Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan horse agent2.drc

Started by luvscows , Apr 17 2009 08:28 PM

  • Please log in to reply

#1
luvscows
Posted 17 April 2009 - 08:28 PM

luvscows

    New Member

  • Member
  • Pip
  • 1 posts
I have the wonderful luck of having (different) infections on both my laptop and desktop computers. I will shortly be starting a post for the desktop computer.

While using Windows Media Player last night, a message claimed that Windows Media Player needed an update, and I stupidly clicked OK. Apparently, that is what executed the trojan. It immediately began attacking hundreds of files. I have AVG free version, which is blocking them, but won't heal and remove them.

I followed all required steps. Malwarebytes log is included below. Rootkit and OTListIt logs will follow.


Malwarebytes' Anti-Malware 1.36
Database version: 1992
Windows 5.1.2600 Service Pack 3

4/17/2009 12:16:21 AM
mbam-log-2009-04-17 (00-16-21).txt

Scan type: Quick Scan
Objects scanned: 95199
Time elapsed: 27 minute(s), 5 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 76

Memory Processes Infected:
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\88HWYUA8\media_player_update[1].exe (Trojan.Dropper) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\88HWYUA8\media_player_update[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dhcpsapi32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drmstor32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autodisc32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DHCPMON32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\authz32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cfgmgr3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctl3d323232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clb3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\els3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dot3api32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fltlib32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\batt32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\camocx32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CLICONFG32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CLICONFG3232.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\COMADDIN32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\COMPATUI32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\COMPSTUI32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comuid32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CONSOLE32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crtdll32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cscui32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D3DPMESH32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\danim32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbgeng32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DBGHELP32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DBMSRPCN32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DCIMAN3232.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DDRAWEX32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DFRGRES32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DFRGRES3232.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dfrgui32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DFRGUI3232.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\digest32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmdlgs32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmime32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DMLOADER32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DMSCRIPT32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DMSYNTH32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dnsapi32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DOCPROP232.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DOCPROP23232.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DOCPROP32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcdll32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DPNADDR32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DPSERIAL32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DPVOICE32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DPWSOCKX32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DSOUND3D32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DSPRPRES32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dssec32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DSSEC3232.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DINPUT832.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\basesrv3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\basecsp32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\basesrv32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drprov32.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cryptui32.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbnetlib32.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxtrans32.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dgrpsetu32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dplayx32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpnmodem32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csseqchk32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmpbk3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\els32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dx8vb32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bootvid32.dll (Trojan,FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cdosys32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\EqnClass32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxtmsft32.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\browser32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\deskadp32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dx7vb32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpnhupnp32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

[b]ROOTER.TXT[/b]
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:36106 Mo/Free:3876 Mo)
D:\ [Fixed] - FAT32 - (Total:2039 Mo/Free:2039 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Fri 04/17/2009|22:02

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\S24EvMon.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\System32\RegSrvc.exe
---------- C:\Program Files\Rosetta Stone\SMS v3.0hs\Service\JavaSrvc.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgemc.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\WINDOWS\system32\ZCfgSvc.exe
---------- C:\Program Files\AVG\AVG8\avgcsrvx.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\System32\hkcmd.exe
---------- C:\WINDOWS\AGRSMMSG.exe
---------- C:\Program Files\Apoint2K\Apoint.exe
---------- C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
---------- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
---------- C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
---------- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\igfxext.exe
---------- C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
---------- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
---------- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE
---------- C:\WINDOWS\system32\LVCOMSX.EXE
---------- C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
---------- C:\Program Files\Logitech\Video\LogiTray.exe
---------- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
---------- C:\WINDOWS\System32\1XConfig.exe
---------- C:\Program Files\Apoint2K\Apntex.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Apoint2K\HidFind.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Microsoft Location Finder\LocationFinder.exe
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
---------- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
---------- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
---------- C:\Program Files\Logitech\Video\FxSvr2.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\System32\wbem\wmiapsrv.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Fri 04/17/2009| 0:42
2 - "C:\Rooter$\Rooter_2.txt" - Fri 04/17/2009|22:03

