M] () -- C:\Documents and Settings\Arka\My Documents\Diamond-like carbon.pdf
[2009/04/21 23:29:44 | 01,265,229 | ---- | M] () -- C:\Documents and Settings\Arka\My Documents\Optical Properties of Propane Soot.pdf
[2009/04/21 23:29:27 | 00,119,380 | ---- | M] () -- C:\Documents and Settings\Arka\My Documents\Bond GRL 2001GL013652.pdf
[2009/04/21 20:30:59 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Arka\Desktop\Filter data (April 12, 2006).xls
[2009/04/19 01:55:00 | 00,439,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/19 01:55:00 | 00,380,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/19 01:55:00 | 00,052,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/17 17:23:50 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/15 13:49:10 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >

OTListIt Extras logfile created on: 5/12/2009 11:04:19 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\Arka\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.23 Mb Total Physical Memory | 168.39 Mb Available Physical Memory | 32.94% Memory free
1.22 Gb Paging File | 0.91 Gb Available in Paging File | 74.56% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 1.58 Gb Free Space | 5.39% Space Free | Partition Type: NTFS
Drive D: | 45.23 Gb Total Space | 3.13 Gb Free Space | 6.93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PENTIUM4
Current User Name: Arka
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1700:TCP" = 1700:TCP:*:Disabled:MioNet Remote Drive Access
"1641:TCP" = 1641:TCP:*:Disabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Disabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Disabled:MioNet Storage Device Discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe (Hewlett-Packard)
C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe (Hewlett-Packard)
%windir%\system32\drivers\svchost.exe:*:Enabled:svchost File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui ()
C:\Documents and Settings\Arka\Desktop\Valve\Condition Zero\CZero.exe:*:Disabled:Condition Zero Launcher (Valve)
C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008 (Sports Interactive)
C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Disabled:hpiscnapp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Disabled:hpqcopy2.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Disabled:hpqgpc01.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Disabled:hpqgplgtupl.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Disabled:hpqphotocrm.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Disabled:hpqpsapp.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Disabled:hpqpse.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Disabled:hpqsudi.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\Wolfram Research\Mathematica\5.2\math.exe:*:Disabled:math.exe ()
C:\Program Files\Wolfram Research\Mathematica\5.2\Mathematica.exe:*:Disabled:Mathematica 5.2 (Wolfram Research, Inc.)
C:\Program Files\Wolfram Research\Mathematica\5.2\MathKernel.exe:*:Disabled:Mathematica 5.2 Kernel (Wolfram Research, Inc.)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\Star Wars Galactic Battlegrounds\Game\battlegrounds_x1.exe:*:Disabled:Star Wars Galactic Battlegrounds: Clone Campaigns File not found
C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01000A03-E058-11D3-9C13-0000E220DC33}" = MiraScan V4.03
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{1E6875D5-5A1D-4569-840F-371FF391A4CE}" = ScanButton 3.0
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{271B64EE-3E1B-4381-A8FE-012390050492}" = ACDSee 6.0 PowerPack
"{276E3ECB-E9E9-494E-A3F9-173BAD7D9643}" = C4400
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{457F06F4-8887-4C4F-910D-02FE9FAFB082}" = NHL Eastside Hockey Manager
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4CC59DA1-469B-49A5-9F6B-C4D26990294A}" = PS_AIO_03_C4400_ProductContext
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5A3FEF2D-0E14-412E-869C-421AB373EE43}" = C4400_Help
"{5B77D34E-E264-4507-ABCE-6B02D1F8515E}" = Mathematica 5.2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{826D9490-6133-45A2-86DD-D8343C17E111}" = Football Mogul 2007
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8ACECB7C-5EB2-42B3-A2E1-B91878B6C5D7}" = PS_AIO_03_C4400_Software
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AE86AE81-CD7F-496F-A39F-0210C985E71B}" = FM Modifier 2.25
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E24A7D40-D12E-4A11-8DEC-7BB21BE4614D}" = Wolfram Notebook Indexer 1.1
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"7-Zip" = 7-Zip 4.42
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2005
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG8Uninstall" = AVG 8.5
"BitTornado" = BitTornado 0.3.17
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2006-12-15
"Eastside UK pre-game Editor_is1" = Eastside UK pre-game Editor 0.2.0 Beta
"Football Manager 2008" = Football Manager 2008
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 2.5
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{5B77D34E-E264-4507-ABCE-6B02D1F8515E}" = Mathematica 5.2
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR14SP3" = MATLAB 7.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MioNet" = MioNet
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"PowerISO" = PowerISO
"Security Task Manager" = Security Task Manager 1.7h
"VLC media player" = VideoLAN VLC media player 0.8.6e
"Winamp" = Winamp (remove only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/27/2009 2:39:12 AM | Computer Name = PENTIUM4 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.2627.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/28/2009 6:40:26 PM | Computer Name = PENTIUM4 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/29/2009 8:51:42 PM | Computer Name = PENTIUM4 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.2627.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/30/2009 1:38:04 AM | Computer Name = PENTIUM4 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.2627.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/30/2009 1:40:37 AM | Computer Name = PENTIUM4 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.2627.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/30/2009 1:40:42 AM | Computer Name = PENTIUM4 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.2627.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/30/2009 4:04:32 AM | Computer Name = PENTIUM4 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.2627.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/6/2009 10:52:49 PM | Computer Name = PENTIUM4 | Source = Application Hang | ID = 1002
Description = Hanging application Acrobat.exe, version 7.0.0.1333, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2009 2:04:08 AM | Computer Name = PENTIUM4 | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.15.7, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2009 2:04:11 AM | Computer Name = PENTIUM4 | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.15.7, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/11/2009 9:54:06 PM | Computer Name = PENTIUM4 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 5/12/2009 11:06:52 AM | Computer Name = PENTIUM4 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/12/2009 11:08:18 AM | Computer Name = PENTIUM4 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 5/12/2009 9:42:43 PM | Computer Name = PENTIUM4 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/12/2009 9:44:09 PM | Computer Name = PENTIUM4 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 5/13/2009 1:29:04 AM | Computer Name = PENTIUM4 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/13/2009 1:29:40 AM | Computer Name = PENTIUM4 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 5/13/2009 1:29:40 AM | Computer Name = PENTIUM4 | Source = Service Control Manager | ID = 7034
Description = The MioNet Service service terminated unexpectedly. It has done this
1 time(s).

Error - 5/13/2009 1:57:59 AM | Computer Name = PENTIUM4 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/13/2009 1:59:18 AM | Computer Name = PENTIUM4 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >

Edited by Coba, 13 May 2009 - 12:17 AM.

  • 0

Advertisements

#2
Coba
Posted 13 May 2009 - 12:45 AM

Coba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
A little update for running the Malwarebyte again:

Malwarebytes' Anti-Malware 1.36
Database version: 2120
Windows 5.1.2600 Service Pack 2

5/12/2009 11:44:07 PM
mbam-log-2009-05-12 (23-44-07).txt

Scan type: Quick Scan
Objects scanned: 76584
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP