Jump to content

SLIPPY1175

Honorary Members
  • Posts

    45
  • Joined

  • Last visited

Reputation

0 Neutral
  1. i just bought stuff online with my credit card 2 days ago and then i scanned with malwarebyte's yesterday and it said: Malwarebytes' Anti-Malware 1.34 Database version: 1815 Windows 5.1.2600 Service Pack 3 3/3/2009 6:00:56 PM mbam-log-2009-03-03 (18-00-56).txt Scan type: Quick Scan Objects scanned: 88093 Time elapsed: 12 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 9 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\experttool.pornpro_bho (Adware.ExpertTools) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\experttool.pornpro_bho.1 (Adware.ExpertTools) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{bc4083be-0c0e-0630-51af-ba4b71510187} (Adware.ExpertTools) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{20c32a98-b6df-9ec4-0488-888df554dcda} (Adware.ExpertTools) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3779ec48-b442-fefc-a361-e01756c92367} (Adware.ExpertTools) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b82458d3-71d6-8a23-419d-9ab15a784798} (Adware.ExpertTools) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{28632648-e265-3f09-804b-b7e5d0d84267} (Adware.ExpertTools) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{638cc12c-4d5a-2f23-18bd-0dacc1d5aac6} (Adware.ExpertTools) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\experttool (Adware.ExpertTools) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\ExpertTool (Adware.ExpertTools) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Habte Mesfin\Local Settings\Temp\tem39.tmp.exe (Adware.ExpertTools) -> Quarantined and deleted successfully. C:\Program Files\ExpertTool\ExpertTool-1.dll (Adware.ExpertTools) -> Quarantined and deleted successfully. C:\Program Files\ExpertTool\pcre3.dll (Adware.ExpertTools) -> Quarantined and deleted successfully. C:\Program Files\ExpertTool\uninstall.exe (Adware.ExpertTools) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\UNWISE.EXE (Worm.Archive) -> Quarantined and deleted successfully. should i be worried that they stole my credit card info??
  2. the extras scan: OTListIt Extras logfile created on: 10/29/2008 3:25:34 PM - Run OTListIt by OldTimer - Version 1.0.11.1 Folder = C:\Documents and Settings\Jonathan\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.17% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 4092 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.74 Gb Total Space | 66.77 Gb Free Space | 59.75% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HMESFIN-PC3 Current User Name: Jonathan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] File not found -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2007/05/07 20:28:58 | 00,589,824 | ---- | M] (TightVNC Group) -- C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server [2008/04/13 18:12:20 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program [1999/04/16 21:40:50 | 00,828,416 | ---- | M] (jan debis) -- C:\Program Files\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP File not found -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger File not found -- C:\Documents and Settings\Habte Mesfin\Local Settings\Temp\OraInstall2006-10-23_01-16-54PM\jre\1.4.2\bin\javaw.exe:*:Disabled:javaw File not found -- C:\oracle\product\10.2.0\10g\jdk\jre\bin\java.exe:*:Disabled:java [2006/05/13 08:55:19 | 00,049,250 | ---- | M] (Sun Microsystems, Inc.) -- C:\jdev\jdevstudio1013\jdk\bin\javaw.exe:*:Disabled:Java 2 Platform Standard Edition binary File not found -- C:\oracle\product\10.2.0\jdk\jre\bin\java.exe:*:Disabled:java [2006/05/13 08:55:19 | 00,049,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\jdev\jdevstudio1013\jdk\bin\java.exe:*:Disabled:Java 2 Platform Standard Edition binary [2006/01/24 11:13:58 | 00,099,840 | R--- | M] () -- C:\jdev\jdevstudio1013\jdev\bin\jdev.exe:*:Enabled:jdev [2008/08/22 23:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer [2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire [2006/11/03 01:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader [2008/02/04 15:18:34 | 19,926,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes [2008/08/06 09:21:06 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2008/08/12 18:19:02 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}" = iTunes "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A99BB6A-0A01-4214-BD32-D54BD3FD79E4}_is1" = HTTP Analyzer V2.0.2 "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource "{5A633ED0-E5D7-4D65-AB8D-53ED43510284}" = Symantec AntiVirus "{5C0054EB-24A5-46A8-80E3-62AAA930DEFA}" = Sound Blaster Live! 24-Bit External "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype
  3. this is the first OT list scan OTListIt logfile created on: 10/29/2008 3:25:34 PM - Run OTListIt by OldTimer - Version 1.0.11.1 Folder = C:\Documents and Settings\Jonathan\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.17% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 4092 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.74 Gb Total Space | 66.77 Gb Free Space | 59.75% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HMESFIN-PC3 Current User Name: Jonathan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== Processes ========== [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2008/02/22 10:33:00 | 00,104,960 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008/01/15 03:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe [1999/12/12 19:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE [2005/01/07 14:15:58 | 01,409,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe [2008/02/05 18:18:48 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008/02/05 18:20:42 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2008/01/29 14:47:42 | 00,965,120 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe [2006/04/21 13:14:00 | 00,450,560 | ---- | M] (Oracle) -- C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe [2005/04/17 12:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe [2004/04/21 04:48:42 | 00,931,080 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008/02/05 18:18:48 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2004/04/21 04:40:34 | 00,439,560 | ---- | M] (Zone Labs Inc.) -- C:\Program Files\Zone Labs\Integrity Client\iclient.exe [2003/09/17 10:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe [2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe [2005/04/08 15:52:30 | 00,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005/04/17 12:30:48 | 00,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe [2008/02/04 15:18:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008/02/22 10:33:00 | 00,072,192 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008/02/13 13:02:46 | 00,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008/02/13 13:06:58 | 02,196,240 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe [2003/11/06 19:32:30 | 00,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe [2008/02/04 15:18:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe [2008/02/13 13:02:24 | 00,405,776 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe [2008/10/29 15:23:58 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTListIt.exe ========== (O23) Win32 Services ========== [2008/02/22 10:33:00 | 00,104,960 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon [Auto | Running]) [2008/01/15 03:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) [2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) [2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running]) [2005/04/08 15:54:50 | 00,083,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped]) [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running]) [1999/12/12 19:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running]) [2005/01/07 14:15:58 | 01,409,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running]) [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running]) [2007/09/16 17:19:02 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) [2008/02/04 15:18:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running]) [2008/02/05 18:18:48 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running]) [2008/02/05 18:20:42 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running]) [2008/02/05 18:22:36 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped]) [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running]) [2008/01/29 14:47:42 | 00,965,120 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe -- (MyDesktopWindows [Auto | Running]) File not found -- -- (OracleDBConsoleinfra [Disabled | Stopped]) [2005/08/16 12:21:06 | 00,024,064 | ---- | M] (Oracle Corporation) -- C:\oracle\product\10g\BIN\nmesrvc.exe -- (OracleDBConsoleorcl [On_Demand | Stopped]) File not found -- -- (OracleDBConsoletest [Disabled | Stopped]) [2005/08/29 19:32:22 | 00,102,400 | ---- | M] () -- c:\oracle\product\10g\BIN\extjob.exe -- (OracleJobSchedulerORCL [On_Demand | Stopped]) [2005/08/16 01:23:02 | 00,053,248 | ---- | M] (Oracle) -- C:\oracle\product\10g\BIN\isqlplussvc.exe -- (OracleOraDb10g_home1iSQL*Plus [On_Demand | Stopped]) [2005/08/15 23:57:48 | 00,204,800 | ---- | M] () -- C:\oracle\product\10g\BIN\TNSLSNR.EXE -- (OracleOraDb10g_home1TNSListener [On_Demand | Stopped]) File not found -- -- (OracleOraDb10g_home2iSQL*Plus [Disabled | Stopped]) File not found -- -- (OracleOraDb10g_home2TNSListener [Disabled | Stopped]) [2005/08/29 22:03:50 | 59,027,456 | ---- | M] (Oracle Corporation) -- c:\oracle\product\10g\BIN\oracle.exe -- (OracleServiceORCL [On_Demand | Stopped]) [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2006/04/21 13:14:00 | 00,450,560 | ---- | M] (Oracle) -- C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe -- (QOSMyDesktop [Auto | Running]) [2005/04/17 12:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running]) [2005/03/30 21:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped]) [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running]) [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running]) [2004/04/21 04:48:42 | 00,931,080 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running]) ========== Driver Services ========== [2004/09/02 21:01:16 | 00,396,480 | ---- | M] (D-Link Corporation) -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB [On_Demand | Running]) [2003/05/05 19:25:48 | 00,028,205 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.sys -- (ANIO [Auto | Running]) [2004/04/25 21:23:41 | 00,130,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running]) [2003/05/01 13:26:34 | 00,005,220 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA [On_Demand | Stopped]) [2005/01/07 14:14:30 | 00,297,035 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running]) [2003/08/15 02:55:08 | 00,011,237 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp [On_Demand | Running]) [2003/07/24 18:55:50 | 00,139,604 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE [On_Demand | Running]) [2005/08/15 19:14:46 | 00,010,910 | ---- | M] (Oracle Corp.) -- C:\WINDOWS\system32\drivers\dsload.sys -- (dsload [unknown | Stopped]) [2008/09/17 02:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running]) [2008/02/05 20:21:48 | 00,023,832 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService [On_Demand | Stopped]) [2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) [2003/09/17 15:57:22 | 00,008,440 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt [Auto | Running]) [2008/02/05 18:18:12 | 00,689,176 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap [On_Demand | Stopped]) [2008/02/05 18:20:08 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running]) [2008/02/05 20:20:40 | 00,628,760 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS [On_Demand | Running]) [2008/02/05 20:21:25 | 00,041,752 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running]) [2008/02/05 20:21:37 | 04,658,456 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC [On_Demand | Running]) [2008/09/17 02:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081028.004\NAVENG.SYS -- (NAVENG [On_Demand | Running]) [2008/09/17 02:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081028.004\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running]) [2004/04/25 21:23:40 | 00,178,736 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running]) [2004/06/03 12:10:00 | 00,071,596 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT [Auto | Running]) [2003/03/31 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2003/10/13 13:29:58 | 00,067,456 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\GA311ND5.SYS -- (RTL8023 [On_Demand | Stopped]) [2004/08/03 23:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Stopped]) [2005/02/04 20:14:30 | 00,324,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [system | Running]) [2005/02/04 20:14:32 | 00,053,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [system | Running]) [2004/07/27 03:31:34 | 01,643,648 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sbusb.sys -- (sbusb [On_Demand | Running]) [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2005/03/30 21:48:20 | 00,372,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped]) [2005/04/01 20:36:04 | 00,123,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running]) [2008/01/15 03:39:58 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped]) [2008/04/13 12:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running]) [2001/05/07 04:56:02 | 00,019,805 | R--- | M] (Thesycon GmbH, Germany) -- C:\WINDOWS\system32\drivers\usbio.sys -- (USBIO [On_Demand | Stopped]) [2008/04/13 12:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Stopped]) [2004/04/21 04:48:30 | 00,198,992 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [Auto | Running]) [2004/05/07 13:47:10 | 00,079,616 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GV4SRV [On_Demand | Stopped]) ========== Internet Explorer ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-21-1078081533-412668190-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKU\S-1-5-21-1078081533-412668190-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm HKU\S-1-5-21-1078081533-412668190-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 HKU\S-1-5-21-1078081533-412668190-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) HKU\S-1-5-21-1078081533-412668190-682003330-1006\S-1-5-21-1078081533-412668190-682003330-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: (265567 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 192.168.1.101 hmesfin-pc3.us.oracle.com hmesfin-pc3 O1 - Hosts: 138.1.148.133 hmesfinsun.us.oracle.com hmesfinsun O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 9199 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.) O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.) O3 - HKU\.DEFAULT\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.) O3 - HKU\S-1-5-18\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.) O3 - HKU\S-1-5-21-1078081533-412668190-682003330-1006\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r (Creative Technology Ltd) O4 - HKLM..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe (D-Link) O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.) O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" () O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide () O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.) O4 - HKLM..\Run: [sbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor (Creative Technology Ltd) O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) O4 - HKLM..\Run: [TweakAutomaticUpdates] C:\WINDOWS\orclobi\suspatch.exe /S /CHECK () O4 - HKLM..\Run: [updReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation) O4 - HKLM..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe" (Zone Labs Inc.) O4 - HKCU..\Run: [Aim6] File not found O4 - HKCU..\Run: [NetscapeConfig] C:\WINDOWS\orclobi\config\DTC121~1.EXE /NEWUSER File not found O4 - HKU\S-1-5-21-1078081533-412668190-682003330-1006..\Run: [Aim6] File not found O4 - HKU\S-1-5-21-1078081533-412668190-682003330-1006..\Run: [NetscapeConfig] C:\WINDOWS\orclobi\config\DTC121~1.EXE /NEWUSER File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe () O4 - Startup: C:\Documents and Settings\Habte Mesfin\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (Leader Technologies/Logitech) O4 - Startup: C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1078081533-412668190-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1078081533-412668190-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: IE HTTPAnalyzer V2 - {85F4A88D-5FA7-40BB-8BD3-AF7E24C0BF4A} - C:\Program Files\IEInspector\HTTPAnalyzerFullV2\IEHTTPAnalyzerV2.dll (IEInspector Software) O9 - Extra 'Tools' menuitem : IE HTTPAnalyzer V2 - {85F4A88D-5FA7-40BB-8BD3-AF7E24C0BF4A} - File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Sites: 46 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Sites: 45 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\.DEFAULT\..Trusted Sites: 45 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-18\..Trusted Sites: 45 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-1078081533-412668190-682003330-1006\..Trusted Sites: 45 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.real.com/26291336b09b14...ip/RdxIE601.cab (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} http://hmesfinsun.us.oracle.com:8001/jinitiator/oajinit.exe (Oracle JInitiator 1.1.8.16) O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} http://bde-linux3.us.oracle.com:8000/jinitiator/oajinit.exe (JInitiator 1.3.1.18) O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} http://fusion12.us.oracle.com:8000/jinitiator/oajinit.exe (JInitiator 1.3.1.21) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler: - ipp - No CLSID value found O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp - No CLSID value found O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - ms-itss - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler: - skype4com - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - See sections below for AppInitDlls and Winlogon settings ========== Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) ========== Safeboot Options ========== "AlternateShell" = cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2005/05/22 18:49:48 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== Files/Folders - Created Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [5 C:\WINDOWS\*.tmp files] [2008/10/29 15:23:57 | 00,418,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTListIt.exe [2008/10/26 07:30:29 | 00,000,000 | ---D | C] -- C:\442c3f6aa300f5ec7b6a6d6ea6 [2008/10/23 17:55:06 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2008/10/18 19:20:35 | 00,000,837 | ---- | C] () -- C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2008/10/16 13:40:18 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2008/10/16 13:39:50 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys [2008/10/16 13:39:48 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2008/10/16 13:39:47 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2008/10/16 13:39:47 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2008/10/16 13:39:46 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2008/10/03 17:48:51 | 00,014,472 | ---- | C] () -- C:\Documents and Settings\Jonathan\My Documents\Thomas Tall Tale0001.mdi [2008/10/03 17:47:27 | 00,012,974 | ---- | C] () -- C:\Documents and Settings\Jonathan\My Documents\Thomas Tall Tale.mdi [2008/10/01 16:37:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2008/10/01 16:29:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting [2008/10/01 16:29:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en [2008/10/01 16:29:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2008/10/01 16:25:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2008/10/01 16:14:41 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll [2008/10/01 16:14:35 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll [2008/10/01 16:14:35 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll [2008/10/01 16:14:32 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll [2008/10/01 16:14:30 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll [2008/10/01 16:14:30 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll [2008/10/01 16:14:30 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll [2008/10/01 16:14:29 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll [2008/10/01 16:14:29 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll [2008/10/01 16:14:29 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll [2008/10/01 16:14:29 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll [2008/10/01 16:14:29 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll [2008/10/01 16:14:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll [2008/10/01 16:14:29 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll [2008/10/01 16:14:28 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll [2008/10/01 16:14:28 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll [2008/10/01 16:14:28 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll [2008/10/01 16:14:28 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll [2008/10/01 16:14:28 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll [2008/10/01 16:14:28 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll [2008/10/01 16:14:28 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll [2008/10/01 16:14:28 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll [2008/10/01 16:14:20 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll [2008/10/01 16:14:20 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf [2008/10/01 16:14:19 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll [2008/10/01 16:14:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll [2008/10/01 16:14:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll [2008/10/01 16:14:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll [2008/10/01 16:14:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll [2008/10/01 16:14:14 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll [2008/10/01 16:14:14 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll [2008/10/01 16:14:08 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll [2008/10/01 16:14:08 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll [2008/10/01 16:14:08 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll [2008/10/01 16:14:08 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe [2008/10/01 16:14:00 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll [2008/10/01 16:14:00 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll [2008/10/01 16:13:58 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll [2008/10/01 16:13:58 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll [2008/10/01 16:13:58 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll [2008/10/01 16:13:58 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll [2008/10/01 16:13:57 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll [2008/10/01 16:13:57 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe [2008/10/01 