Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Serious Malware Problems: Desktop Says Malware Warning + More

Started by davi921 , Apr 22 2009 08:11 PM

  • Please log in to reply

#1
davi921
Posted 22 April 2009 - 08:11 PM

davi921

    Member

  • Member
  • PipPip
  • 26 posts
Background Info

Hi, recently my anti-virus automatically scanned a virus and deleted it. 5 minutes after my computer deleted that virus, my computer froze. So I had to restart it.

When I got to the desktop after the restart, an error message popped up saying:

"C:\windows\system32\warihagi.dll
This specific module can not be found."

My computer then freezes for about a minute or two trying to load up.

Now that leads to my internet not working. I'm connected directly, but I am not receiving any signal. When I go to repair it, I get "Failed to Query TCP/IP settings of the connection." It is like the computer does not recognize the driver anymore.

I ran my anti virus numerous times and found nothing. I've reinstalled windows xp and still experiencing the same problem. I have no idea what to do. Any help?


--------------------------------

Update

Note* When I got to the task bar and look at the processes, there is a process called "IEXPLORE.EXE" that keeps replicating itself every 5 minutes or so. Also there are 3x explorer.exe. I was accustomed to seeing 1 prior to this problem. So I thought it was worth noting.

I tried Vundofix and nothing was found on my infected computer.

I also tried downloading SpyBot Search and Destroy and I get installed, but I can not open the program itself. I also tried Malwarebytes' Anti-Malware, which was posted in the sticky and my infected computer would not run the set up either.
http://www.geekstogo...uide-t2852.html

However, I download Spy Doctor, but it requires a License Key to delete the infection.

Edited by davi921, 23 April 2009 - 06:39 PM.

  • 0

Advertisements

#2
davi921
Posted 22 April 2009 - 10:08 PM

davi921

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I just ran Combo Fix on my infected computer and it cleaned everything right up. Here is the log:




((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Temp\_iu14D2N.tmp
c:\documents and settings\Administrator\Local Settings\Temp\is-DMVTP.tmp\_isetup\_RegDLL.tmp
c:\documents and settings\Administrator\Local Settings\Temp\is-DMVTP.tmp\_isetup\_shfoldr.dll
c:\documents and settings\Administrator\Local Settings\Temp\is-DMVTP.tmp\isxdl.dll
c:\windows\system32\drivers\UACopxmpfqxsuwkkly.sys
c:\windows\system32\igahiraw.ini
c:\windows\system32\nuvoyijo.dll
c:\windows\system32\pohulomo.dll
c:\windows\system32\UACcnsvebjccppspii.dll
c:\windows\system32\UACfulqppuyxvdkrvi.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjfukmvbwutrmqlq.dll
c:\windows\system32\UACmhaxbrkdsmsqthu.dat
c:\windows\system32\UACntumpbfhvrbtlwb.log
c:\windows\system32\UACpgxpulgoynaummo.log
c:\windows\system32\UACrorwwirhhbakmmq.dll
c:\windows\system32\UACsrowafxvunntetp.dll
c:\windows\system32\UACthglteryplinqsq.log
c:\windows\system32\vufeguja.dll
c:\windows\system32\wulemake.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-4-24 )))))))))))))))))))))))))))))))
.

2009-04-23 04:57 . 2009-04-23 04:57 9 ----a-w C:\boot.inf
2009-04-23 04:34 . 2009-04-23 04:48 -------- d-----w C:\VundoFix Backups
2009-04-23 04:26 . 2009-04-23 04:26 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-23 01:10 . 2009-04-23 01:37 691 ----a-w c:\windows\RegGenie.ini
2009-04-23 01:10 . 2009-04-07 04:46 161816 ----a-w c:\windows\RegGenieOnUninstall.exe
2009-04-23 00:09 . 2009-04-23 00:09 -------- d-----w c:\windows\OPTIONS
2009-04-23 00:08 . 2009-04-23 00:08 -------- d-----w c:\documents and settings\DAVI\Application Data\InstallShield
2009-04-22 23:31 . 2009-04-22 23:31 56416 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-22 23:07 . 2004-08-04 12:00 92416 -c--a-w c:\windows\system32\dllcache\mga.sys
2009-04-22 23:06 . 2004-08-04 12:00 369664 -c--a-w c:\windows\system32\dllcache\asp51.dll
2009-04-22 23:05 . 2009-04-22 23:05 488 ---ha-r c:\windows\system32\logonui.exe.manifest
2009-04-22 23:05 . 2009-04-22 23:05 749 ---ha-r c:\windows\WindowsShell.Manifest
2009-04-22 23:05 . 2009-04-22 23:05 749 ---ha-r c:\windows\system32\wuaucpl.cpl.manifest
2009-04-22 23:05 . 2009-04-22 23:05 749 ---ha-r c:\windows\system32\sapi.cpl.manifest
2009-04-22 23:05 . 2009-04-22 23:05 749 ---ha-r c:\windows\system32\nwc.cpl.manifest
2009-04-22 23:05 . 2009-04-22 23:05 749 ---ha-r c:\windows\system32\ncpa.cpl.manifest
2009-04-22 23:04 . 2004-08-04 12:00 16384 -c--a-w c:\windows\system32\dllcache\isignup.exe
2009-04-22 22:52 . 2004-08-04 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-04-22 22:52 . 2004-08-04 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-04-22 22:52 . 2004-08-04 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-04-22 22:52 . 2004-08-04 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-04-22 04:16 . 2006-09-21 19:44 448698 ----a-r C:\txtsetup.sif
2009-04-22 04:16 . 2005-07-13 20:06 259776 ----a-r C:\$LDR$
2009-04-22 02:35 . 2009-04-22 02:35 -------- d-----w c:\documents and settings\Administrator\Application Data\Ahead
2009-04-22 02:27 . 2009-04-22 02:27 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-22 02:27 . 2009-04-22 02:27 -------- d-----w c:\documents and settings\Administrator\Application Data\Aim
2009-04-22 01:38 . 2009-04-22 01:38 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-04-21 19:42 . 2009-04-21 19:42 151 ----a-w c:\windows\PhotoSnapViewer.INI
2009-04-15 04:20 . 2008-05-03 11:55 2560 ----a-w c:\windows\system32\xpsp4res.dll
2009-04-14 20:11 . 2009-04-14 20:11 -------- d-----w c:\windows\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 01:18 . 2007-12-31 18:35 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-23 05:05 . 2009-04-23 04:57 136 ----a-w C:\VundoFix.txt
2009-04-23 04:26 . 2009-04-23 01:59 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-23 04:20 . 2008-01-23 03:23 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-23 00:09 . 2009-04-23 00:09 -------- d-----w c:\program files\Realtek
2009-04-23 00:08 . 2007-12-31 17:46 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-22 23:02 . 2007-12-31 17:10 22720 -c--a-w c:\windows\system32\emptyregdb.dat
2009-04-21 23:11 . 2009-01-21 23:11 47616 --sha-w c:\windows\system32\lewadiye.exe
2009-04-19 23:39 . 2008-11-25 01:55 -------- d-----w c:\documents and settings\DAVI\Application Data\LimeWire
2009-04-14 20:23 . 2009-04-14 20:11 -------- d-----w c:\program files\REFN
2009-04-10 18:20 . 2008-01-11 05:43 -------- d-----w c:\documents and settings\DAVI\Application Data\AdobeUM
2009-03-31 19:14 . 2007-12-31 23:50 -------- d-----w c:\program files\Java
2009-03-09 12:19 . 2008-11-25 00:29 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-25 22:34 . 2008-02-10 05:23 -------- d-----w c:\program files\Microsoft Silverlight
2008-11-10 00:38 . 2007-12-31 18:52 56416 -c--a-w c:\documents and settings\DAVI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-12-31 20480]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-30 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"Updater"="c:\windows\system32\updater\explorer.exe" [2007-11-24 1478612]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-12 7630848]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-09-21 208952]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-12 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-12 1519616]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-05-06 405504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-31 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2007-12-31 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-07 05:16 176128 ----a-w c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"f:\\Program Files\\Warcraft III\\war3.exe"=
"f:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"=
"f:\\Program Files\\DAP\\DAP.exe"=
"f:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"f:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\Program Files\\Steam\\steamapps\\plastik018\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\LimeWire\\LimeWire.exe"=
"f:\\Program Files\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1626:TCP"= 1626:TCP:SFO
"1626:UDP"= 1626:UDP:SFO
"3587:TCP"= 3587:TCP:LimeWire
"3587:UDP"= 3587:UDP:Limewire

