Jump to content

ASF1nk

Honorary Members
 View Profile  See their activity

  • Posts

    49

  • Joined

  • Last visited

Reputation

0 Neutral
  1. ASF1nk
    Wow! Thanks a lot Tigger93. B) Thank you for your time, help, and patience. hell yea my computer is clean, lol.
  2. ASF1nk
    Ok i stoped it. So everything we did was to clean my computer out of viruses?
  3. ASF1nk
    Task manager works again, thanks alot. =) Also do u know how to stop "AppleMobileDeviceService.exe" from startup? I know is nothing bad, but I can't terminate the process because it coming back and using my RAM and i dont have alot.
  4. ASF1nk
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:20:52 AM, on 1/6/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - S-1-5-18 Startup: AutoPlay.exe (User 'SYSTEM') O4 - .DEFAULT Startup: AutoPlay.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://www.pandasecurity.com O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175931880888 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175974085015 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 5636 bytes
  5. ASF1nk
    I have a question. Do you know what the nview process is under "Running processes?" Because it appeared when I had the virus, and it wasn't there before, and it isn't gone yet.
  6. ASF1nk
    OK thx this is the hjt log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:37:53 PM, on 1/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Owner\nview.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\internet explorer\iexplore.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [NVIDIA nView] C:\Documents and Settings\Owner\nview.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - S-1-5-18 Startup: AutoPlay.exe (User 'SYSTEM') O4 - .DEFAULT Startup: AutoPlay.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://www.pandasecurity.com O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175931880888 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175974085015 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 5754 bytes
  7. ASF1nk
    Nope, doesn't work after I got rid of Spyware guard 2008.
  8. ASF1nk
    wait we weren't fixing the task manager?
  9. ASF1nk
    Also a full Scan. Malwarebytes' Anti-Malware 1.31 Database version: 1528 Windows 5.1.2600 Service Pack 3 1/3/2009 9:55:37 AM mbam-log-2009-01-03 (09-55-37).txt Scan type: Full Scan (C:\|) Objects scanned: 147742 Time elapsed: 2 hour(s), 16 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  10. ASF1nk
    Well i did a quick scan Malwarebytes' Anti-Malware 1.31 Database version: 1528 Windows 5.1.2600 Service Pack 3 1/3/2009 2:57:33 AM mbam-log-2009-01-03 (02-57-33).txt Scan type: Quick Scan Objects scanned: 56991 Time elapsed: 9 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  11. ASF1nk
    ========== FILES ========== File/Folder C:\windows\system32\drivers\TDSS*.* not found. File/Folder C:\windows\system32\TDSS*.* not found. C:\p2hhr.bat moved successfully. C:\WINDOWS\tasks\eozlijwa.job moved successfully. C:\1952709024 moved successfully. C:\WINDOWS\System32\cap2 moved successfully. C:\WINDOWS\System32\ain moved successfully. C:\WINDOWS\System32\whSLD02 moved successfully. C:\Documents and Settings\Owner\Local Settings\Application Data\{7326CE9D-C0D2-433A-8A57-B7934EA13EC8} moved successfully. ========== SERVICES/DRIVERS ========== Service Potcedewgrf stopped successfully. Service Potcedewgrf deleted successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF8DDF.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF97C9.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF97E2.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01022009_012051 Files moved on Reboot... C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF8DDF.tmp moved successfully. File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF97C9.tmp not found! File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF97E2.tmp not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
  12. ASF1nk
    Extras OTListIt Extras logfile created on: 12/31/2008 4:31:50 PM - Run OTListIt2 by OldTimer - Version 1.0.1.1 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 255.53 Mb Total Physical Memory | 119.95 Mb Available Physical Memory | 46.94% Memory free 616.68 Mb Paging File | 492.09 Mb Available in Paging File | 79.80% Paging File free Paging file location(s): C:\pagefile.sys 384 768; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 32.85 Gb Total Space | 4.56 Gb Free Space | 13.89% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 216.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-318RUQZ03Z Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Output = Standard File Age = 30 Days Company Name Whitelist: On ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .reg [@ = regfile] -- C:\WINDOWS\regedit.exe () ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2001/08/29 06:20:37 | 00,016,384 | ---- | M] () -- C:\Program Files\hp center\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903 [2008/12/17 21:47:58 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox [2007/04/03 18:34:02 | 00,029,926 | R--- | M] () -- C:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe:*:Enabled:Windows Live Messenger [2008/11/13 05:34:18 | 00,114,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player [2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger [2008/02/20 08:33:48 | 00,963,072 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2007/07/08 03:03:26 | 00,244,736 | ---- | M] () -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:
  13. ASF1nk
    OTListIt OTListIt logfile created on: 12/31/2008 4:31:50 PM - Run OTListIt2 by OldTimer - Version 1.0.1.1 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 255.53 Mb Total Physical Memory | 119.95 Mb Available Physical Memory | 46.94% Memory free 616.68 Mb Paging File | 492.09 Mb Available in Paging File | 79.80% Paging File free Paging file location(s): C:\pagefile.sys 384 768; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 32.85 Gb Total Space | 4.56 Gb Free Space | 13.89% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 216.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-318RUQZ03Z Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Output = Standard File Age = 30 Days Company Name Whitelist: On ========== Processes (SafeList) ========== [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe [2001/08/16 19:15:00 | 00,057,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe [2008/12/21 20:29:05 | 03,080,704 | -HS- | M] () -- C:\Documents and Settings\Owner\nview.exe [2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\rundll32.exe [2008/12/31 16:30:12 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe ========== (O23) Win32 Services (SafeList) ========== [2003/04/16 22:14:00 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped]) [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) [2007/03/19 19:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped]) [2007/04/13 02:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) [2007/04/13 02:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2008/10/06 09:18:06 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped]) [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped]) File not found -- -- (NMIndexingService [On_Demand | Stopped]) [2001/08/16 19:15:00 | 00,057,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc [Auto | Running]) [2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2003/10/22 09:19:22 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped]) File not found -- -- (Potcedewgrf [Disabled | Stopped]) [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services (SafeList) ========== [2001/08/17 13:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Running]) [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\amdagp.sys -- (amdagp [boot | Running]) [2008/04/13 12:39:46 | 00,206,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\dot4.sys -- (Dot4 [On_Demand | Stopped]) [2001/08/17 12:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped]) [2003/07/21 03:01:04 | 00,016,800 | R--- | M] (HP) -- C:\WINDOWS\SYSTEM32\drivers\Hppaufd0.sys -- (dot4ufd [On_Demand | Stopped]) [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\drivers\e100b325.sys -- (E100B [On_Demand | Running]) [2008/04/13 12:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys -- (gameenum [On_Demand | Running]) [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) [2001/08/08 07:13:36 | 00,158,140 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\i81xnt5.sys -- (i81x [On_Demand | Stopped]) [2001/08/08 07:13:30 | 00,012,479 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped]) [2001/08/08 07:13:30 | 00,012,031 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped]) [2001/08/08 07:13:30 | 00,011,679 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped]) [2001/08/08 07:13:28 | 00,011,999 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped]) [2001/08/08 07:13:28 | 00,019,359 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped]) [2001/08/08 07:13:24 | 00,029,215 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped]) [2001/08/08 07:13:24 | 00,019,199 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped]) [2001/08/08 07:13:26 | 00,033,503 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped]) [2001/08/08 07:13:24 | 00,023,519 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped]) [2001/08/17 13:05:44 | 00,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\Icam3.sys -- (ICAM3NT5 [On_Demand | Stopped]) [2003/03/31 13:29:00 | 00,625,537 | ---- | M] (LT) -- C:\WINDOWS\SYSTEM32\drivers\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running]) [2007/11/02 13:36:10 | 00,018,176 | ---- | M] (Motorola) -- C:\WINDOWS\SYSTEM32\drivers\motccgp.sys -- (motccgp [On_Demand | Stopped]) [2007/01/23 18:03:44 | 00,007,680 | ---- | M] (Motorola) -- C:\WINDOWS\SYSTEM32\drivers\motccgpfl.sys -- (motccgpfl [On_Demand | Stopped]) [2007/06/18 13:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\SYSTEM32\drivers\motmodem.sys -- (motmodem [On_Demand | Stopped]) [2007/06/18 13:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\SYSTEM32\drivers\motport.sys -- (motport [On_Demand | Stopped]) [2001/08/17 15:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running]) [2004/02/09 11:06:22 | 00,015,360 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\SYSTEM32\drivers\NetMotCM.sys -- (ndiscm [On_Demand | Stopped]) [2001/08/16 19:15:00 | 00,818,873 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys -- (nv4 [On_Demand | Running]) [2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\SYSTEM32\drivers\pavboot.sys -- (pavboot [boot | Running]) [2001/06/04 08:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\SYSTEM32\drivers\PS2.sys -- (Ps2 [On_Demand | Running]) [2001/08/17 14:49:58 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2007/07/26 17:06:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running]) [2001/08/17 14:57:38 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running]) [2004/08/03 23:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\SYSTEM32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Stopped]) [2001/08/07 11:07:20 | 00,109,664 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\s3gNBm.sys -- (S3SavageNB [On_Demand | Stopped]) [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped]) [2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/ HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,srch-us3 Page = http://srch-us3.hpwis.com/ HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = file://C:/HP/REGION/start.html HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = file://C:/HP/REGION/start.html HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Internet Explorer\Main,srch-us3 Page = http://srch-us3.hpwis.com/ HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ HKU\S-1-5-21-670770235-2681017343-4103935507-1003\S-1-5-21-670770235-2681017343-4103935507-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-21-670770235-2681017343-4103935507-1003\S-1-5-21-670770235-2681017343-4103935507-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O4 - HKLM..\Run: [Computer Alarm Clock] File not found O4 - HKLM..\Run: [NVIDIA nView] C:\Documents and Settings\Owner\nview.exe () O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe () O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe () O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [2001/01/30 14:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.) O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Sites: www.pandasecurity.com (http in Trusted sites) O15 - HKCU\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\..Trusted Sites: www.pandasecurity.com (http in Trusted sites) O15 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecurity.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1175931880888 (WUWebControl Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1175974085015 (MUWebControl Class) O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} http://launch.gamespyarcade.com/software/launch/alaunch.cab (GSDACtl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab (Java Plug-in 1.6.0_01) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key does not exist or could not be opened.) O18 - Protocol\Handler: - ipp - No CLSID value found O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp - No CLSID value found O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - See sections below for AppInitDlls and Winlogon settings ========== Safeboot Options ========== "AlternateShell" = cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2001/08/29 03:48:04 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{111203cb-5797-11dc-86f9-00e01834e7b5}\Shell\Auto\command] "" = G:\Start.exe -- File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{111203cb-5797-11dc-86f9-00e01834e7b5}\Shell\AutoRun] "" = Auto&Play ========== Files/Folders - Created Within 30 Days ========== [4 C:\WINDOWS\System32\*.tmp files] [6 C:\WINDOWS\*.tmp files] [2008/12/31 16:30:11 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe [2008/12/31 11:31:03 | 00,000,000 | ---D | C] -- C:\_OTMoveIt [2008/12/31 11:29:39 | 01,033,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe [2008/12/26 11:05:21 | 00,001,299 | ---- | C] () -- C:\avexport.bat [2008/12/26 11:02:26 | 00,731,136 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avenger.exe [2008/12/26 04:52:14 | 00,000,000 | ---D | C] -- C:\Lop SD [2008/12/26 04:51:37 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LopSD.exe [2008/12/24 19:07:46 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2008/12/23 22:55:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2008/12/23 22:33:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\taskkill.exe [2008/12/23 21:46:58 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2008/12/23 21:46:58 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2008/12/23 21:46:58 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2008/12/23 21:46:58 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2008/12/23 21:46:58 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe [2008/12/23 21:46:58 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2008/12/23 21:46:58 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2008/12/23 21:46:58 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe [2008/12/23 21:46:58 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2008/12/23 21:46:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2008/12/23 21:46:51 | 00,000,000 | ---D | C] -- C:\Qoobox [2008/12/23 21:46:30 | 02,885,786 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe [2008/12/23 21:25:06 | 00,000,068 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fix.bat [2008/12/22 20:24:16 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk [2008/12/22 20:23:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2008/12/22 20:23:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2008/12/22 20:19:42 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk [2008/12/22 20:19:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2008/12/22 07:27:47 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2008/12/22 07:27:30 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security [2008/12/22 07:01:39 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits [2008/12/22 07:00:09 | 00,379,392 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\subinacl.msi [2008/12/22 06:57:36 | 00,185,065 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FixPolicies.exe [2008/12/22 06:55:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\FixPolicies [2008/12/22 06:35:57 | 00,335,992 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dial-a-fix-v0.60.0.24.zip [2008/12/22 06:33:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Dial-a-fix-v0.60.0.24 [2008/12/22 05:24:52 | 00,000,453 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\allowtsk.reg [2008/12/22 04:31:29 | 00,000,000 | ---D | C] -- C:\Avenger [2008/12/22 03:39:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes [2008/12/22 00:52:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2008/12/21 23:31:15 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2008/12/21 23:31:09 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008/12/21 23:30:51 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/12/21 23:30:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2008/12/21 23:30:44 | 00,000,000 | ---D | C] -- C:\Program Files\MSCANNER [2008/12/21 23:28:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\copy me to desktop [2008/12/21 23:09:35 | 26,801,3568 | -HS- | C] () -- C:\hiberfil.sys [2008/12/21 21:46:31 | 02,539,400 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe [2008/12/21 20:29:59 | 00,000,046 | ---- | C] () -- C:\p2hhr.bat [2008/12/21 20:29:08 | 00,000,002 | ---- | C] () -- C:\1952709024 [2008/12/21 20:28:49 | 00,000,310 | ---- | C] () -- C:\WINDOWS\tasks\eozlijwa.job [2008/12/21 20:28:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\cap2 [2008/12/21 20:28:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ain [2008/12/21 20:28:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\whSLD02 [2008/12/15 05:59:59 | 00,051,200 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\SOAPS5.doc [2008/12/15 04:46:32 | 17,861,030 | ---- | C] (XeroBank) -- C:\Documents and Settings\Owner\Desktop\XeroBank_Installer.exe [2008/12/09 20:09:01 | 07,299,698 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Xmas_tresures.eps [2008/12/09 19:32:47 | 00,059,830 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\polar bear card.jpg [2008/12/08 19:29:18 | 01,234,441 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\anais y mario.jpg [2008/12/08 03:10:32 | 01,454,434 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\snowflakes_brushes_by_hawksmont.abr [2008/12/08 02:58:02 | 04,207,394 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ChristmasPresent.eps [2008/12/06 14:52:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Protothea.wad [2008/12/05 00:45:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Copy of Copy of RUUE [2008/12/04 18:10:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Copy of RUUE [2008/12/04 18:09:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RUUE [2008/12/04 17:45:14 | 00,450,560 | ---- | C] (Game-Hackers.com) -- C:\Documents and Settings\Owner\Desktop\ACToolkit.exe [2008/12/03 23:07:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Pkmn Box [2008/12/03 22:25:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Pando Packages [2008/12/03 22:24:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Pando [2008/12/03 22:23:21 | 00,002,391 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pando.lnk [2008/12/03 22:23:09 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks [2008/12/03 22:20:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{7326CE9D-C0D2-433A-8A57-B7934EA13EC8} [2008/12/03 21:26:42 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2008/12/03 21:21:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2008/12/03 20:20:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2008/12/03 20:20:47 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2008/12/01 17:16:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc [2008/12/01 17:13:22 | 00,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk ========== Files - Modified Within 30 Days ========== [4 C:\WINDOWS\System32\*.tmp files] [6 C:\WINDOWS\*.tmp files] [2008/12/31 16:30:12 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe [2008/12/31 12:00:00 | 00,000,310 | ---- | M] () -- C:\WINDOWS\tasks\eozlijwa.job [2008/12/31 11:47:52 | 00,185,065 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FixPolicies.exe [2008/12/31 11:33:51 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2008/12/31 11:33:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2008/12/31 11:33:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2008/12/31 11:33:21 | 26,801,3568 | -HS- | M] () -- C:\hiberfil.sys [2008/12/31 11:29:40 | 01,033,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe [2008/12/26 11:05:21 | 00,001,299 | ---- | M] () -- C:\avexport.bat [2008/12/26 04:51:38 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LopSD.exe [2008/12/23 22:34:19 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2008/12/23 22:33:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\taskkill.exe [2008/12/23 22:32:47 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2008/12/23 21:42:01 | 02,885,786 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe [2008/12/23 21:25:06 | 00,000,068 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fix.bat [2008/12/23 19:55:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2008/12/22 20:24:16 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk [2008/12/22 20:19:42 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk [2008/12/22 07:01:06 | 00,379,392 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\subinacl.msi [2008/12/22 06:35:48 | 00,335,992 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dial-a-fix-v0.60.0.24.zip [2008/12/22 05:25:29 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2008/12/22 05:24:52 | 00,000,453 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\allowtsk.reg [2008/12/21 21:46:34 | 02,539,400 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe [2008/12/21 20:29:59 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat [2008/12/21 20:29:15 | 00,000,002 | ---- | M] () -- C:\1952709024 [2008/12/21 20:28:21 | 00,212,480 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/12/21 02:21:09 | 00,002,391 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pando.lnk [2008/12/20 18:09:33 | 00,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2008/12/17 00:18:18 | 00,450,560 | ---- | M] (Game-Hackers.com) -- C:\Documents and Settings\Owner\Desktop\ACToolkit.exe [2008/12/15 06:00:00 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\SOAPS5.doc [2008/12/15 04:46:32 | 17,861,030 | ---- | M] (XeroBank) -- C:\Documents and Settings\Owner\Desktop\XeroBank_Installer.exe [2008/12/13 00:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2008/12/13 00:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2008/12/10 03:19:52 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2008/12/10 03:17:48 | 00,000,792 | ---- | M] () -- C:\WINDOWS\win.ini [2008/12/09 19:32:47 | 00,059,830 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\polar bear card.jpg [2008/12/09 17:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2008/12/08 19:29:55 | 01,234,441 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\anais y mario.jpg [2008/12/06 12:19:24 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2008/12/03 20:43:02 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2008/12/03 19:54:08 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/12/03 19:54:04 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008/12/02 07:49:22 | 02,114,812 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db [2008/12/01 17:13:22 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk ========== Alternate Data Streams ========== @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable < End of report >
  14. ASF1nk
    for FixPlocies i get "Another program is currently using the file" do i continue with OTListIt2.exe?
  15. ASF1nk
    OTMoveIt3 log ========== FILES ========== File/Folder C:\windows\system32\drivers\TDSS*.* not found. File/Folder C:\windows\system32\TDSS*.* not found. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFC026.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFEE8.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFEF8.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12312008_113103 Files moved on Reboot... C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFC026.tmp moved successfully. File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFEE8.tmp not found! File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFEF8.tmp not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.