----------------------\\ Scan completed at 22:03


OTListIt.txt
OTListIt logfile created on: 4/17/2009 10:05:38 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.48 Mb Total Physical Memory | 82.98 Mb Available Physical Memory | 16.51% Memory free
1.20 Gb Paging File | 0.79 Gb Available in Paging File | 65.91% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.26 Gb Total Space | 19.78 Gb Free Space | 56.11% Space Free | Partition Type: NTFS
Drive D: | 1.99 Gb Total Space | 1.99 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIFEBOOK
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\System32\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Rosetta Stone\SMS v3.0hs\Service\JavaSrvc.exe (Alexandria Software Consulting)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
PRC - C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
PRC - C:\WINDOWS\System32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\System32\1XConfig.exe (Intel)
PRC - C:\Program Files\Apoint2K\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Apoint2K\HidFind.exe (ALPS)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe (Fisher-Price, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe ()
PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AdobeActiveFileMonitor5.0 [Auto | Running]) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPodService [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (RegSrvc [Auto | Running]) -- C:\WINDOWS\System32\RegSrvc.exe (Intel Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\WINDOWS\System32\S24EvMon.exe (Intel Corporation )
SRV - (SMSv3hs [Auto | Running]) -- C:\Program Files\Rosetta Stone\SMS v3.0hs\Service\JavaSrvc.exe (Alexandria Software Consulting)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ADVNTDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ADVNTDRV.SYS (FUJITSU LIMITED.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BtnHnd [Auto | Running]) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys (FUJITSU LIMITED)
DRV - (CONAN [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\o2mmb.sys (O2 Micro )
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (FUJ02B1 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\FUJ02B1.sys (FUJITSU LIMITED)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (gv3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\gv3.sys (Microsoft Corporation)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\lvusbsta.sys (Logitech Inc.)
DRV - (MbxStby [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MbxStby.sys (O2 Micro)
DRV - (MDC8021X [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (mfeavfk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (pepifilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lv302af.sys (Logitech Inc.)
DRV - (PID_08A0 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LV302AV.SYS (Logitech Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (STAC97 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (w22n51 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\w22n51.sys (Intel® Corporation)
DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys (Intel® Corporation)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)
DRV - ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\wA301a.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/14 23:49:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/17 01:22:23 | 00,000,000 | ---D | M]