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-10-08 116664]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936]

.
Contents of the 'Scheduled Tasks' folder

2009-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{d900c759-b639-43cc-bd24-2a93ffd1f6a6} - c:\windows\system32\wulemake.dll
HKCU-Run-RegGenie v2.0 - c:\program files\RegGenie\RegGenieOnReboot.exe
HKLM-Run-MSPY2002 - c:\windows\system32\IME\PINTLGNT\ImScInst.exe
HKLM-Run-PHIME2002ASync - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-PHIME2002A - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-a0fd6744 - c:\windows\system32\warihagi.dll
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vufeguja.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = localhost;*.local
IE: &Clean Traces - f:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - f:\program files\DAP\dapextie.htm
IE: Download &all with DAP - f:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - f:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - f:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6q26cgk.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: f:\program files\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: f:\program files\DivX\DivX Web Player\npdivx32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 18:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'explorer.exe'(584)
c:\docume~1\DAVI\LOCALS~1\Temp\IadHide4.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\docume~1\DAVI\LOCALS~1\temp\ir_ext_temp_0\autorun.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\stacsv.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Logitech\SetPoint\KHALMNPR.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-24 18:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-24 01:20

Pre-Run: 64,495,267,840 bytes free
Post-Run: 64,883,511,296 bytes free

226 --- E O F --- 2009-04-17 08:18

Edited by davi921, 23 April 2009 - 07:55 PM.

  • 0

#3
davi921
Posted 23 April 2009 - 06:16 PM

davi921

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Oops

Edited by davi921, 23 April 2009 - 07:54 PM.

  • 0

#4
davi921
Posted 19 June 2009 - 07:49 PM

davi921

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
So my computer just got totally hacked in terms of malwares and virus. When I turn on my computer, my background wallpaper says "WARNING!! YOU'RE IN DANGER!! Malware Detected!! Etc." Music begins to play and I can not do much from there. Some random Anti Virus Program installed on its own, scans, then tells me I must pay to use the program.

I'm not sure what to do at this point.

When I try to run in safe mode, it doesn't allow me to run in safe mode. I try to open the prompt menu (Start -> Run), that doesn't work.

I have malwarebytes installed but when I try to open that program, the malware doesn't let me. I try to run in safe mode, but can not. I try the F8 option, but all it does it give me two hard drives options to choose from. I don't have the option of selecting which mode I want to run in.

When I try to open ANY programs, it won't allow me. It denies to access to anything I try to open. Whether it be internet explorer, firefox, aim, etc.

So I'm sort of out of ideas.


I try to run reformat, but it doesn't seem like the computer doesn't even read the disc option anymore either.


Need help ASAP. Thanks!

Edited by davi921, 20 June 2009 - 12:57 AM.

  • 0

#5
davi921
Posted 20 June 2009 - 03:03 AM

davi921

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here are some logs from scans.

OTL logfile created on: 6/20/2009 1:25:36 AM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 82.92% Memory free
3.85 Gb Paging File | 3.67 Gb Available in Paging File | 95.23% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 61.09 Gb Free Space | 78.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 219.96 Gb Total Space | 108.14 Gb Free Space | 49.16% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-CF85BAA835
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/10/26 22:52:57 | 00,611,664 | ---- | M] (Lavasoft) -- F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2006/09/21 12:41:37 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/04/19 22:57:32 | 00,252,696 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2009/06/20 01:06:58 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2004/08/04 05:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/10/26 22:52:57 | 00,611,664 | ---- | M] (Lavasoft) -- F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2007/05/29 17:33:26 | 00,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [On_Demand | Stopped])
SRV - [2007/05/29 17:33:36 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/10/07 21:48:24 | 00,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Stopped])
SRV - [2004/08/04 05:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2009/06/19 18:07:22 | 00,012,288 | ---- | M] () -- C:\WINDOWS\jsr468ijdfghfjsw3rw3i6tjag81.exe -- (jsr468ijdfghfjsw3rw3i6tjag80 [Auto | Stopped])
SRV - [2007/08/28 20:04:25 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2006/10/09 23:11:08 | 00,724,992 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2009/05/01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/08/02 14:18:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2007/10/07 21:48:36 | 00,116,664 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2007/08/27 18:14:00 | 00,214,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2007/07/26 20:25:20 | 01,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Stopped])
SRV - [2007/05/06 02:11:36 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\STacSV.exe -- (STacSV [Auto | Stopped])
SRV - [2007/10/07 21:48:32 | 01,822,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [On_Demand | Stopped])
SRV - [2004/02/06 22:56:14 | 00,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- (WMP54Gv4SVC [Auto | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/07/15 03:48:13 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Stopped])
DRV - [2005/02/01 18:18:38 | 00,017,992 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\BCM42RLY.SYS -- (BCM42RLY [On_Demand | Stopped])
DRV - [2009/03/16 01:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Stopped])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/09/21 12:41:43 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/04/15 23:16:26 | 05,760,096 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Stopped])
DRV - [2004/06/08 13:36:28 | 00,013,105 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV - [2004/06/08 13:35:18 | 00,054,817 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\L8042mou.sys -- (L8042mou [On_Demand | Stopped])
DRV - [2004/06/08 13:35:08 | 00,071,533 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LMouKE.sys -- (LMouKE [On_Demand | Stopped])
DRV - [2009/03/16 01:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090612.003\NAVENG.SYS -- (NAVENG [On_Demand | Stopped])
DRV - [2009/03/16 01:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090612.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2005/08/02 14:10:13 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2009/04/30 22:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2003/09/19 16:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Stopped])
DRV - [2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/10/27 16:06:30 | 00,356,096 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\RT61.sys -- (RT61 [On_Demand | Stopped])
DRV - [2008/05/07 11:31:16 | 00,106,368 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Stopped])
DRV - [2006/09/06 15:41:20 | 00,337,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Stopped])
DRV - [2006/09/06 15:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Stopped])
DRV - [2006/09/21 12:42:56 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Stopped])
DRV - [2007/07/26 20:25:18 | 00,400,216 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
DRV - [2007/05/06 02:12:00 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Stopped])
DRV - [2007/12/31 11:35:46 | 00,110,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
DRV - [2007/08/27 18:13:32 | 00,023,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Stopped])
DRV - [2007/08/27 18:13:36 | 00,189,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Stopped])
DRV - [2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2007/04/09 09:53:24 | 00,012,672 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
DRV - [2007/04/09 09:56:22 | 00,021,248 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
DRV - [2007/04/09 09:55:08 | 00,022,912 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
DRV - [2006/09/21 12:51:38 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/25 10:03:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/18 10:34:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/12 11:24:59 | 00,000,000 | ---D | M]

[2009/04/21 19:27:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2009/04/21 19:27:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/21 19:27:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\d6q26cgk.default\extensions
[2009/06/19 17:22:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/12 11:24:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/07/15 03:57:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/11/24 17:30:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/02/25 10:03:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/31 12:14:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/10 15:29:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/06/12 11:24:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 11:24:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/08/25 20:36:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/08/25 20:36:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/08/25 20:36:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/21 22:47:45 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/08/25 20:36:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/08/25 20:36:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/08/25 20:36:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [12344844] C:\Documents and Settings\All Users\Application Data\12344844\12344844.exe (Microsoft Corporation)
O4 - HKLM..\Run: [92354836] C:\Documents and Settings\All Users\Application Data\92354836\92354836.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [net] "C:\WINDOWS\system32\net.net" File not found
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe (Microsoft Corporation)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1199126137283 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\WBSrv: DllName - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/31 10:12:27 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/20 01:19:26 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/06/20 01:18:55 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF3312.exe
[2009/06/20 01:18:23 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF3204.exe
[2009/06/20 01:17:53 | 00,561,464 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2009/06/20 01:17:31 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/06/20 01:15:19 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/06/20 01:15:11 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/06/20 01:14:31 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/19 18:07:25 | 00,155,136 | ---- | C] (Elecard Ltd) -- C:\WINDOWS\System32\tpsaxyd.exe
[2009/06/19 18:07:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\92354836
[2009/06/19 18:07:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\12344844
[2009/06/19 18:07:25 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\92354836.ini
[2009/06/19 18:07:22 | 00,012,288 | ---- | C] () -- C:\WINDOWS\jsr468ijdfghfjsw3rw3i6tjag81.exe
[2009/06/19 18:07:20 | 00,000,000 | RHSD | C] -- C:\Program Files\Manson
[2009/06/06 19:32:33 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2009/05/23 22:52:01 | 00,847,360 | ---- | C] () -- C:\WINDOWS\System32\JS32.dll
[2009/05/23 22:51:59 | 00,847,360 | ---- | C] () -- C:\WINDOWS\System\JS32.dll
[2009/05/01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/22 18:10:50 | 00,000,691 | ---- | C] () -- C:\WINDOWS\RegGenie.ini
[2009/04/21 12:42:50 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/04/05 12:00:09 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/04/05 12:00:09 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/04/05 12:00:09 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/04/05 12:00:09 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/01/02 00:48:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2007/12/31 22:02:11 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2007/12/31 21:12:42 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/12/31 21:07:40 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/12/31 21:07:40 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/12/31 21:07:40 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/12/31 19:47:50 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/12/31 19:46:45 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini
[2007/12/31 16:47:25 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/12/31 16:09:40 | 00,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2007/12/31 13:16:40 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/12/31 13:05:32 | 00,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/31 11:37:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/12/31 11:27:22 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/31 10:46:37 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/12/31 10:46:26 | 00,000,890 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2006/08/11 21:45:20 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 21:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/02 14:24:01 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/08/04 05:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 05:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2009/06/20 01:18:45 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF3312.exe
[2009/06/20 01:18:13 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF3204.exe
[2009/06/20 01:14:31 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/20 01:14:04 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/20 01:13:42 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\desktop.ini
[2009/06/20 01:13:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/20 01:07:08 | 00,561,464 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2009/06/20 01:06:58 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/06/19 20:22:22 | 00,155,136 | ---- | M] (Elecard Ltd) -- C:\WINDOWS\System32\tpsaxyd.exe
[2009/06/19 19:02:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/19 18:56:29 | 00,081,226 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/06/19 18:14:44 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/19 18:07:25 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\92354836.ini
[2009/06/19 18:07:22 | 00,012,288 | ---- | M] () -- C:\WINDOWS\jsr468ijdfghfjsw3rw3i6tjag81.exe
[2009/06/13 21:11:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== LOP Check ==========

[2009/04/21 19:35:31 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2009/04/21 19:35:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ahead
[2009/04/21 19:27:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Aim
[2009/04/21 18:21:57 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/04/21 19:27:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2009/06/19 18:07:25 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/11/22 15:14:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/06/19 18:15:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\12344844
[2009/06/19 18:07:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\92354836
[2008/09/28 11:13:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/12/31 18:56:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/12/31 18:59:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/04/02 23:00:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/01/20 11:37:56 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2008/08/14 15:00:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2007/12/31 16:27:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2009/04/23 18:23:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/12 16:19:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/01/02 16:26:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2009/04/23 18:23:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2007/12/31 11:35:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/04/22 21:20:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/12/31 17:17:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/12/31 16:18:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2007/12/31 14:20:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/06/13 21:11:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/06/19 19:02:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


OTL Extras logfile created on: 6/20/2009 1:25:36 AM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 82.92% Memory free
3.85 Gb Paging File | 3.67 Gb Available in Paging File | 95.23% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 61.09 Gb Free Space | 78.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 219.96 Gb Total Space | 108.14 Gb Free Space | 49.16% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-CF85BAA835
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1626:TCP" = 1626:TCP:*:Enabled:SFO
"1626:UDP" = 1626:UDP:*:Enabled:SFO
"3587:TCP" = 3587:TCP:*:Enabled:LimeWire
"3587:UDP" = 3587:UDP:*:Enabled:Limewire
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/09/21 12:43:38 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/09/21 12:43:38 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/10/02 22:22:54 | 00,349,720 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD
[2007/12/31 16:27:38 | 00,020,480 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger
[2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2009/03/12 16:23:40 | 00,471,040 | ---- | M] (Blizzard Entertainment) -- F:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III
[2008/10/25 23:41:54 | 00,086,077 | ---- | M] (Valve) -- F:\Program Files\Steam\steamapps\[email protected]\counter-strike\hl.exe:*:Enabled:Half-Life Launcher
[2007/04/09 05:41:48 | 02,245,424 | ---- | M] (Speedbit Ltd.) -- F:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)
[2007/03/07 03:27:12 | 00,567,384 | ---- | M] (www.sopcast.com) -- F:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
[2008/04/30 01:32:48 | 01,892,352 | ---- | M] (www.sopcast.com) -- F:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
[2009/06/12 11:24:55 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2009/02/13 10:11:23 | 00,106,496 | ---- | M] () -- F:\Program Files\Steam\steamapps\plastik018\counter-strike source\hl2.exe:*:Enabled:hl2
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/20 14:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/09/18 11:50:21 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- F:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire PRO 4.14.10
[2008/10/25 19:30:52 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- F:\Program Files\uTorrent.exe:*:Enabled:µTorrent
[2009/06/07 16:21:27 | 00,086,077 | ---- | M] (Valve) -- F:\Program Files\Steam\steamapps\xstormxraverx\counter-strike\hl.exe:*:Enabled:Half-Life Launcher
[2009/06/06 20:05:47 | 00,098,304 | ---- | M] () -- F:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2085C617-589C-40F8-BE40-EDBC9E2CA2EB}" = Symantec AntiVirus
"{2246135C-E041-C610-EEB2-CABE58CDE2CE}" = Supercast
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 14
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{362BFFCD-8274-11D8-97C8-000129760CBE}" = MediaLife
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}" = Nero 7 Ultra Edition
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AOL Instant Messenger" = AOL Instant Messenger
"AutoItv3" = AutoIt v3.2.0.0
"AviSynth" = AviSynth 2.5
"com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1" = DIRECTV SUPERCAST
"Diablo II" = Diablo II
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Fast Break Basketball_is1" = Fast Break Basketball
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"LimeWire" = LimeWire 4.18.8
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"net" = Advertisement Service
"NVIDIA Drivers" = NVIDIA Drivers
"PSP Video 9" = PSP Video 9 2.25
"RealPlayer 6.0" = RealPlayer
"Silent Package Run-Time Sample" = EPSON CX 3800 Guide
"SopCast" = SopCast 2.0.4
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 500" = Left 4 Dead
"SystemRequirementsLab" = System Requirements Lab
"Videora iPod Converter" = Videora iPod Converter 4.00
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Winamp" = Winamp
"WindowBlinds" = WindowBlinds
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/19/2009 9:11:31 PM | Computer Name = HOME-CF85BAA835 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Downloader in File: c:\windows\system32\net.net
by: Manual scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 6/19/2009 9:11:31 PM | Computer Name = HOME-CF85BAA835 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Downloader in File: c:\windows\system32\net.net
by: Manual scan. Action: Terminate Process Required. Action Description:

Error - 6/19/2009 9:11:45 PM | Computer Name = HOME-CF85BAA835 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Downloader in File: c:\windows\system32\net.net
by: Manual scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 6/19/2009 9:11:48 PM | Computer Name = HOME-CF85BAA835 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Downloader in File: c:\windows\system32\net.net
by: Manual scan. Action: Clean succeeded. Action Description: The file was repaired
successfully.

Error - 6/19/2009 9:12:01 PM | Computer Name = HOME-CF85BAA835 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Downloader in File: c:\windows\system32\net.net
by: Manual scan. Action: Delete failed. Action Description: The file was left
unchanged.

Error - 6/19/2009 9:12:01 PM | Computer Name = HOME-CF85BAA835 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Downloader in File: c:\windows\system32\net.net
by: Manual scan. Action: Delete succeeded. Action Description: The file was deleted
successfully.

Error - 6/19/2009 9:13:39 PM | Computer Name = HOME-CF85BAA835 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Downloader in File: c:\windows\system32\net.net
by: Manual scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 6/19/2009 9:13:39 PM | Computer Name = HOME-CF85BAA835 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Downloader in File: c:\windows\system32\net.net
by: Manual scan. Action: Terminate Process Required. Action Description:

Error - 6/19/2009 9:14:08 PM | Computer Name = HOME-CF85BAA835 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Downloader in File: c:\windows\system32\net.net
by: Manual scan. Action: Delete failed. Action Description: The file was left
unchanged.

Error - 6/19/2009 9:14:08 PM | Computer Name = HOME-CF85BAA835 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Downloader in File: c:\windows\system32\net.net
by: Manual scan. Action: Delete succeeded. Action Description: The file was deleted
successfully.

[ System Events ]
Error - 4/22/2009 9:56:33 PM | Computer Name = HOME-CF85BAA835 | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 4/22/2009 9:56:33 PM | Computer Name = HOME-CF85BAA835 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 4/22/2009 9:56:33 PM | Computer Name = HOME-CF85BAA835 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL SPBBCDrv SYMTDI
Tcpip

Error - 4/22/2009 9:56:37 PM | Computer Name = HOME-CF85BAA835 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/30/2009 11:46:58 AM | Computer Name = HOME-CF85BAA835 | Source = BITS | ID = 1654791
Description = The BITS job list is not in a recognized format. It may have been
created by a different version of BITS. The job list has been cleared.

Error - 4/30/2009 3:50:46 PM | Computer Name = HOME-CF85BAA835 | Source = BITS | ID = 1654791
Description = The BITS job list is not in a recognized format. It may have been
created by a different version of BITS. The job list has been cleared.

Error - 4/30/2009 7:14:54 PM | Computer Name = HOME-CF85BAA835 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/1/2009 4:50:13 PM | Computer Name = HOME-CF85BAA835 | Source = BITS | ID = 1654791
Description = The BITS job list is not in a recognized format. It may have been
created by a different version of BITS. The job list has been cleared.

Error - 5/1/2009 4:51:53 PM | Computer Name = HOME-CF85BAA835 | Source = BITS | ID = 1654791
Description = The BITS job list is not in a recognized format. It may have been
created by a different version of BITS. The job list has been cleared.

Error - 5/1/2009 4:51:57 PM | Computer Name = HOME-CF85BAA835 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >

Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````
SymantecAntiVirus
ECHO is off.
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````
Ad-Aware
Spybot - Search & Destroy
Malwarebytes' Anti-Malware
Java™ 6 Update 14
Java™ 6 Update 2
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
Spybot SDHelper is disabled!
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

Scan took 8 seconds.
`````````End of Log```````````
  • 0

#6
davi921
Posted 20 June 2009 - 06:54 PM

davi921

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Can anyone take a look at this. Not sure why my new thread was merged with my old one from April. Ignore the April posts. It has nothing to do with my current situation. Thanks.

Since I am unable to edit my post, I finally got Malwarebytes to run. Here is the log of the scan.


Malwarebytes' Anti-Malware 1.36
Database version: 2039
Windows 5.1.2600 Service Pack 2

6/20/2009 6:28:41 PM
mbam-log-2009-06-20 (18-28-41).txt

Scan type: Quick Scan
Objects scanned: 78672
Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12344844 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\92354836 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\12344844 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\92354836 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\12344844\12344844.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\12344844\12344844.glu (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\12344844\pc12344844cnf (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\12344844\pc12344844ins (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\92354836\92354836.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

Edited by davi921, 20 June 2009 - 07:59 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP