Jump to content

Recommended Posts

Here's the files requested:

From Malwarebytes:

Malwarebytes' Anti-Malware 1.29

Database version: 1276

Windows 5.1.2600 Service Pack 3

10/11/2008 10:41:30 PM

mbam-log-2008-11-10 (22-41-25).txt

Scan type: Full Scan (C:\|)

Objects scanned: 101764

Time elapsed: 34 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 3

Folders Infected: 1

Files Infected: 10

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twext.exe -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twext.exe -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,) Good: (userinit.exe) -> No action taken.

Folders Infected:

C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> No action taken.

Files Infected:

C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> No action taken.

C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> No action taken.

C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> No action taken.

C:\WINDOWS\system32\delself.bat (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> No action taken.

C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> No action taken.

C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> No action taken.

============================================================

From OTList It (Part 1):

OTListIt logfile created on: 12/11/2008 12:12:22 PM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 230.57 Mb Available Physical Memory | 45.08% Memory free

1.22 Gb Paging File | 0.72 Gb Available in Paging File | 58.56% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144.29 Gb Total Space | 131.85 Gb Free Space | 91.38% Space Free | Partition Type: NTFS

Drive D: | 4.74 Gb Total Space | 0.84 Gb Free Space | 17.75% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HOMEOFFICE

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2008/06/12 12:08:22 | 00,103,024 | ---- | M] () -- C:\Program Files\Auslogics\AusLogics Visual Styler\themehelpersvc.exe

[2007/09/13 15:21:50 | 00,293,104 | ---- | M] (TELUS) -- C:\Program Files\TELUS\TELUS eProtect\Fws.exe

[2006/12/19 12:45:16 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

[2007/09/26 10:43:22 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe

[2005/12/07 10:44:20 | 00,045,056 | ---- | M] () -- C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe

[2008/04/28 06:23:28 | 00,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

[2002/08/29 05:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe

[2008/05/26 21:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe

[1998/05/07 16:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

[2003/07/14 17:52:44 | 00,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe

[2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[2002/09/10 20:26:26 | 00,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe

[2007/10/07 23:16:16 | 01,462,272 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe

[2006/03/10 11:01:02 | 00,543,232 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe

[2005/02/02 15:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe

[2004/09/07 12:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE

[2007/11/08 19:12:30 | 00,114,688 | ---- | M] (felipEx [http://felipex.net]) -- C:\Program Files\Mozilla Firefox\Optimizers\Fuo\Firefox Ultimate Optimizer.exe

[2007/05/14 08:10:38 | 02,061,816 | ---- | M] (TELUS) -- C:\Program Files\TELUS\eProtect Advisor\TEPA.exe

[2007/09/13 15:22:08 | 00,310,000 | ---- | M] (TELUS) -- C:\Program Files\TELUS\TELUS eProtect\RPS.exe

[2007/01/01 14:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe

[2003/06/18 12:00:00 | 00,200,704 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft Money\System\mnyexpr.exe

[2006/10/01 15:50:28 | 00,334,848 | ---- | M] () -- C:\Program Files\Free Desktop Clock\DesktopClock.exe

[2008/09/03 09:48:12 | 00,920,976 | ---- | M] (Innovative Solutions GRUP SRL) -- C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\Monitor.exe

[2003/10/11 05:42:55 | 00,016,384 | ---- | M] () -- C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

[2006/02/19 03:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[2007/06/02 00:01:26 | 00,230,912 | ---- | M] () -- C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe

[2007/05/14 08:10:40 | 00,292,344 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\TELUS\eProtect Advisor\TEPAComHandler.exe

[2006/02/10 06:56:12 | 00,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

[2006/02/19 04:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

[2008/04/28 06:23:36 | 00,738,568 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

[2008/10/09 08:23:26 | 00,099,056 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\TELUS\TELUS eProtect\rpsupdaterR.exe

[2008/10/01 09:27:37 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

[2007/08/09 00:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

[2008/07/07 09:42:04 | 04,891,472 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

[2008/11/12 11:03:16 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt.exe

[2008/05/26 21:18:18 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchprotocolhost.exe

[2008/05/26 21:17:56 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchfilterhost.exe

========== (O23) Win32 Services ==========

[2008/06/12 12:08:22 | 00,103,024 | ---- | M] () -- C:\Program Files\Auslogics\AusLogics Visual Styler\themehelpersvc.exe -- (ALThemeHelper [Auto | Running])

[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2007/11/27 13:02:46 | 00,177,448 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe -- (dvpapi [Auto | Stopped])

[2006/12/19 12:45:16 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC [Auto | Running])

[2002/08/29 05:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])

[2007/09/26 10:43:22 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Running])

[2005/12/07 10:44:20 | 00,045,056 | ---- | M] () -- C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe -- (NMSAccess [Auto | Running])

[2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2008/04/28 06:23:28 | 00,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent [Auto | Running])

[2008/04/28 06:23:36 | 00,738,568 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine [On_Demand | Running])

[2007/08/09 00:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])

[2008/10/09 08:23:26 | 00,099,056 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\TELUS\TELUS eProtect\rpsupdaterR.exe -- (RPSUpdaterR [On_Demand | Running])

[2007/09/13 15:21:50 | 00,293,104 | ---- | M] (TELUS) -- C:\Program Files\TELUS\TELUS eProtect\Fws.exe -- (RP_FWS [Auto | Running])

[2002/08/29 05:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp [Auto | Running])

[2008/09/29 13:35:56 | 00,306,432 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])

[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[2008/05/26 21:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2001/08/17 12:11:18 | 00,020,160 | ---- | M] (ADMtek Incorporated) -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511 [On_Demand | Running])

[2008/10/01 06:46:58 | 00,043,672 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [system | Running])

[2004/10/01 09:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

[2008/04/13 11:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [system | Running])

[2007/11/26 15:33:52 | 00,835,792 | ---- | M] (Authentium, Inc) -- C:\WINDOWS\system32\drivers\Css-Dvp.sys -- (CSS DVP [Auto | Running])

[2008/04/25 05:38:22 | 00,071,184 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS [boot | Running])

[2003/06/19 01:59:00 | 00,140,800 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k [boot | Running])

[2008/06/25 05:36:08 | 00,043,520 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FET5X86V [On_Demand | Running])

[2003/01/15 23:05:54 | 00,041,984 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB [On_Demand | Stopped])

[2006/04/12 18:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Running])

[2006/04/12 18:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])

[2006/04/12 18:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])

[2003/04/15 17:39:46 | 00,090,907 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])

[2007/07/05 12:34:52 | 00,134,160 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (klif [system | Running])

[2003/12/12 18:03:10 | 00,652,689 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])

[2007/09/26 10:43:15 | 00,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50 [On_Demand | Stopped])

[2007/09/26 10:43:13 | 00,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50 [On_Demand | Running])

[2007/01/15 17:18:30 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr [On_Demand | Running])

[2003/09/02 23:51:00 | 00,021,120 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp [boot | Running])

[2005/12/12 16:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])

[2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2005/08/19 02:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2007/04/19 10:36:50 | 00,048,384 | ---- | M] (Radialpoint, Inc.) -- C:\WINDOWS\system32\drivers\rp_pkt32.sys -- (RPPKT [On_Demand | Running])

[2008/10/09 08:23:26 | 00,053,192 | ---- | M] (Radialpoint Inc.) -- C:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT [Auto | Running])

[2002/10/04 17:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139 [On_Demand | Stopped])

[2004/08/03 21:29:52 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr [On_Demand | Stopped])

[2008/04/13 09:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2003/05/06 15:34:56 | 00,394,752 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315 [On_Demand | Stopped])

[2003/02/20 16:18:36 | 00,036,608 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP [boot | Running])

[2003/04/11 08:51:30 | 00,010,624 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp [system | Running])

[2007/02/20 13:07:56 | 00,005,632 | R--- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [system | Running])

[2008/10/03 15:42:24 | 00,007,168 | ---- | M] () -- C:\WINDOWS\system32\drivers\utmxmjgy.sys -- (utmxmjgy [On_Demand | Stopped])

[2003/07/02 11:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [boot | Running])

[2003/08/11 21:09:18 | 00,265,344 | ---- | M] (Copyright © VIA/S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Stopped])

[2006/10/09 11:58:48 | 00,203,648 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio [On_Demand | Stopped])

[2008/04/03 14:42:30 | 00,016,896 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ViBus.sys -- (ViBus [boot | Running])

[2007/09/21 16:49:10 | 00,009,216 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32 [boot | Running])

[2008/04/03 14:42:34 | 00,053,248 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ViPrt.sys -- (ViPrt [boot | Running])

[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])

[2002/08/29 05:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [system | Running])

[2003/04/15 17:40:54 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])

[2003/04/15 17:40:46 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qca10.hpwis.com/

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qca10.hpwis.com/

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.msn.com

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

O1 HOSTS File: (140266 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 0.0.0.0 123spywar.com

O1 - Hosts: 0.0.0.0 www.123spywar.com

O1 - Hosts: 0.0.0.0 1clickspyclean.com

O1 - Hosts: 0.0.0.0 www.1clickspyclean.com

O1 - Hosts: 0.0.0.0 1clicksuite.net

O1 - Hosts: 0.0.0.0 www.1clicksuite.net

O1 - Hosts: 0.0.0.0 1spyware-removal.com

O1 - Hosts: 0.0.0.0 www.1spyware-removal.com

O1 - Hosts: 0.0.0.0 1spywarekiller.com

O1 - Hosts: 0.0.0.0 www.1spywarekiller.com

O1 - Hosts: 0.0.0.0 1stantivirus.com

O1 - Hosts: 0.0.0.0 www.1stantivirus.com

O1 - Hosts: 0.0.0.0 1stspywar.com

O1 - Hosts: 0.0.0.0 www.1stspywar.com

O1 - Hosts: 0.0.0.0 2-antispyware.com

O1 - Hosts: 0.0.0.0 www.2-antispyware.com

O1 - Hosts: 0.0.0.0 3bsoftware.com

O1 - Hosts: 0.0.0.0 www.3bsoftware.com

O1 - Hosts: 0.0.0.0 actualresearch.com

O1 - Hosts: 0.0.0.0 www.actualresearch.com

O1 - Hosts: 0.0.0.0 abletostop.com

O1 - Hosts: 0.0.0.0 www.abletostop.com

O1 - Hosts: 0.0.0.0 aboutblankremover.com

O1 - Hosts: 0.0.0.0 www.aboutblankremover.com

O1 - Hosts: 4889 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()

O4 - HKLM..\Run: [FirefoxUltimateOptimizer] "C:\Program Files\Mozilla Firefox\Optimizers\Fuo\Firefox Ultimate Optimizer.exe" (felipEx [http://felipex.net])

O4 - HKLM..\Run: [-FreedomNeedsReboot] "C:\Program Files\TELUS\TELUS eProtect\ZkRunOnceR.exe" (TELUS)

O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)

O4 - HKLM..\Run: [LTMSG] LTMSG.exe 7 (Agere Systems)

O4 - HKLM..\Run: [TELUS eProtect] "C:\Program Files\TELUS\TELUS eProtect\Rps.exe" (TELUS)

O4 - HKLM..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe (Motive Communications, Inc.)

O4 - HKLM..\Run: [TelusWCC_McciTrayApp] C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe (Motive Communications, Inc.)

O4 - HKLM..\Run: [TEPA.exe] "C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" /AUTORUN (TELUS)

O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

O4 - HKLM..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)

O4 - HKCU..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe" (Innovative Solutions GRUP SRL)

O4 - HKCU..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" (Microsoft Corp.)

O4 - HKCU..\Run: [skinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe ()

O4 - HKLM..\RunOnce: [indexCleaner] "C:\Program Files\TELUS\TELUS eProtect\IdxClnR.exe" (TELUS)

O4 - HKCU..\RunOnce: [indexCleaner] "C:\Program Files\TELUS\TELUS eProtect\IdxClnR.exe" (TELUS)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key does not exist or could not be opened. File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1222724458750 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1222874553578 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)

O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - ms-help - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2003/10/11 03:16:00 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []

[2001/07/28 06:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

Autorun.inf [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ]

[2002/09/11 03:02:32 | 00,000,045 | -HS- | M] () -- D:\Autorun.inf -- [ FAT32 ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]

[2008/11/12 12:01:52 | 00,000,941 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk

[2008/11/12 12:01:46 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2008/11/12 12:01:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2008/11/12 11:08:39 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys

[2008/11/12 11:07:50 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2008/11/12 11:07:35 | 00,175,648 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\activescan2_en.exe

[2008/11/12 11:04:41 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd160.exe

[2008/11/12 11:03:15 | 00,418,304 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt.exe

[2008/11/12 10:48:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2008/11/12 10:39:58 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2008/11/12 10:26:25 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2008/11/12 10:26:12 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll

[2008/11/11 08:34:53 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2008/11/11 08:30:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2008/11/06 11:05:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2008/11/06 11:05:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com

[2008/11/03 09:00:34 | 00,010,307 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Bjarne's Med List -- Updated 3 Nov 08.docx

[2008/11/02 19:48:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Help

[2008/11/02 19:48:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Help

[2008/10/30 19:03:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Windows Search

[2008/10/30 18:41:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations

[2008/10/27 09:47:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2008/10/27 09:46:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations

[2008/10/25 11:39:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions

[2008/10/25 11:39:15 | 00,042,496 | ---- | C] () -- C:\WINDOWS\System32\AdvUninstCPL.cpl

[2008/10/25 11:39:09 | 00,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions

[2008/10/25 09:55:43 | 00,090,112 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe

[2008/10/25 09:55:33 | 00,000,000 | ---D | C] -- C:\Program Files\Quicken WillMaker Plus 2007

[2008/10/24 07:02:34 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2008/10/22 11:52:32 | 00,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe

[2008/10/22 09:32:29 | 00,134,160 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys

[2008/10/17 17:37:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Albums

[2008/10/17 17:21:36 | 00,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MasterCook 9.lnk

[2008/10/17 17:21:26 | 00,000,000 | ---D | C] -- C:\Program Files\MasterCook 9

[2008/10/16 09:17:26 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry

[2008/10/14 16:39:50 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys

[2008/10/14 16:39:17 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys

[2008/10/14 16:39:14 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe

[2008/10/14 16:39:13 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

[2008/10/14 16:39:12 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe

[2008/10/14 16:39:11 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

[2008/11/12 12:02:09 | 03,725,344 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2008/11/12 12:01:52 | 00,000,941 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk

[2008/11/12 11:07:36 | 00,175,648 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\activescan2_en.exe

[2008/11/12 11:05:23 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd160.exe

[2008/11/12 11:03:16 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt.exe

[2008/11/12 11:02:44 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Word.lnk

[2008/11/12 10:45:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008/11/12 10:44:16 | 00,044,252 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2008/11/12 10:40:13 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008/11/11 08:56:47 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008/11/11 07:51:11 | 00,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MasterCook 9.lnk

[2008/11/07 14:20:41 | 00,829,024 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db

[2008/11/03 19:44:54 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\sys_dll.dll

[2008/11/03 17:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008/11/03 09:00:35 | 00,010,307 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Bjarne's Med List -- Updated 3 Nov 08.docx

[2008/11/02 19:50:44 | 00,000,607 | ---- | M] () -- C:\WINDOWS\win.ini

[2008/11/02 08:21:42 | 00,428,714 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008/11/02 08:21:42 | 00,071,254 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008/11/02 08:21:41 | 00,509,142 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008/10/24 04:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys

[2008/10/24 04:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008/10/15 09:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll

[2008/10/15 09:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2008/10/14 16:52:57 | 00,177,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

< End of report >

Part 2:

OTListIt Extras logfile created on: 12/11/2008 12:12:22 PM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 230.57 Mb Available Physical Memory | 45.08% Memory free

1.22 Gb Paging File | 0.72 Gb Available in Paging File | 58.56% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144.29 Gb Total Space | 131.85 Gb Free Space | 91.38% Space Free | Partition Type: NTFS

Drive D: | 4.74 Gb Total Space | 0.84 Gb Free Space | 17.75% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HOMEOFFICE

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2003/10/11 05:42:55 | 00,016,384 | ---- | M] () -- C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Enabled:BackWeb-1940576

[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007/01/01 14:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{045FE8EA-F79B-4629-B680-D8E52EFCD189}" = TELUS eProtect

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow

"{0EFED4A3-64ED-470B-A860-BFA5B470845E}" = RPS Backup

"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig

"{1A0667AB-BC3F-4ADA-AB4E-C1C65730F189}_is1" = AusLogics Visual Styler

"{1D643CD4-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004

"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows

"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}" = PerfectDisk

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp

"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK

"{336844B0-0CB8-4C73-80E6-383FB169BC0E}" = RPS Firewall

"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{356CD0B5-47CF-485A-8F6D-4D137F3D5600}_is1" = Firefox Optimizers

"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{3BC4489D-686F-4D34-AD7D-DAB727CC2D85}" = RPS Privacy Manager

"{4023AAE4-E434-4028-85C5-8FF4159F7AF6}" = RPS AsRealtime

"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{5462A3AE-5D32-4613-876E-D0CD1756B6E5}" = RPS RpsCore

"{563E2BC8-A0CA-4A81-9DD2-897BB326C679}" = Cheetah DVD Burner

"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008

"{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}" = Radialpoint Security Services

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential

"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2

"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = AusLogics BoostSpeed

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{743F47C1-1194-4C70-8565-2E7A21379F4A}" = RPS AntiSpyware

"{760E1F3F-F2F6-47C7-B4F0-560B8ACA8999}" = RPS Performance Tool

"{78B7F1F6-9D66-4509-B216-96F4ACBBAC15}" = RPS Security Cleanup

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy

"{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9

"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help

"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A62AE053-EB18-4EEF-9EFD-FFE5A4244ADB}" = RPS Zip

"{A642450B-A20E-420D-83F5-DF5C418C50D1}" = RPS AntiFraud

"{AA47BB0B-933B-49DF-BE3A-17BFA60B7623}" = RPS ParentalControl

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour

"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config

"{BAC15E33-870A-4D27-B247-999F6A735B45}" = RPS Ad Blocker

"{BD6CB9F6-3AF3-49F0-BBD1-9D13495655F6}" = RPS PopupBlocker

"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery

"{C66F62AD-551B-428F-9183-F5802333367F}" = RPS AntiVirus

"{C70EF769-8296-4ED0-966F-D624BC6D4927}" = Authentium AntiVirus SDK - 2

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{C869F4FF-E5FF-4FBB-9A31-33C23605E170}" = PPSDKRedistributables

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D2E3D944-B08E-4446-B0C2-A0E66CB8A7C0}" = RPS Diagnostic Utility

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{DC626552-2C9D-4C5E-8367-22FB0C1758B0}" = RPS App Detector

"{E2DAC54C-1560-4F00-B7CD-E9BD89ACFAFD}" = RPS Burn

"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100

"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1

"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player Plugin

"AU9_is1" = Advanced Uninstaller PRO - Version 9

"BackWeb-1940576 Uninstaller" = Compaq Connections

"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1

"Bejeweled Deluxe 1.87" = Bejeweled Deluxe 1.87

"Bejeweled Twist 1.0" = Bejeweled Twist 1.0

"BroadJump Client Foundation" = BroadJump Client Foundation

"Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0

"Compaq Instant Support" = Compaq Instant Support

"Desktop Architect" = Desktop Architect

"Foxit Reader" = Foxit Reader

"Free Desktop Clock_is1" = Free Desktop Clock 2.2

"HijackThis" = HijackThis 2.0.2

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Photo & Imaging" = HP Photosmart Premier Software 6.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0

"HPOCR" = OCR Software by I.R.I.S 7.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9

"IrfanView" = IrfanView (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)

"Mozilla Thunderbird (2.0.0.17)" = Mozilla Thunderbird (2.0.0.17)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA GART Driver" = NVIDIA GART Driver

"Orbitron_is1" = Orbitron - Satellite Tracking System

"PopCap Browser Plugin" = PopCap Browser Plugin

"PS2" = PS2

"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions

"Python 2.2.1" = Python 2.2.1

"RadialpointClientGateway_is1" = TELUS eProtect Advisor 1.5.12

"RealPlayer 6.0" = RealOne Player

"Solitaire" = Solitaire

"Stellarium_is1" = Stellarium 0.10.0

"Trojan Guarder Gold Full Version_is1" = Trojan Guarder Gold Full Version

"Trojan Remover_is1" = Trojan Remover 6.7.4

"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)

"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"xp-AntiSpy" = xp-AntiSpy 3.96-8

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 13/10/2008 11:07:10 AM | Computer Name = HOMEOFFICE | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI> in

the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:

A

device attached to the system is not functioning. (0x8007001f)

Error - 13/10/2008 11:07:58 AM | Computer Name = HOMEOFFICE | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI> in

the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:

A

device attached to the system is not functioning. (0x8007001f)

[ System Events ]

Error - 12/11/2008 1:47:40 PM | Computer Name = HOMEOFFICE | Source = DCOM | ID = 10010

Description = The server {07D393E6-BB61-4063-8B5F-9C3E734D2FEC} did not register

with DCOM within the required timeout.

Error - 12/11/2008 1:48:12 PM | Computer Name = HOMEOFFICE | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service

Pack 2 (KB954430).

Error - 12/11/2008 1:48:34 PM | Computer Name = HOMEOFFICE | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070652: Security Update for Microsoft Office 2007 (KB951550).

Error - 12/11/2008 1:49:10 PM | Computer Name = HOMEOFFICE | Source = DCOM | ID = 10010

Description = The server {07D393E6-BB61-4063-8B5F-9C3E734D2FEC} did not register

with DCOM within the required timeout.

Error - 12/11/2008 1:56:17 PM | Computer Name = HOMEOFFICE | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service

Pack 2 (KB954430).

Error - 12/11/2008 1:56:47 PM | Computer Name = HOMEOFFICE | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070652: Security Update for Microsoft Office 2007 (KB951550).

Error - 12/11/2008 1:59:36 PM | Computer Name = HOMEOFFICE | Source = Service Control Manager | ID = 7023

Description = The dvpapi service terminated with the following error: %%2147500053

Error - 12/11/2008 2:51:02 PM | Computer Name = HOMEOFFICE | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 12/11/2008 2:51:05 PM | Computer Name = HOMEOFFICE | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 12/11/2008 2:51:09 PM | Computer Name = HOMEOFFICE | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

< End of report >

NOTE: Panda's ActiveScan 2.0 Running. Will post when done.

Link to post
Share on other sites

Okay.. When panda's active scan completes, please update mbam. You are a version behind and several databases out of date. Once you have done so, please allow mbam to scan and remove everything it finds. Then reboot your pc, scan with mbam again and provide fresh logs of it and hijackthis please.

Thanks

Link to post
Share on other sites

Okay.. When panda's active scan completes, please update mbam. You are a version behind and several databases out of date. Once you have done so, please allow mbam to scan and remove everything it finds. Then reboot your pc, scan with mbam again and provide fresh logs of it and hijackthis please.

Thanks

Good as done. I have updated mbam and have run Hijackthis as well as OTListIt and will post when all is done. I had to step out and returned to find that FireFox had crashed so I'm doing a rescan with ActiveScan as well.

Link to post
Share on other sites

Good as done. I have updated mbam and have run Hijackthis as well as OTListIt and will post when all is done. I had to step out and returned to find that FireFox had crashed so I'm doing a rescan with ActiveScan as well.

Right then, here are the current logfiles. Am waiting for Panda to complete (using Internet Explorer). I also used Eset.com/onlinescan but was unable to grab the results nor was there a logfile for me,

1. mbam PRE boot (updates in place):

Malwarebytes' Anti-Malware 1.30

Database version: 1391

Windows 5.1.2600 Service Pack 3

12/11/2008 8:21:46 PM

mbam-log-2008-11-12 (20-21-46).txt

Scan type: Full Scan (C:\|)

Objects scanned: 103177

Time elapsed: 42 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

2. POST Reboot:

Malwarebytes' Anti-Malware 1.30

Database version: 1395

Windows 5.1.2600 Service Pack 3

13/11/2008 12:22:31 PM

mbam-log-2008-11-13 (12-22-31).txt

Scan type: Full Scan (C:\|)

Objects scanned: 103518

Time elapsed: 39 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

3. OTListIT:

OTListIt logfile created on: 12/11/2008 7:30:07 PM - Run 2

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Owner\Desktop\Stuffs

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 185.91 Mb Available Physical Memory | 36.35% Memory free

1.22 Gb Paging File | 0.80 Gb Available in Paging File | 65.74% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144.29 Gb Total Space | 131.78 Gb Free Space | 91.33% Space Free | Partition Type: NTFS

Drive D: | 4.74 Gb Total Space | 0.84 Gb Free Space | 17.75% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HOMEOFFICE

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2008/06/12 12:08:22 | 00,103,024 | ---- | M] () -- C:\Program Files\Auslogics\AusLogics Visual Styler\themehelpersvc.exe

[2007/09/13 15:21:50 | 00,293,104 | ---- | M] (TELUS) -- C:\Program Files\TELUS\TELUS eProtect\Fws.exe

[2006/12/19 12:45:16 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

[2007/09/26 10:43:22 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe

[2005/12/07 10:44:20 | 00,045,056 | ---- | M] () -- C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe

[2008/04/28 06:23:28 | 00,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

[2002/08/29 05:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe

[1998/05/07 16:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

[2003/07/14 17:52:44 | 00,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe

[2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[2002/09/10 20:26:26 | 00,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe

[2007/10/07 23:16:16 | 01,462,272 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe

[2006/03/10 11:01:02 | 00,543,232 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe

[2005/02/02 15:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe

[2004/09/07 12:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE

[2007/11/08 19:12:30 | 00,114,688 | ---- | M] (felipEx [http://felipex.net]) -- C:\Program Files\Mozilla Firefox\Optimizers\Fuo\Firefox Ultimate Optimizer.exe

[2007/05/14 08:10:38 | 02,061,816 | ---- | M] (TELUS) -- C:\Program Files\TELUS\eProtect Advisor\TEPA.exe

[2007/09/13 15:22:08 | 00,310,000 | ---- | M] (TELUS) -- C:\Program Files\TELUS\TELUS eProtect\RPS.exe

[2007/01/01 14:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe

[2003/06/18 12:00:00 | 00,200,704 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft Money\System\mnyexpr.exe

[2006/10/01 15:50:28 | 00,334,848 | ---- | M] () -- C:\Program Files\Free Desktop Clock\DesktopClock.exe

[2008/09/03 09:48:12 | 00,920,976 | ---- | M] (Innovative Solutions GRUP SRL) -- C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\Monitor.exe

[2003/10/11 05:42:55 | 00,016,384 | ---- | M] () -- C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

[2006/02/19 03:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[2007/05/14 08:10:40 | 00,292,344 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\TELUS\eProtect Advisor\TEPAComHandler.exe

[2006/02/10 06:56:12 | 00,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

[2006/02/19 04:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

[2008/04/28 06:23:36 | 00,738,568 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

[2008/10/09 08:23:26 | 00,099,056 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\TELUS\TELUS eProtect\rpsupdaterR.exe

[2008/10/01 09:27:37 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

[2008/07/18 21:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

[2008/11/12 11:03:16 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Stuffs\OTListIt.exe

========== (O23) Win32 Services ==========

[2008/06/12 12:08:22 | 00,103,024 | ---- | M] () -- C:\Program Files\Auslogics\AusLogics Visual Styler\themehelpersvc.exe -- (ALThemeHelper [Auto | Running])

[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2007/11/27 13:02:46 | 00,177,448 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe -- (dvpapi [Auto | Stopped])

[2006/12/19 12:45:16 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC [Auto | Running])

[2002/08/29 05:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])

[2007/09/26 10:43:22 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Running])

[2005/12/07 10:44:20 | 00,045,056 | ---- | M] () -- C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe -- (NMSAccess [Auto | Running])

[2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2008/04/28 06:23:28 | 00,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent [Auto | Running])

[2008/04/28 06:23:36 | 00,738,568 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine [On_Demand | Running])

[2007/08/09 00:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])

[2008/10/09 08:23:26 | 00,099,056 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\TELUS\TELUS eProtect\rpsupdaterR.exe -- (RPSUpdaterR [On_Demand | Running])

[2007/09/13 15:21:50 | 00,293,104 | ---- | M] (TELUS) -- C:\Program Files\TELUS\TELUS eProtect\Fws.exe -- (RP_FWS [Auto | Running])

[2002/08/29 05:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp [Auto | Running])

[2008/09/29 13:35:56 | 00,306,432 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])

[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[2008/05/26 21:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe -- (WSearch [Auto | Stopped])

========== Driver Services ==========

[2001/08/17 12:11:18 | 00,020,160 | ---- | M] (ADMtek Incorporated) -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511 [On_Demand | Running])

[2008/10/01 06:46:58 | 00,043,672 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [system | Running])

[2004/10/01 09:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

[2008/04/13 11:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [system | Running])

[2007/11/26 15:33:52 | 00,835,792 | ---- | M] (Authentium, Inc) -- C:\WINDOWS\system32\drivers\Css-Dvp.sys -- (CSS DVP [Auto | Running])

[2008/04/25 05:38:22 | 00,071,184 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS [boot | Running])

[2003/06/19 01:59:00 | 00,140,800 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k [boot | Running])

[2008/06/25 05:36:08 | 00,043,520 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FET5X86V [On_Demand | Running])

[2003/01/15 23:05:54 | 00,041,984 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB [On_Demand | Stopped])

[2006/04/12 18:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])

[2006/04/12 18:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])

[2006/04/12 18:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])

[2003/04/15 17:39:46 | 00,090,907 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])

[2007/07/05 12:34:52 | 00,134,160 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (klif [system | Running])

[2003/12/12 18:03:10 | 00,652,689 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])

[2007/09/26 10:43:15 | 00,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50 [On_Demand | Stopped])

[2007/09/26 10:43:13 | 00,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50 [On_Demand | Running])

[2007/01/15 17:18:30 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr [On_Demand | Running])

[2003/09/02 23:51:00 | 00,021,120 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp [boot | Running])

[2005/12/12 16:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])

[2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2005/08/19 02:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2007/04/19 10:36:50 | 00,048,384 | ---- | M] (Radialpoint, Inc.) -- C:\WINDOWS\system32\drivers\rp_pkt32.sys -- (RPPKT [On_Demand | Running])

[2008/10/09 08:23:26 | 00,053,192 | ---- | M] (Radialpoint Inc.) -- C:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT [Auto | Running])

[2002/10/04 17:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139 [On_Demand | Stopped])

[2004/08/03 21:29:52 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr [On_Demand | Stopped])

[2008/04/13 09:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2003/05/06 15:34:56 | 00,394,752 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315 [On_Demand | Stopped])

[2003/02/20 16:18:36 | 00,036,608 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP [boot | Running])

[2003/04/11 08:51:30 | 00,010,624 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp [system | Running])

[2007/02/20 13:07:56 | 00,005,632 | R--- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [system | Running])

[2008/10/03 15:42:24 | 00,007,168 | ---- | M] () -- C:\WINDOWS\system32\drivers\utmxmjgy.sys -- (utmxmjgy [On_Demand | Stopped])

[2003/07/02 11:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [boot | Running])

[2003/08/11 21:09:18 | 00,265,344 | ---- | M] (Copyright © VIA/S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Stopped])

[2006/10/09 11:58:48 | 00,203,648 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio [On_Demand | Stopped])

[2008/04/03 14:42:30 | 00,016,896 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ViBus.sys -- (ViBus [boot | Running])

[2007/09/21 16:49:10 | 00,009,216 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32 [boot | Running])

[2008/04/03 14:42:34 | 00,053,248 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ViPrt.sys -- (ViPrt [boot | Running])

[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])

[2002/08/29 05:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [system | Running])

[2003/04/15 17:40:54 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])

[2003/04/15 17:40:46 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qca10.hpwis.com/

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qca10.hpwis.com/

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.msn.com

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-3127254304-2211522940-707911758-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qca10.hpwis.com/

HKU\S-1-5-21-3127254304-2211522940-707911758-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qca10.hpwis.com/

HKU\S-1-5-21-3127254304-2211522940-707911758-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKU\S-1-5-21-3127254304-2211522940-707911758-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =

HKU\S-1-5-21-3127254304-2211522940-707911758-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKU\S-1-5-21-3127254304-2211522940-707911758-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.msn.com

HKU\S-1-5-21-3127254304-2211522940-707911758-1003\S-1-5-21-3127254304-2211522940-707911758-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-3127254304-2211522940-707911758-1003\S-1-5-21-3127254304-2211522940-707911758-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

O1 HOSTS File: (140266 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 0.0.0.0 123spywar.com

O1 - Hosts: 0.0.0.0 www.123spywar.com

O1 - Hosts: 0.0.0.0 1clickspyclean.com

O1 - Hosts: 0.0.0.0 www.1clickspyclean.com

O1 - Hosts: 0.0.0.0 1clicksuite.net

O1 - Hosts: 0.0.0.0 www.1clicksuite.net

O1 - Hosts: 0.0.0.0 1spyware-removal.com

O1 - Hosts: 0.0.0.0 www.1spyware-removal.com

O1 - Hosts: 0.0.0.0 1spywarekiller.com

O1 - Hosts: 0.0.0.0 www.1spywarekiller.com

O1 - Hosts: 0.0.0.0 1stantivirus.com

O1 - Hosts: 0.0.0.0 www.1stantivirus.com

O1 - Hosts: 0.0.0.0 1stspywar.com

O1 - Hosts: 0.0.0.0 www.1stspywar.com

O1 - Hosts: 0.0.0.0 2-antispyware.com

O1 - Hosts: 0.0.0.0 www.2-antispyware.com

O1 - Hosts: 0.0.0.0 3bsoftware.com

O1 - Hosts: 0.0.0.0 www.3bsoftware.com

O1 - Hosts: 0.0.0.0 actualresearch.com

O1 - Hosts: 0.0.0.0 www.actualresearch.com

O1 - Hosts: 0.0.0.0 abletostop.com

O1 - Hosts: 0.0.0.0 www.abletostop.com

O1 - Hosts: 0.0.0.0 aboutblankremover.com

O1 - Hosts: 0.0.0.0 www.aboutblankremover.com

O1 - Hosts: 4889 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()

O4 - HKLM..\Run: [FirefoxUltimateOptimizer] "C:\Program Files\Mozilla Firefox\Optimizers\Fuo\Firefox Ultimate Optimizer.exe" (felipEx [http://felipex.net])

O4 - HKLM..\Run: [-FreedomNeedsReboot] "C:\Program Files\TELUS\TELUS eProtect\ZkRunOnceR.exe" (TELUS)

O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)

O4 - HKLM..\Run: [LTMSG] LTMSG.exe 7 (Agere Systems)

O4 - HKLM..\Run: [TELUS eProtect] "C:\Program Files\TELUS\TELUS eProtect\Rps.exe" (TELUS)

O4 - HKLM..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe (Motive Communications, Inc.)

O4 - HKLM..\Run: [TelusWCC_McciTrayApp] C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe (Motive Communications, Inc.)

O4 - HKLM..\Run: [TEPA.exe] "C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" /AUTORUN (TELUS)

O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

O4 - HKLM..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)

O4 - HKCU..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe" (Innovative Solutions GRUP SRL)

O4 - HKCU..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" (Microsoft Corp.)

O4 - HKCU..\Run: [skinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe ()

O4 - HKU\S-1-5-21-3127254304-2211522940-707911758-1003..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe" (Innovative Solutions GRUP SRL)

O4 - HKU\S-1-5-21-3127254304-2211522940-707911758-1003..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" (Microsoft Corp.)

O4 - HKU\S-1-5-21-3127254304-2211522940-707911758-1003..\Run: [skinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe ()

O4 - HKLM..\RunOnce: [indexCleaner] "C:\Program Files\TELUS\TELUS eProtect\IdxClnR.exe" (TELUS)

O4 - HKCU..\RunOnce: [indexCleaner] "C:\Program Files\TELUS\TELUS eProtect\IdxClnR.exe" (TELUS)

O4 - HKU\S-1-5-21-3127254304-2211522940-707911758-1003..\RunOnce: [indexCleaner] "C:\Program Files\TELUS\TELUS eProtect\IdxClnR.exe" (TELUS)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3127254304-2211522940-707911758-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3127254304-2211522940-707911758-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key does not exist or could not be opened. File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1222724458750 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1222874553578 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)

O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - ms-help - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2003/10/11 03:16:00 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []

[2001/07/28 06:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

Autorun.inf [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ]

[2002/09/11 03:02:32 | 00,000,045 | -HS- | M] () -- D:\Autorun.inf -- [ FAT32 ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]

[2008/11/12 12:01:46 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2008/11/12 12:01:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2008/11/12 11:08:39 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys

[2008/11/12 11:07:50 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2008/11/12 10:48:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2008/11/12 10:39:58 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2008/11/12 10:26:25 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2008/11/12 10:26:12 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll

[2008/11/11 08:34:53 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2008/11/11 08:30:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2008/11/06 11:05:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2008/11/06 11:05:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com

[2008/11/03 09:00:34 | 00,010,307 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Bjarne's Med List -- Updated 3 Nov 08.docx

[2008/11/02 19:48:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Help

[2008/11/02 19:48:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Help

[2008/10/30 19:03:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Windows Search

[2008/10/30 18:41:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations

[2008/10/27 09:47:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2008/10/27 09:46:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations

[2008/10/25 11:39:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions

[2008/10/25 11:39:15 | 00,042,496 | ---- | C] () -- C:\WINDOWS\System32\AdvUninstCPL.cpl

[2008/10/25 11:39:09 | 00,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions

[2008/10/25 09:55:43 | 00,090,112 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe

[2008/10/25 09:55:33 | 00,000,000 | ---D | C] -- C:\Program Files\Quicken WillMaker Plus 2007

[2008/10/24 07:02:34 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2008/10/22 11:52:32 | 00,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe

[2008/10/22 09:32:29 | 00,134,160 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys

[2008/10/17 17:37:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Albums

[2008/10/17 17:21:36 | 00,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MasterCook 9.lnk

[2008/10/17 17:21:26 | 00,000,000 | ---D | C] -- C:\Program Files\MasterCook 9

[2008/10/16 09:17:26 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry

[2008/10/14 16:39:50 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys

[2008/10/14 16:39:17 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys

[2008/10/14 16:39:14 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe

[2008/10/14 16:39:13 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

[2008/10/14 16:39:12 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe

[2008/10/14 16:39:11 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

[2008/11/12 19:10:34 | 03,758,112 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2008/11/12 11:02:44 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Word.lnk

[2008/11/12 10:45:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008/11/12 10:44:16 | 00,044,252 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2008/11/12 10:40:13 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008/11/11 08:56:47 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008/11/11 07:51:11 | 00,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MasterCook 9.lnk

[2008/11/07 14:20:41 | 00,829,024 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db

[2008/11/03 19:44:54 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\sys_dll.dll

[2008/11/03 17:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008/11/03 09:00:35 | 00,010,307 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Bjarne's Med List -- Updated 3 Nov 08.docx

[2008/11/02 19:50:44 | 00,000,607 | ---- | M] () -- C:\WINDOWS\win.ini

[2008/11/02 08:21:42 | 00,428,714 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008/11/02 08:21:42 | 00,071,254 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008/11/02 08:21:41 | 00,509,142 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008/10/24 04:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys

[2008/10/24 04:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008/10/15 09:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll

[2008/10/15 09:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2008/10/14 16:52:57 | 00,177,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

< End of report >

4. HiJackThis:

Logfile of HijackThis v1.99.1

Scan saved at 7:34:27 PM, on 12/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Auslogics\AusLogics Visual Styler\themehelpersvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TELUS\TELUS eProtect\Fws.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\LTMSG.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe

C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\Mozilla Firefox\Optimizers\Fuo\Firefox Ultimate Optimizer.exe

C:\Program Files\TELUS\eProtect Advisor\TEPA.exe

C:\Program Files\TELUS\TELUS eProtect\Rps.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Money\System\mnyexpr.exe

C:\Program Files\Free Desktop Clock\DesktopClock.exe

C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe

C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\TELUS\eProtect Advisor\TEPAComHandler.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\Program Files\TELUS\TELUS eProtect\rpsupdaterR.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Owner\Desktop\hijackthis_sfx\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qca10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qca10.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qca10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe

O4 - HKLM\..\Run: [TelusWCC_McciTrayApp] C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [FirefoxUltimateOptimizer] "C:\Program Files\Mozilla Firefox\Optimizers\Fuo\Firefox Ultimate Optimizer.exe"

O4 - HKLM\..\Run: [TEPA.exe] "C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" /AUTORUN

O4 - HKLM\..\Run: [TELUS eProtect] "C:\Program Files\TELUS\TELUS eProtect\Rps.exe"

O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\TELUS\TELUS eProtect\ZkRunOnceR.exe"

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\RunOnce: [indexCleaner] "C:\Program Files\TELUS\TELUS eProtect\IdxClnR.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [skinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe

O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe"

O4 - HKCU\..\RunOnce: [indexCleaner] "C:\Program Files\TELUS\TELUS eProtect\IdxClnR.exe"

O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - C:\WINDOWS\system32\shdocvw.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1222724458750

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222874553578

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AusLogics Windows Themes Helper (ALThemeHelper) - Unknown owner - C:\Program Files\Auslogics\AusLogics Visual Styler\themehelpersvc.exe

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: TELUS eProtect Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\TELUS\TELUS eProtect\rpsupdaterR.exe

O23 - Service: TELUS eProtect Firewall (RP_FWS) - TELUS - C:\Program Files\TELUS\TELUS eProtect\Fws.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

5. HiJackThis "Extra" File:

OTListIt Extras logfile created on: 12/11/2008 7:30:07 PM - Run 2

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Owner\Desktop\Stuffs

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 185.91 Mb Available Physical Memory | 36.35% Memory free

1.22 Gb Paging File | 0.80 Gb Available in Paging File | 65.74% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144.29 Gb Total Space | 131.78 Gb Free Space | 91.33% Space Free | Partition Type: NTFS

Drive D: | 4.74 Gb Total Space | 0.84 Gb Free Space | 17.75% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HOMEOFFICE

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2003/10/11 05:42:55 | 00,016,384 | ---- | M] () -- C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Enabled:BackWeb-1940576

[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007/01/01 14:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{045FE8EA-F79B-4629-B680-D8E52EFCD189}" = TELUS eProtect

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow

"{0EFED4A3-64ED-470B-A860-BFA5B470845E}" = RPS Backup

"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig

"{1A0667AB-BC3F-4ADA-AB4E-C1C65730F189}_is1" = AusLogics Visual Styler

"{1D643CD4-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004

"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows

"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}" = PerfectDisk

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp

"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK

"{336844B0-0CB8-4C73-80E6-383FB169BC0E}" = RPS Firewall

"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{356CD0B5-47CF-485A-8F6D-4D137F3D5600}_is1" = Firefox Optimizers

"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{3BC4489D-686F-4D34-AD7D-DAB727CC2D85}" = RPS Privacy Manager

"{4023AAE4-E434-4028-85C5-8FF4159F7AF6}" = RPS AsRealtime

"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{5462A3AE-5D32-4613-876E-D0CD1756B6E5}" = RPS RpsCore

"{563E2BC8-A0CA-4A81-9DD2-897BB326C679}" = Cheetah DVD Burner

"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008

"{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}" = Radialpoint Security Services

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential

"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2

"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = AusLogics BoostSpeed

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{743F47C1-1194-4C70-8565-2E7A21379F4A}" = RPS AntiSpyware

"{760E1F3F-F2F6-47C7-B4F0-560B8ACA8999}" = RPS Performance Tool

"{78B7F1F6-9D66-4509-B216-96F4ACBBAC15}" = RPS Security Cleanup

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy

"{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9

"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help

"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A62AE053-EB18-4EEF-9EFD-FFE5A4244ADB}" = RPS Zip

"{A642450B-A20E-420D-83F5-DF5C418C50D1}" = RPS AntiFraud

"{AA47BB0B-933B-49DF-BE3A-17BFA60B7623}" = RPS ParentalControl

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour

"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config

"{BAC15E33-870A-4D27-B247-999F6A735B45}" = RPS Ad Blocker

"{BD6CB9F6-3AF3-49F0-BBD1-9D13495655F6}" = RPS PopupBlocker

"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery

"{C66F62AD-551B-428F-9183-F5802333367F}" = RPS AntiVirus

"{C70EF769-8296-4ED0-966F-D624BC6D4927}" = Authentium AntiVirus SDK - 2

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{C869F4FF-E5FF-4FBB-9A31-33C23605E170}" = PPSDKRedistributables

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D2E3D944-B08E-4446-B0C2-A0E66CB8A7C0}" = RPS Diagnostic Utility

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{DC626552-2C9D-4C5E-8367-22FB0C1758B0}" = RPS App Detector

"{E2DAC54C-1560-4F00-B7CD-E9BD89ACFAFD}" = RPS Burn

"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100

"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1

"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player Plugin

"AU9_is1" = Advanced Uninstaller PRO - Version 9

"BackWeb-1940576 Uninstaller" = Compaq Connections

"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1

"Bejeweled Deluxe 1.87" = Bejeweled Deluxe 1.87

"Bejeweled Twist 1.0" = Bejeweled Twist 1.0

"BroadJump Client Foundation" = BroadJump Client Foundation

"Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0

"Compaq Instant Support" = Compaq Instant Support

"Desktop Architect" = Desktop Architect

"Foxit Reader" = Foxit Reader

"Free Desktop Clock_is1" = Free Desktop Clock 2.2

"HijackThis" = HijackThis 2.0.2

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Photo & Imaging" = HP Photosmart Premier Software 6.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0

"HPOCR" = OCR Software by I.R.I.S 7.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9

"IrfanView" = IrfanView (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)

"Mozilla Thunderbird (2.0.0.17)" = Mozilla Thunderbird (2.0.0.17)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA GART Driver" = NVIDIA GART Driver

"Orbitron_is1" = Orbitron - Satellite Tracking System

"PopCap Browser Plugin" = PopCap Browser Plugin

"PS2" = PS2

"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions

"Python 2.2.1" = Python 2.2.1

"RadialpointClientGateway_is1" = TELUS eProtect Advisor 1.5.12

"RealPlayer 6.0" = RealOne Player

"Solitaire" = Solitaire

"Stellarium_is1" = Stellarium 0.10.0

"Trojan Guarder Gold Full Version_is1" = Trojan Guarder Gold Full Version

"Trojan Remover_is1" = Trojan Remover 6.7.4

"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)

"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"xp-AntiSpy" = xp-AntiSpy 3.96-8

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 13/10/2008 11:07:10 AM | Computer Name = HOMEOFFICE | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI> in

the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:

A

device attached to the system is not functioning. (0x8007001f)

Error - 13/10/2008 11:07:58 AM | Computer Name = HOMEOFFICE | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI> in

the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:

A

device attached to the system is not functioning. (0x8007001f)

[ System Events ]

Error - 12/11/2008 1:56:47 PM | Computer Name = HOMEOFFICE | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070652: Security Update for Microsoft Office 2007 (KB951550).

Error - 12/11/2008 1:59:36 PM | Computer Name = HOMEOFFICE | Source = Service Control Manager | ID = 7023

Description = The dvpapi service terminated with the following error: %%2147500053

Error - 12/11/2008 2:51:02 PM | Computer Name = HOMEOFFICE | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 12/11/2008 2:51:05 PM | Computer Name = HOMEOFFICE | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 12/11/2008 2:51:09 PM | Computer Name = HOMEOFFICE | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 12/11/2008 10:10:37 PM | Computer Name = HOMEOFFICE | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Windows Search service

to connect.

Error - 12/11/2008 10:10:37 PM | Computer Name = HOMEOFFICE | Source = Service Control Manager | ID = 7000

Description = The Windows Search service failed to start due to the following error:

%%1053

Error - 12/11/2008 10:10:37 PM | Computer Name = HOMEOFFICE | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Windows Search service

to connect.

Error - 12/11/2008 10:10:37 PM | Computer Name = HOMEOFFICE | Source = Service Control Manager | ID = 7000

Description = The Windows Search service failed to start due to the following error:

%%1053

Error - 12/11/2008 10:11:07 PM | Computer Name = HOMEOFFICE | Source = DCOM | ID = 10010

Description = The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register

with DCOM within the required timeout.

< End of report >

I'll add Panda ActiveScan log when it's completed.

Link to post
Share on other sites

Hi Raid,

As per your PM to me, here are *all* the Logfiles. I'll also do another mbam update and scan, zip and post for you.

Thanks!

LogFiles.zip

Reran mbam and updated then ran. this time I have a logfile for it. But as noted earlier, NO problems were detected.

Malwarebytes' Anti-Malware 1.30

Database version: 1403

Windows 5.1.2600 Service Pack 3

17/11/2008 9:14:20 AM

mbam-log-2008-11-17 (09-14-20).txt

Scan type: Full Scan (C:\|)

Objects scanned: 105425

Time elapsed: 1 hour(s), 0 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

LogFiles.zip

Link to post
Share on other sites

I'm behind.. :blink:

Let me sort a few things out and we'll go from there. In the meantime, I'd like for you to do this:

Please download and run the Trend Micro Sysclean Package on your computer.

NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.

  • Trend Micro Damage Cleanup Engine


Make sure you read this document to understand how to use the program.

Basically there are 3 parts that need to be downloaded from these links:


  • As an example on 2008-10-17 the files to download are:
    sysclean.com
    |
    lpt605.zip
    |
    ssapiptn697.zip
  • NOTE!
    These file names are examples and you must visit Trend Micro for the very latest files which may have different names.

  • Create a brand new folder to copy these files to.

  • As an example:
    C:\DCE

  • Then open each of the zipped archive files and copy their contents to
    C:\DCE

  • Copy the file
    sysclean.com
    to the new folder
    C:\DCE
    as well.

  • Double-click on the file
    sysclean.com
    that is in the
    C:\DCE
    folder and follow the on-screen instructions.

    After doing all of this, please post back your results, including the log file
    sysclean.log
    that will be left behind by sysclean.

  • This self-extracting archive is a stand-alone fix package that incorporates the Trend Micro VSAPI Malware and Spyware scanning engines as well as the Trend Micro Damage Cleanup Engine and Template.

    This tool supports the following features:

    o Terminate all detected malware/spyware instances in memory

    o Remove malware/spyware registry entries

    o Remove malware/spyware entries from system files

    o Scan for and delete all detected malware/spyware copies in all local drives

http://windowshelp.microsoft.com/windows/en-us/help/7050d809-c761-43d4-aae7-587550cd341a1033.mspx' rel="external nofollow">
Link to post
Share on other sites

I'm behind.. :D

Let me sort a few things out and we'll go from there. In the meantime, I'd like for you to do this:

Please download and run the Trend Micro Sysclean Package on your computer.

NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.

  • Trend Micro Damage Cleanup Engine

Make sure you read this document to understand how to use the program.

Basically there are 3 parts that need to be downloaded from these links:
  • As an example on 2008-10-17 the files to download are:
    sysclean.com
    |
    lpt605.zip
    |
    ssapiptn697.zip

  • NOTE!
    These file names are examples and you must visit Trend Micro for the very latest files which may have different names.

  • Create a brand new folder to copy these files to.

  • As an example:
    C:\DCE

  • Then open each of the zipped archive files and copy their contents to
    C:\DCE

  • Copy the file
    sysclean.com
    to the new folder
    C:\DCE
    as well.

  • Double-click on the file
    sysclean.com
    that is in the
    C:\DCE
    folder and follow the on-screen instructions.

    After doing all of this, please post back your results, including the log file
    sysclean.log
    that will be left behind by sysclean.

  • This self-extracting archive is a stand-alone fix package that incorporates the Trend Micro VSAPI Malware and Spyware scanning engines as well as the Trend Micro Damage Cleanup Engine and Template.

    This tool supports the following features:

    o Terminate all detected malware/spyware instances in memory

    o Remove malware/spyware registry entries

    o Remove malware/spyware entries from system files

    o Scan for and delete all detected malware/spyware copies in all local drives

http://windowshelp.microsoft.com/windows/en-us/help/7050d809-c761-43d4-aae7-587550cd341a1033.mspx' rel="external nofollow">

Heh, happens Raid! So no probs. Do you require mbam, hjt, otlistit as well?

Link to post
Share on other sites

Alright, first, I need for you to do the following:

START - RUN copy / paste this into the box and click OK

CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30

Make sure you close ALL applications before running this as it will restart your computer and run a Disk Check automatically.

After you restart, please acquire the following files, zip them and attach to this forum with a reference to this thread please

http://www.malwarebytes.org/forums/index.php?showforum=55

C:\WINDOWS\System32\tcpsvcs.exe

C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

C:\WINDOWS\system\hpsysdrv.exe

C:\WINDOWS\System32\drivers\StarOpen.sys

C:\WINDOWS\system32\drivers\utmxmjgy.sys

C:\WINDOWS\System32\starburnx.dll

C:\WINDOWS\System32\sys_dll.dll

How is your computer running at this point?

Link to post
Share on other sites

Alright, first, I need for you to do the following:

START - RUN copy / paste this into the box and click OK

CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30

Make sure you close ALL applications before running this as it will restart your computer and run a Disk Check automatically.

After you restart, please acquire the following files, zip them and attach to this forum with a reference to this thread please

http://www.malwarebytes.org/forums/index.php?showforum=55

C:\WINDOWS\System32\tcpsvcs.exe

C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

C:\WINDOWS\system\hpsysdrv.exe

C:\WINDOWS\System32\drivers\StarOpen.sys

C:\WINDOWS\system32\drivers\utmxmjgy.sys

C:\WINDOWS\System32\starburnx.dll

C:\WINDOWS\System32\sys_dll.dll

How is your computer running at this point?

Hi Raid, it's running sluggish but seems fine. No sign of the Anti-virus 2009 as of yet. I'll be back shortly with results.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.