16:13:57 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll [2008/10/01 16:13:51 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll [2008/10/01 16:13:48 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll [2008/10/01 16:13:46 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll [2008/10/01 16:13:46 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll [2008/10/01 16:13:46 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll [2008/10/01 16:13:45 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll [2008/10/01 16:13:44 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll [2008/10/01 16:13:42 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll [2008/10/01 16:13:39 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe [2008/10/01 16:13:39 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys [2008/10/01 16:13:34 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll [2008/10/01 16:13:34 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll [2008/10/01 16:13:30 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll [2008/10/01 16:13:30 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll [2008/10/01 16:13:29 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll [2008/10/01 15:51:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2008/10/01 15:50:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2 [2008/10/01 15:05:46 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2008/09/30 16:05:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Jonathan\My Documents\My Videos [2008/09/30 16:04:59 | 00,025,056 | R--- | C] () -- C:\WINDOWS\System32\Repository.reg [2008/09/30 16:04:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2008/09/30 16:04:47 | 00,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008/09/30 16:04:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\logiflt.iad [2008/09/30 16:04:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Application Data\Leadertech [2008/09/30 16:02:39 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll [2008/09/30 16:02:38 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax [2008/09/30 16:01:18 | 00,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk [2008/09/30 16:01:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd [2008/09/30 16:01:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2008/09/30 16:01:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech [2008/09/30 16:01:03 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [5 C:\WINDOWS\*.tmp files] [2008/10/29 15:23:58 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTListIt.exe [2008/10/29 15:04:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2008/10/29 15:04:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2008/10/29 15:04:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2008/10/29 15:03:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad [2008/10/28 16:08:15 | 05,865,064 | -H-- | M] () -- C:\Documents and Settings\Jonathan\Local Settings\Application Data\IconCache.db [2008/10/28 13:30:15 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2008/10/28 13:29:31 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2008/10/28 13:25:27 | 00,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk [2008/10/27 16:39:01 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2008/10/27 15:50:42 | 00,013,696 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008/10/18 19:20:36 | 00,000,837 | ---- | M] () -- C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2008/10/16 18:26:13 | 00,244,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/10/16 16:57:38 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2008/10/15 10:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll [2008/10/15 10:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2008/10/13 19:12:22 | 00,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2008/10/13 19:12:22 | 00,314,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2008/10/13 19:12:22 | 00,041,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2008/10/07 13:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2008/10/03 17:48:51 | 00,014,472 | ---- | M] () -- C:\Documents and Settings\Jonathan\My Documents\Thomas Tall Tale0001.mdi [2008/10/03 17:47:27 | 00,012,974 | ---- | M] () -- C:\Documents and Settings\Jonathan\My Documents\Thomas Tall Tale.mdi [2008/10/03 11:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll [2008/10/03 11:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2008/10/01 16:24:44 | 00,250,048 | RHS- | M] () -- C:\ntldr [2008/09/30 16:04:39 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2008/09/30 16:04:39 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm < End of report >
  4. one more thing i think i found something thats not supposed to be on my computer: TweakAutomaticUpdates = C:\WINDOWS\orclobi\suspatch.exe /S /CHECK this might be why my automatic updates are not working suddenly but im not sure, im not the expert, just pointing it out
  5. the Hijack this stuff you requested: Uninstall List: Action Replay Code Manager Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Shockwave Player AIM 6 AIMTunes AirPlus XtremeG ANIO Service ANIWZCS2 Service AOL Search Apple Mobile Device Support Apple Software Update ArcSoft MediaConverter 2.5 Bonjour Cisco VPN Client 4.6 Creative MediaSource Creative System Information ExpertTool Free YouTube to iPod Converter version 2.9 Free YouTube to Mp3 Converter version 3.1 Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer GS GeezMahtem Unicode HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB952287) HTTP Analyzer V2.0.2 Integrity Client iTunes Jabber MomentIM Java 6 Update 4 Java 6 Update 5 Java 6 Update 7 LeechFTP LiveUpdate 2.6 (Symantec Corporation) Logitech QuickCam Logitech QuickCam Driver Package Malwarebytes' Anti-Malware Microsoft Baseline Security Analyzer 1.2.1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.0.3) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 Parser and SDK NETGEAR GA311 Smart Wizard Utility Options Investigator 1.0 Oracle JInitiator 1.1.8.16 Oracle JInitiator 1.3.1.18 Oracle JInitiator 1.3.1.21 Oracle Messenger Oracle Web Conferencing Console Position Simulator QuickTime RealPlayer Rhapsody Player Engine Roll SA52xx Device Manager Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB958644) Skype
  6. oh, ok my bad, i thought my MBAM was messed up or something,
  7. MBAM, and i didn't do anything it to it, just copied and pasted it Malwarebytes' Anti-Malware 1.30 Database version: 1333 Windows 5.1.2600 Service Pack 3 10/28/2008 4:05:42 PM mbam-log-2008-10-28 (16-05-42).txt Scan type: Quick Scan Objects scanned: 62526 Time elapsed: 14 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ill do the hijack this later tonight, sry for the inconvenience
  8. i didn't tamper with the log, well at least i didn't mean to but i will try and do the MBAM now but the hijack this may have to wait till later tonight
  9. ok, i posted my topic in the hijack this logs forum and i will be downloading the said file when i can but it will be hard for me because my dad works off this computer and if i cannot use the computer at all during the scan it will be hard for me to find a time that he doesn't work do you know how long this scan will take? if its long it will take me some time to find a time to do it when my dad isn't on this computer
  10. so my computer is slow all of a sudden and i havent even downloaded anything new yet, anyways i guess the first step is to see if im still infected, the wierd thing is i scanned yesterday with MBAM and nothing came up and i just scanned now and 7 things came up, scanned with Spybot, no errors there MBAM: Scan type: Quick Scan Objects scanned: 62105 Time elapsed: 15 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 7 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\drflex.band (Adware.DrFlex) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\drflex.band.1 (Adware.DrFlex) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\drflex.bho (Adware.DrFlex) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\drflex.bho.1 (Adware.DrFlex) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{180175c0-913e-451c-9419-2d5500368d43} (Adware.DrFlex) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8eeb2711-9d21-4f9c-99a1-b7fc5a8ca56a} (Adware.DrFlex) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{180175c0-913e-451c-9419-2d5500368d43} (Adware.DrFlex) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:14:19 PM, on 10/27/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\Integrity Client\iclient.exe C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR GA311 Adapter\GA311.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O1 - Hosts: 138.1.148.133 hmesfinsun.us.oracle.com hmesfinsun O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [sbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [TweakAutomaticUpdates] C:\WINDOWS\orclobi\suspatch.exe /S /CHECK O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKCU\..\Run: [NetscapeConfig] C:\WINDOWS\orclobi\config\DTC121~1.EXE /NEWUSER O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user') O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: IE HTTPAnalyzer V2 - {85F4A88D-5FA7-40BB-8BD3-AF7E24C0BF4A} - C:\PROGRA~1\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL O9 - Extra 'Tools' menuitem: IE HTTPAnalyzer V2 - {85F4A88D-5FA7-40BB-8BD3-AF7E24C0BF4A} - C:\PROGRA~1\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26291336b09b14...ip/RdxIE601.cab O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://hmesfinsun.us.oracle.com:8001/jinitiator/oajinit.exe O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - http://bde-linux3.us.oracle.com:8000/jinitiator/oajinit.exe O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - http://fusion12.us.oracle.com:8000/jinitiator/oajinit.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe O23 - Service: OracleDBConsoleorcl - Oracle Corporation - C:\oracle\product\10g\bin\nmesrvc.exe O23 - Service: OracleJobSchedulerORCL - Unknown owner - c:\oracle\product\10g\Bin\extjob.exe O23 - Service: OracleOraDb10g_home1iSQL*Plus - Oracle - C:\oracle\product\10g\bin\isqlplussvc.exe O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - C:\oracle\product\10g\BIN\TNSLSNR.exe O23 - Service: OracleServiceORCL - Oracle Corporation - c:\oracle\product\10g\bin\ORACLE.EXE O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10685 bytes couldn't do panda cause whenever i try it just sits at 33% anyways im really just trying to get my computer to start and run faster, thanks in advance
  11. and by slow i mean when i double click on a program it takes another minutes of two for it to actually open, this happens with all my programs, firefox, malwarebytes, itunes, virtual dj, everything
  12. So i had antivirus XP, then i had Smart Antivirus 2009, and with the help of this site i got rid of it but now for some reason my computer starts really slow but after it starts full, like a good 10 minutes, the computer is up to its usaual speed. So anyways any tips? BTW I already disabled all my programs "start on sign in" features to see if that would help but it isn't
  13. ok, thanks for the link, i will update my network device driver
  14. yea, i will look at that link in a bit but the only problem that i notice is it takes i little bit to start the computer and to open the programs, but after i open the first program, every other program opens faster
  15. also, can i delete that code that i pasted into word and saved on the C drive?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.