[2006/06/06 01:04:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ijxv03jh.default\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0989.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0989.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc.)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe (Fisher-Price, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (Logitech Inc.)
O4 - HKCU..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: devanalytics.com ([proc1] http in Trusted sites)
O15 - HKCU\..Trusted Sites: facebook.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([apps.new] http in Trusted sites)
O15 - HKCU\..Trusted Sites: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Sites: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Sites: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} http://www.symantec....rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1149531964159 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} http://java.sun.com/..._4_0_01-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\System32\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/04/17 22:04:23 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Owner\Desktop\OTListIt2.exe
[2009/04/17 22:01:53 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\Rooter.exe
[2009/04/17 19:23:39 | 00,021,504 | ---- | C] (Doug Knox) -- C:\DOCUME~1\Owner\Desktop\SysRestorePoint.exe
[2009/04/17 01:18:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/04/17 01:18:30 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/04/17 01:17:54 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/04/17 01:15:43 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/04/17 01:15:43 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/04/17 01:15:43 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/04/17 01:15:42 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/04/17 01:15:42 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/04/17 01:15:41 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/04/17 01:15:41 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/04/17 01:15:38 | 00,000,000 | ---D | C] -- C:\7271173c3f0ae530586e45
[2009/04/17 01:14:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/04/17 01:10:00 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/17 00:37:43 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/16 23:35:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/04/16 23:35:09 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/16 23:35:08 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/16 23:35:06 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/16 23:35:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/16 23:35:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/16 23:33:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/16 23:28:38 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\NTREGOPT.lnk
[2009/04/16 23:28:38 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\ERUNT.lnk
[2009/04/16 23:28:30 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/16 22:40:49 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\P3zwW.vbs
[2009/04/16 21:44:37 | 00,000,630 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\Audacity.lnk
[2009/04/16 21:44:32 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity
[2009/04/16 20:54:45 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/16 20:54:44 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 20:54:44 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/16 20:53:11 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 20:53:09 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 20:53:07 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 20:53:04 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 20:53:01 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 20:53:00 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 20:52:58 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 20:52:57 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 20:52:55 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/03/30 00:30:32 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/03/30 00:14:20 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/30 00:14:20 | 00,001,507 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\AVG Free 8.5.lnk
[2009/03/30 00:14:17 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/03/30 00:14:11 | 00,325,640 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/03/30 00:14:07 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/03/30 00:13:42 | 35,206,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/03/30 00:13:42 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/03/30 00:13:42 | 00,100,885 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/30 00:13:41 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/03/30 00:13:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/03/30 00:13:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
[2009/03/30 00:13:05 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/03/30 00:13:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/03/30 00:09:51 | 62,729,728 | ---- | C] (AVG Technologies) -- C:\DOCUME~1\Owner\Desktop\avg_free_stf_en_85_283a1450.exe
[2009/03/29 22:42:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Citrix
[2009/03/29 21:33:45 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/03/22 23:52:56 | 00,000,372 | ---- | C] () -- C:\DOCUME~1\Owner\My Documents\spider.sav
[2009/03/21 10:06:58 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2009/03/19 19:49:31 | 00,021,504 | ---- | C] () -- C:\DOCUME~1\Owner\My Documents\Chocolate Timeline.doc
[2008/05/01 23:28:22 | 00,000,167 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/03/08 18:08:25 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/12/25 13:53:15 | 00,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/11/19 09:39:15 | 00,000,040 | ---- | C] () -- C:\WINDOWS\System32\EAL.INI
[2006/10/28 00:42:14 | 00,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2006/10/27 23:58:42 | 00,000,144 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/27 23:55:33 | 00,000,303 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2006/08/16 23:50:28 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/08/16 23:50:19 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/08/15 19:24:37 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/07/23 23:32:25 | 00,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2006/07/23 23:32:23 | 00,000,368 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2006/07/08 22:28:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/08/31 12:43:32 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2004/04/06 20:35:03 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/23 23:10:20 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/03/23 23:10:20 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/03/23 23:10:19 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/03/23 23:10:19 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/03/23 23:10:19 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/03/23 23:10:19 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/03/23 23:01:22 | 00,001,004 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/03/23 22:24:28 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/23 21:19:22 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/23 20:49:50 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/03/23 19:37:59 | 00,000,506 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/23 19:36:39 | 00,000,759 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/03/23 19:36:31 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/04/17 16:35:00 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/04/17 16:35:00 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[1999/01/27 14:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/04/17 22:04:40 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Owner\Desktop\OTListIt2.exe
[2009/04/17 22:02:11 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\Rooter.exe
[2009/04/17 21:59:17 | 00,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2009/04/17 21:58:49 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/17 21:56:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/17 21:55:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/17 21:55:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/17 21:55:07 | 52,696,2688 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/17 19:23:43 | 00,021,504 | ---- | M] (Doug Knox) -- C:\DOCUME~1\Owner\Desktop\SysRestorePoint.exe
[2009/04/17 18:20:36 | 35,206,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/17 18:20:36 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/17 07:58:45 | 00,041,632 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/17 07:58:30 | 00,523,518 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/17 07:58:30 | 00,442,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/17 07:58:30 | 00,072,076 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/17 03:08:01 | 00,202,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/17 01:42:41 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/16 23:35:09 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/16 23:28:39 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\NTREGOPT.lnk
[2009/04/16 23:28:38 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\ERUNT.lnk
[2009/04/16 22:40:49 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\P3zwW.vbs
[2009/04/16 21:44:37 | 00,000,630 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\Audacity.lnk
[2009/04/16 20:48:23 | 00,100,885 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/02 22:33:39 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/03/30 23:16:06 | 00,000,372 | ---- | M] () -- C:\DOCUME~1\Owner\My Documents\spider.sav
[2009/03/30 00:14:20 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/30 00:14:20 | 00,001,507 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\AVG Free 8.5.lnk
[2009/03/30 00:14:11 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/03/30 00:14:08 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/03/30 00:13:42 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/03/30 00:10:19 | 62,729,728 | ---- | M] (AVG Technologies) -- C:\DOCUME~1\Owner\Desktop\avg_free_stf_en_85_283a1450.exe
[2009/03/27 02:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/03/23 11:14:05 | 00,001,004 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2009/03/21 10:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2009/03/21 10:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2009/03/19 20:39:53 | 00,010,752 | ---- | M] () -- C:\DOCUME~1\Owner\My Documents\chocolate making.doc
[2009/03/19 20:18:28 | 00,021,504 | ---- | M] () -- C:\DOCUME~1\Owner\My Documents\Chocolate Timeline.doc
< End of report >


EXTRAS.TXT
OTListIt Extras logfile created on: 4/17/2009 10:05:38 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.48 Mb Total Physical Memory | 82.98 Mb Available Physical Memory | 16.51% Memory free
1.20 Gb Paging File | 0.79 Gb Available in Paging File | 65.91% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.26 Gb Total Space | 19.78 Gb Free Space | 56.11% Space Free | Partition Type: NTFS
Drive D: | 1.99 Gb Total Space | 1.99 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIFEBOOK
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer (LimeWire)
C:\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Computer, Inc.)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger File not found
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found
C:\Program Files\Java\jre1.6.0_02\bin\java.exe:*:Enabled:Java Runtime Environment (Sun Microsystems, Inc.)
C:\Program Files\Rosetta Stone\SMS v3.0hs\server.exe:*:Enabled:SMS Server v3.0hs ()
C:\Program Files\Rosetta Stone\SMS v3.0hs\admin.exe:*:Enabled:SMS Admin v3.0hs ()
C:\Program Files\Rosetta Stone\SMS v3.0hs\service\JavaSrvc.exe:*:Enabled:SMS Service v3.0hs (Alexandria Software Consulting)
C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)
C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer (RealNetworks, Inc.)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire (FrostWire Group)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)
C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24C242C0-28C0-43C8-A0A1-FE181F3B3319}" = OpenOffice.org 2.0
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{44170B31-F47A-4FF9-9D77-382D1FE2A728}" = FP3 Player
"{5380063E-2909-4d72-BFA3-625881F2E78B}" = Intel® PROSet for Wireless
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6F5746DF-18E9-4E35-9032-D5F551E7CD5A}" = Fujitsu Hotkey Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
"{7C7D6EC8-F8CC-4B13-AF27-0A9D51EE4E40}" = MSN Toolbar
"{7CF31609-270B-11D6-9445-000102308676}" = Java 2 Runtime Environment, SE v1.4.0_01
"{858EBD47-9C14-4158-8D2A-1E3B78E7CD17}" = O2Micro MemoryCardBus Windows Driver
"{896D642C-7125-44F0-AC49-A23ABF82209C}" = CDBurnerXP Pro 3
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8DB9F162-C085-4E70-BB22-969429DB020D}" = LifeBook Application Panel
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{E0FAA0BA-874E-47C8-9ECA-BB333006CF16}" = Fujitsu Driver Update V1.1L20
"18FF359AE500F8C84B16BD7C8065F75AFEAE4CDF" = Windows Driver Package - Intel (w29n51) net (10/25/2006 9.0.4.26)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG 8.5
"CCleaner" = CCleaner (remove only)
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"FF9C6C89964495D9F1AC86587EF985784D8AD152" = Windows Driver Package - Intel (NETw3x32) net (10/17/2006 10.5.1.72)
"FrostWire" = FrostWire 4.17.0
"Google Updater" = Google Updater
"hp officejet d series 1162010574" = hp officejet d series
"HP Photo Printing Software" = HP Photo Printing Software
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{44170B31-F47A-4FF9-9D77-382D1FE2A728}" = FP3 Player
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{858EBD47-9C14-4158-8D2A-1E3B78E7CD17}" = O2Micro MemoryCardBus Windows Driver
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"InterActual Player" = InterActual Player
"Java Web Start" = Java Web Start
"Logitech Print Service" = Logitech Print Service
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Optimist Screensaver" = Optimist Screensaver
"Print Artist 12.0" = SierraHome Print Artist 12.0
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Student Management System v3.0hs" = Student Management System v3.0hs
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD 1.1 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/16/2009 8:53:13 PM | Computer Name = LIFEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/16/2009 8:53:28 PM | Computer Name = LIFEBOOK | Source = Application Hang | ID = 1001
Description = Fault bucket 1110235319.

Error - 4/17/2009 12:49:46 AM | Computer Name = LIFEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2[1].exe, version 2.0.14.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/17/2009 10:36:38 AM | Computer Name = LIFEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/17/2009 7:21:58 PM | Computer Name = LIFEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application ATF_Cleaner.exe, version 3.0.0.2, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/17/2009 9:44:05 PM | Computer Name = LIFEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/17/2009 9:44:24 PM | Computer Name = LIFEBOOK | Source = Application Hang | ID = 1001
Description = Fault bucket 1203548446.

Error - 4/17/2009 9:51:42 PM | Computer Name = LIFEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/17/2009 9:52:35 PM | Computer Name = LIFEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/17/2009 9:53:30 PM | Computer Name = LIFEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.36.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/9/2009 11:51:58 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 4/12/2009 10:19:48 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the iPodService service to
connect.

Error - 4/12/2009 10:19:48 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7000
Description = The iPodService service failed to start due to the following error:
%%1053

Error - 4/12/2009 10:19:48 PM | Computer Name = LIFEBOOK | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service iPodService
with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}

Error - 4/14/2009 8:09:48 PM | Computer Name = LIFEBOOK | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000E353A72A7. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 4/16/2009 4:04:08 AM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec Core LC service.

Error - 4/17/2009 12:20:49 AM | Computer Name = LIFEBOOK | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 4/17/2009 12:21:47 AM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 4/17/2009 12:23:34 AM | Computer Name = LIFEBOOK | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000E353A72A7. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 4/17/2009 4:20:33 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec Core LC service.


< End of report >

Edited by luvscows, 17 April 2009 - 08:33 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP