Jump to content

Please help. Trojan still there after clean/delete/quarantine


Recommended Posts

Please help me. I dont know what i installed but i see 14 infections. After cleaning/deleting/quarantine/reboot i scan again and they are still there.

Here is the log file:

Malwarebytes' Anti-Malware 1.30

Database version: 1402

Windows 5.1.2600 Service Pack 2

11/17/2008 11:05:23 AM

mbam-log-2008-11-17 (11-05-23).txt

Scan type: Quick Scan

Objects scanned: 76411

Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Infected: 3

Memory Modules Infected: 0

Registry Keys Infected: 6

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 1

Files Infected: 3

Memory Processes Infected:

C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe (Trojan.Agent) -> Unloaded process successfully.

C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (C:\WINDOWS\pchealth\Global.exe) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:

C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.
I need you to follow the instructions provided here
first.
I also need for you to download this program
http://oldtimer.geekstogo.com/OTListIt.exe' rel="external nofollow">
to your desktop.
  • Close all applications and windows so that you have nothing open and are at your Desktop

  • Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.

  • Place a checkmark in the
    "Scan All Users"
    checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)

  • Click the Run Scan button

  • NOTE:
    Please be patient and let the scan run without using the computer

  • When the scan is complete, a text file (
    OTListIt.Txt
    ) will open in Notepad (if not, it can be found on your Desktop)

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.

  • Submit your reply and close the Notepad window with
    OTList.txt

  • Also OTListIt's
    Extras.txt
    log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.

  • NOTE:
    If the files (
    OTListIt.txt, Extras.txt
    ) do not appear in your taskbar, just open the files in notepad from your desktop.


Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.
Link to post
Share on other sites

I ran spybot and fixed everything and immunized.

here is malwarebytes log:

Malwarebytes' Anti-Malware 1.30

Database version: 1402

Windows 5.1.2600 Service Pack 2

11/17/2008 12:12:35 PM

mbam-log-2008-11-17 (12-12-35).txt

Scan type: Quick Scan

Objects scanned: 76214

Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Infected: 3

Memory Modules Infected: 0

Registry Keys Infected: 6

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 1

Files Infected: 3

Memory Processes Infected:

C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe (Trojan.Agent) -> Unloaded process successfully.

C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (C:\WINDOWS\pchealth\Global.exe) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:

C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe (Trojan.Agent) -> Quarantined and deleted successfully.

AND HERE IS HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:25:05 PM, on 11/17/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\windows\RTHDCPL.EXE

C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\windows\system32\RUNDLL32.EXE

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\windows\system32\nvsvc32.exe

C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\windows\system32\svchost.exe

e:\Program Files\Xobni\XobniService.exe

C:\windows\system32\wscntfy.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

E:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE

C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe

C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe

C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\windows\explorer.exe

C:\windows\system32\rundll32.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [] C:\WINDOWS\system\KEYBOARD.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe

O4 - HKLM\..\Policies\Explorer\Run: [sys] C:\WINDOWS\Fonts\Fonts.exe

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O8 - Extra context menu item: Append to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} (Nps Control) - http://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213335756796

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213339704953

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SlingAgent Service (SlingAgentService) - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\windows\System32\TuneUpDefragService.exe

O23 - Service: XobniService - Xobni Corporation - e:\Program Files\Xobni\XobniService.exe

--

End of file - 11713 bytes

Link to post
Share on other sites

sorry. FORGOT OTLIST. I took out a few WORK related word DOCS for confidentiality reasons. rest is intact.

OTListIt logfile created on: 11/17/2008 2:25:40 PM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\as\My Documents\Downloads

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 96.85% Memory free

4.00 Gb Paging File | 3.82 Gb Available in Paging File | 95.57% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 48.83 Gb Total Space | 6.12 Gb Free Space | 12.54% Space Free | Partition Type: NTFS

Drive D: | 149.04 Gb Total Space | 88.03 Gb Free Space | 59.06% Space Free | Partition Type: NTFS

Drive E: | 547.34 Gb Total Space | 129.68 Gb Free Space | 23.69% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 5.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HENRYDESKTOP

Current User Name: as

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2007/04/09 20:23:11 | 00,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE

[2007/04/10 15:28:44 | 16,126,464 | R--- | M] (Realtek Semiconductor Corp.) -- C:\windows\RTHDCPL.EXE

[2008/10/17 16:38:36 | 00,308,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe

[2008/09/25 21:54:14 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

[2004/08/04 09:07:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\RUNDLL32.EXE

[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

[2007/09/02 13:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe

[2008/09/05 06:43:40 | 24,359,720 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe

[2008/05/27 12:27:24 | 00,547,840 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe

[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

[2008/11/14 10:03:30 | 00,084,440 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe

[2008/09/25 21:53:20 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

[2008/07/21 17:15:14 | 00,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe

[2008/07/26 12:48:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\windows\system32\nvsvc32.exe

[2008/09/21 18:01:22 | 00,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

[2007/05/29 00:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

[2008/07/19 04:18:42 | 00,036,352 | ---- | M] (Xobni Corporation) -- e:\Program Files\Xobni\XobniService.exe

[2004/08/04 09:07:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\wscntfy.exe

[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe

[2008/10/28 17:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- E:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE

[2008/10/28 17:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

[2008/10/28 17:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

[2008/09/29 18:38:18 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

[2008/10/28 17:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

[2008/02/13 08:32:58 | 00,225,280 | RHS- | M] () -- C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe

[2008/02/13 08:32:58 | 00,225,280 | R-S- | M] () -- C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe

[2008/02/13 08:32:58 | 00,225,280 | RHS- | M] () -- C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe

[2008/08/23 13:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

[2007/09/20 10:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe

[2008/10/28 17:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

[2004/08/04 09:07:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\rundll32.exe

[2008/11/17 11:18:36 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

[2004/08/04 09:07:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe

[2004/08/04 09:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\NOTEPAD.EXE

[2008/11/17 12:16:47 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\as\My Documents\Downloads\OTListIt.exe

========== (O23) Win32 Services ==========

File not found -- -- (Adobe Version Cue CS3 [On_Demand | Stopped])

File not found -- -- (Alerter [Disabled | Stopped])

File not found -- -- (Apple Mobile Device [Auto | Running])

[2008/06/19 15:55:06 00,000,000 | ---D | M] -- C:\windows\System32\appmgmt -- (AppMgmt [On_Demand | Stopped])

File not found -- -- (aspnet_state [On_Demand | Stopped])

File not found -- -- (BITS [On_Demand | Stopped])

File not found -- -- (Bonjour Service [Auto | Running])

File not found -- -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

File not found -- -- (COMSysApp [On_Demand | Stopped])

File not found -- -- (DcomLaunch [Auto | Running])

[2008/06/12 21:39:17 00,000,000 | ---D | M] -- C:\windows\System32\dhcp -- (Dhcp [Auto | Running])

File not found -- -- (Dnscache [Auto | Running])

[2004/08/04 09:07:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\eventlog.dll -- (Eventlog [Auto | Running])

File not found -- -- (EventSystem [On_Demand | Running])

File not found -- -- (FastUserSwitchingCompatibility [On_Demand | Running])

File not found -- -- (FLEXnet Licensing Service [On_Demand | Stopped])

File not found -- -- (FontCache3.0.0.0 [On_Demand | Stopped])

File not found -- -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])

File not found -- -- (helpsvc [Auto | Running])

File not found -- -- (HotspotShieldService [Auto | Running])

File not found -- -- (HTTPFilter [On_Demand | Stopped])

File not found -- -- (IDriverT [On_Demand | Stopped])

File not found -- -- (idsvc [unknown | Stopped])

File not found -- -- (ImapiService [On_Demand | Stopped])

File not found -- -- (iPod Service [On_Demand | Running])

File not found -- -- (JavaQuickStarterService [Auto | Running])

File not found -- -- (lanmanserver [Auto | Running])

File not found -- -- (lanmanworkstation [Auto | Running])

File not found -- -- (LmHosts [Auto | Running])

File not found -- -- (Maxtor Sync Service [Auto | Running])

File not found -- -- (Messenger [Disabled | Stopped])

File not found -- -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

[2008/06/13 04:52:40 00,000,000 | ---D | M] -- C:\WINDOWS\system32\msdtc -- (MSDTC [On_Demand | Stopped])

File not found -- -- (MSIServer [On_Demand | Stopped])

File not found -- -- (NetDDEdsdm [Disabled | Stopped])

[2004/08/04 09:07:00 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])

File not found -- -- (NetTcpPortSharing [Disabled | Stopped])

File not found -- -- (Nla [On_Demand | Running])

File not found -- -- (NtLmSsp [On_Demand | Stopped])

File not found -- -- (NVSvc [Auto | Running])

File not found -- -- (odserv [On_Demand | Stopped])

File not found -- -- (ose [On_Demand | Stopped])

File not found -- -- (PlugPlay [Auto | Running])

File not found -- -- (Pml Driver HPZ12 [On_Demand | Stopped])

File not found -- -- (PolicyAgent [Auto | Running])

File not found -- -- (ProtectedStorage [Auto | Running])

[2004/08/04 09:07:00 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\rasman.dll -- (RasMan [On_Demand | Running])

File not found -- -- (RDSessMgr [On_Demand | Stopped])

File not found -- -- (RemoteAccess [Disabled | Stopped])

File not found -- -- (RemoteRegistry [Auto | Running])

File not found -- -- (RpcLocator [On_Demand | Stopped])

[2005/07/26 12:39:49 | 00,397,824 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\rpcss.dll -- (RpcSs [Auto | Running])

File not found -- -- (SamSs [Auto | Running])

File not found -- -- (Schedule [Auto | Running])

File not found -- -- (ServiceLayer [On_Demand | Stopped])

File not found -- -- (SharedAccess [Auto | Running])

File not found -- -- (ShellHWDetection [Auto | Running])

File not found -- -- (SlingAgentService [Auto | Running])

File not found -- -- (Spooler [Auto | Running])

File not found -- -- (srservice [Auto | Running])

[2004/08/04 09:07:00 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ssdpsrv.dll -- (SSDPSRV [Disabled | Stopped])

File not found -- -- (StarWindServiceAE [Auto | Running])

File not found -- -- (stisvc [Auto | Running])

[2004/08/04 09:07:00 | 00,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\swprv.dll -- (SwPrv [On_Demand | Stopped])

File not found -- -- (SysmonLog [On_Demand | Stopped])

File not found -- -- (TermService [On_Demand | Running])

File not found -- -- (Themes [Auto | Running])

File not found -- -- (TuneUp.Defrag [On_Demand | Stopped])

[2007/02/06 04:17:02 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\upnphost.dll -- (upnphost [Disabled | Stopped])

File not found -- -- (usnjsvc [On_Demand | Running])

File not found -- -- (usprserv [On_Demand | Stopped])

[2008/05/29 09:28:54 | 00,028,416 | ---- | M] (TuneUp Software GmbH) -- C:\windows\System32\uxtuneup.dll -- (UxTuneUp [Auto | Running])

File not found -- -- (VSS [On_Demand | Stopped])

File not found -- -- (WebClient [Auto | Running])

File not found -- -- (winmgmt [Auto | Running])

File not found -- -- (WLSetupSvc [On_Demand | Stopped])

File not found -- -- (WmdmPmSN [On_Demand | Stopped])

[2004/08/04 09:07:00 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wmi.dll -- (Wmi [On_Demand | Stopped])

File not found -- -- (WmiApSrv [On_Demand | Stopped])

File not found -- -- (XobniService [Auto | Running])

========== Driver Services ==========

[2004/11/12 03:09:06 | 00,197,120 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\aarsi3x.sys -- (aarsi3x [boot | Running])

[2004/10/08 09:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\windows\System32\drivers\AFS2K.SYS -- (AFS2K [system | Running])

[2007/07/03 18:33:26 | 00,029,696 | R--- | M] (Atheros Communications Inc.) -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002 [On_Demand | Running])

[2004/08/04 09:07:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga [system | Running])

[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2005/01/08 08:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2004/02/27 22:05:02 | 00,051,056 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412 [On_Demand | Running])

[2004/02/27 22:05:02 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])

[2004/02/27 22:05:04 | 00,021,488 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])

[2007/04/10 19:04:40 | 04,397,568 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Running])

[2008/05/27 12:11:54 | 00,096,896 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus [On_Demand | Running])

[2004/08/13 10:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])

[2008/07/26 12:48:00 | 06,097,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

[2004/08/04 09:07:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007/04/09 20:27:07 | 00,031,548 | ---- | M] (PowerISO Computing, Inc.) -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu [system | Running])

[2007/11/13 18:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2007/11/20 18:35:48 | 00,049,792 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl [On_Demand | Stopped])

[2008/07/11 19:15:59 | 00,716,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running])

[2008/08/01 06:42:02 | 00,025,216 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901 [On_Demand | Running])

[2008/01/24 05:25:32 | 00,027,136 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn [On_Demand | Running])

[2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (287907 bytes) - C:\windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com

O1 - Hosts: 127.0.0.1 123haustiereundmehr.com

O1 - Hosts: 9924 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files\Adobe [2008/06/12 16:44:04 00,000,000 | ---D | M]

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files\Adobe [2008/06/12 16:44:04 00,000,000 | ---D | M]

O3 - HKCU\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] C:\WINDOWS\system\KEYBOARD.exe File not found

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE File not found

O4 - HKLM..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" File not found

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName File not found

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC File not found

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE File not found

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE File not found

O4 - HKLM..\Run: [skyTel] SkyTel.EXE File not found

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found

O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found

O4 - HKCU..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe File not found

O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found

O4 - HKCU..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized File not found

O4 - HKLM..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe File not found

O4 - HKCU..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe File not found

O4 - Startup: C:\Documents and Settings\as\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Append to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs File not found

O15 - HKLM\..Trusted Sites: 50 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecurity.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} http://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab (Nps Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1213335756796 (WUWebControl Class)

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v4.cab (GameLauncher Control)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1213339704953 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O18 - Protocol\Handler: - cetihpz - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler: - grooveLocalGWS - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - livecall - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - ms-help - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msnim - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Shell" = Explorer.exe

>File not found -- C:\WINDOWS\explorer

"UserInit" = C:\WINDOWS\system32\userinit.exe,

>File not found -- C:\WINDOWS\system32\userinit

"UIHost" = C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe

>File not found --

>File not found --

>File not found --

>File not found --

>File not found --

>File not found --

>File not found --

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]

auto.exe:"Debugger" = C:\WINDOWS\system32\drivers\drivers.cab File not found

autorun.exe:"Debugger" = C:\WINDOWS\system32\drivers\drivers.cab File not found

autoruns.exe:"Debugger" = C:\WINDOWS\system32\drivers\drivers.cab File not found

boot.exe:"Debugger" = C:\WINDOWS\Fonts\Fonts File not found

ctfmon.exe:"Debugger" = C:\WINDOWS\Fonts\Fonts File not found

msconfig.exe:"Debugger" = C:\WINDOWS\Media\rndll32 File not found

procexp.exe:"Debugger" = C:\WINDOWS\pchealth\helpctr\binaries\HelpHost File not found

taskmgr.exe:"Debugger" = C:\WINDOWS\Fonts\tskmgr File not found

Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\system32\ntsd File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

autorun.inf [[autorun] | Open=MS-DOS.com | Shellexecute=MS-DOS.com | Shell\Open\command=MS-DOS.com | Shell\Explore\command=MS-DOS.com | ]

[2008/11/17 14:23:11 | 00,000,118 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]

autorun.inf [[autorun] | Open=MS-DOS.com | Shellexecute=MS-DOS.com | Shell\Open\command=MS-DOS.com | Shell\Explore\command=MS-DOS.com | ]

[2008/11/17 14:23:11 | 00,000,118 | RHS- | M] () -- D:\autorun.inf -- [ NTFS ]

autorun.inf [[autorun] | Open=MS-DOS.com | Shellexecute=MS-DOS.com | Shell\Open\command=MS-DOS.com | Shell\Explore\command=MS-DOS.com | ]

[2008/11/17 14:23:11 | 00,000,118 | RHS- | M] () -- E:\autorun.inf -- [ NTFS ]

autorun.inf [[autorun] | open = FalloutLauncher.exe | icon = Fallout3.ico | ]

[2008/09/09 05:13:25 | 00,000,058 | R--- | M] () -- I:\autorun.inf -- [ UDF ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{360e9efa-38c4-11dd-8add-806d6172696f}\Shell]

"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{360e9efa-38c4-11dd-8add-806d6172696f}\Shell\AutoRun]

"" = Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{360e9efa-38c4-11dd-8add-806d6172696f}\Shell\AutoRun\command]

"" = D:\maxsun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ef5d0d9-71e4-11dd-bf0f-001fc6b66ccf}\Shell\AutoRun\command]

"" = wscript.exe .\.vbs

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ef5d0d9-71e4-11dd-bf0f-001fc6b66ccf}\Shell\open\command]

"" = wscript.exe .\.vbs

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell]

"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun]

"" = Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command]

"" = H:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\windows\System32\*.tmp files]

[6 C:\windows\*.tmp files]

[2008/11/17 12:21:53 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\windows\System32\drivers\pavboot.sys

[2008/11/17 12:21:50 | 00,000,000 | ---D | C] -- C:\windows\LastGood

[2008/11/17 12:16:59 | 00,225,280 | R-S- | C] () -- C:\windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe

[2008/11/17 12:16:59 | 00,225,280 | RHS- | C] () -- C:\windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe

[2008/11/17 12:16:59 | 00,225,280 | RHS- | C] () -- C:\windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe

[2008/11/17 12:16:59 | 00,000,000 | -HSD | C] -- C:\windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}

[2008/11/17 12:12:55 | 00,061,440 | ---- | C] () -- C:\windows\System32\drivers\wptdv.sys

[2008/11/17 12:06:53 | 00,000,118 | RHS- | C] () -- C:\windows\System32\dllcache\autorun.inf

[2008/11/17 11:21:32 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\as\Desktop\Spybot - Search & Destroy.lnk

[2008/11/17 11:21:29 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2008/11/17 11:21:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2008/11/17 11:18:36 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\as\Desktop\HijackThis.lnk

[2008/11/17 10:56:36 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\as\Desktop\msconfig.exe

[2008/11/16 23:49:11 | 00,000,799 | ---- | C] () -- C:\Documents and Settings\as\Desktop\Hotspot Shield Launch.lnk

[2008/11/16 23:49:10 | 00,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield

[2008/11/16 14:48:17 | 00,000,000 | ---D | C] -- C:\windows\NV15521452.TMP

[2008/11/16 14:44:22 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\kbdhid.sys

[2008/11/16 14:44:22 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\kbdhid.sys

[2008/11/15 18:39:29 | 00,225,280 | RHS- | C] () -- C:\MS-DOS.com

[2008/11/15 18:39:29 | 00,000,118 | RHS- | C] () -- C:\autorun.inf

[2008/11/15 18:39:22 | 00,225,280 | RHS- | C] () -- C:\windows\System32\regedit.exe

[2008/11/15 18:39:22 | 00,225,280 | RHS- | C] () -- C:\windows\System32\drivers\drivers.cab.exe

[2008/11/15 18:39:22 | 00,225,280 | RHS- | C] () -- C:\windows\System32\dllcache\Global.exe

[2008/11/15 18:39:22 | 00,225,280 | RHS- | C] () -- C:\windows\System32\dllcache\Default.exe

[2008/11/15 18:39:22 | 00,225,280 | RHS- | C] () -- C:\windows\System\KEYBOARD.exe

[2008/11/15 18:39:22 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\tskmgr.exe

[2008/11/15 17:57:58 | 00,000,000 | ---D | C] -- C:\windows\NV6761340.TMP

[2008/11/15 14:33:09 | 00,000,000 | ---D | C] -- C:\Logs

[2008/11/15 13:37:21 | 00,000,118 | ---- | C] () -- C:\windows\System32\MRT.INI

[2008/11/14 22:46:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Application Data\PlayFirst

[2008/11/14 22:46:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2008/11/14 22:44:38 | 00,000,000 | ---D | C] -- C:\Program Files\THQ

[2008/11/14 21:38:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment

[2008/11/08 15:06:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\My Documents\My Spore Creations

[2008/11/08 15:06:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Application Data\SPORE

[2008/11/07 00:06:47 | 00,000,027 | ---- | C] () -- C:\XeroBank.ini

[2008/11/06 18:01:42 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_1.dll

[2008/11/06 18:01:42 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_0.dll

[2008/11/06 18:01:41 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_38.dll

[2008/11/06 18:01:41 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_38.dll

[2008/11/06 18:01:41 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_38.dll

[2008/11/06 18:01:41 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_1.dll

[2008/11/06 18:01:41 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_4.dll

[2008/11/06 18:01:05 | 00,000,000 | ---D | C] -- C:\windows\Logs

[2008/11/06 17:59:10 | 00,000,000 | ---D | C] -- C:\windows\System32\XPSViewer

[2008/11/06 17:58:49 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies

[2008/11/06 17:58:25 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spmsg2.dll

[2008/11/02 21:58:38 | 00,000,000 | ---D | C] -- C:\SERVER FILES

[2008/11/02 21:46:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Local Settings\Application Data\GlobalSCAPE

[2008/11/02 21:46:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE

[2008/11/02 21:25:21 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System\msconfig.exe

[2008/11/02 21:22:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\The Incredibles (PSP, iPhone, iPod Touch, Nano, Zune)

[2008/11/02 21:20:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Application Data\GlobalSCAPE

[2008/11/02 21:19:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Itouch.Iphone.Apps.PACK.2.BGMRK

[2008/11/02 21:18:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Itouch.Iphone.Apps.PACK.3.BGMRK

[2008/11/01 13:24:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Application Data\IBP

[2008/11/01 12:41:41 | 00,000,000 | ---D | C] -- C:\Program Files\FXstyle-Spider

[2008/11/01 11:37:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Application Data\AtomPark

[2008/11/01 03:21:34 | 00,000,000 | ---D | C] -- C:\windows\CSC

[2008/11/01 03:14:35 | 00,000,073 | ---- | C] () -- C:\windows\EurekaLog.ini

[2008/11/01 02:16:37 | 00,000,000 | ---D | C] -- C:\Program Files\Tweak Marketing

[2008/11/01 02:11:31 | 00,001,406 | ---- | C] () -- C:\Program Files\favicon.ico

[2008/11/01 01:53:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lencom

[2008/11/01 01:52:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LencomShare

[2008/10/30 23:16:21 | 06,438,005 | ---- | C] () -- C:\Documents and Settings\as\Desktop\The Bravery - Believe.mp3

[2008/10/30 10:48:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Local Settings\Application Data\Cranium

[2008/10/30 04:34:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Local Settings\Application Data\Cranium_Consulting_and_Cu

[2008/10/30 04:33:59 | 00,000,000 | ---D | C] -- C:\Program Files\iPhoneBrowser

[2008/10/30 04:26:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Application Data\Computer Aces

[2008/10/30 01:15:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\My Documents\Red Kawa

[2008/10/30 01:15:13 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5

[2008/10/30 01:15:11 | 00,000,000 | ---D | C] -- C:\Program Files\Red Kawa

[2008/10/29 21:28:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Desktop\QuickPwn21-1

[2008/10/29 17:12:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ptpusb.dll

[2008/10/29 17:12:01 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ptpusd.dll

[2008/10/29 15:05:33 | 22,450,2002 | ---- | C] () -- C:\Documents and Settings\as\Desktop\Magazines.zip

[2008/10/26 20:44:30 | 00,000,000 | ---D | C] -- C:\Program Files\TagRename

[2008/10/26 13:26:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Local Settings\Application Data\RcIncidents

[2008/10/23 19:31:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Media Center Programs

[2008/10/23 19:28:34 | 00,000,000 | ---D | C] -- C:\windows\System32\AGEIA

[2008/10/23 19:28:34 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies

[2008/10/20 21:05:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VanDyke

[2008/10/20 02:52:12 | 00,000,000 | ---D | C] -- C:\Program Files\iPod

[2008/10/20 02:52:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2008/10/20 02:50:56 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2008/10/20 02:50:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2008/10/20 02:50:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple

[2008/10/20 02:29:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nokia

[2008/10/20 01:43:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\My Documents\Audible

[2008/10/20 01:43:37 | 00,000,000 | ---D | C] -- C:\Program Files\Audible

[2008/10/20 01:01:49 | 00,000,000 | R--D | C] -- C:\Documents and Settings\as\My Documents\My Videos

[2008/10/20 01:01:11 | 00,060,812 | R--- | C] () -- C:\Documents and Settings\as\My Documents\Phone Numbers.nbu

[2008/10/20 00:58:12 | 00,054,156 | -H-- | C] () -- C:\windows\QTFont.qfn

[2008/10/20 00:58:12 | 00,001,409 | ---- | C] () -- C:\windows\QTFont.for

[2008/10/20 00:40:16 | 00,049,792 | ---- | C] (Prolific Technology Inc.) -- C:\windows\System32\drivers\ser2pl.sys

[2008/10/20 00:37:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LogoManager

[2008/10/20 00:35:33 | 00,000,000 | ---D | C] -- C:\Program Files\MobiMB Mobile Media Browser

[2008/10/20 00:14:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite

[2008/10/20 00:14:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia

[2008/10/20 00:14:02 | 00,000,000 | ---D | C] -- C:\Program Files\Nokia

[2008/10/19 23:25:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Application Data\Nokia

[2008/10/19 23:25:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Application Data\PC Suite

[2008/10/19 23:25:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2008/10/19 23:24:37 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX

[2008/10/19 23:24:36 | 00,021,632 | ---- | C] (Nokia) -- C:\windows\System32\drivers\pccsmcfd.sys

[2008/10/19 23:24:33 | 00,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution

[2008/10/19 23:24:28 | 00,090,624 | ---- | C] (Nokia) -- C:\windows\System32\nmwcdcls.dll

[2008/10/19 23:24:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations

[2008/10/19 20:28:22 | 00,000,000 | ---D | C] -- C:\Program Files\ASUS

[2008/10/19 01:38:46 | 00,000,000 | ---D | C] -- C:\Program Files\Prime95

[2008/10/19 00:16:53 | 00,000,000 | ---D | C] -- C:\Program Files\VanDyke Software

[2008/10/19 00:16:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Local Settings\Application Data\Downloaded Installations

========== Files - Modified Within 30 Days ==========

[1 C:\windows\System32\*.tmp files]

[6 C:\windows\*.tmp files]

[2008/11/17 14:23:11 | 00,000,118 | RHS- | M] () -- C:\windows\System32\dllcache\autorun.inf

[2008/11/17 14:23:11 | 00,000,118 | RHS- | M] () -- C:\autorun.inf

[2008/11/17 14:00:00 | 00,000,512 | ---- | M] () -- C:\windows\tasks\Verifica e correzione automatica.job

[2008/11/17 14:00:00 | 00,000,480 | ---- | M] () -- C:\windows\tasks\1-Click Maintenance.job

[2008/11/17 12:12:55 | 00,061,440 | ---- | M] () -- C:\windows\System32\drivers\wptdv.sys

[2008/11/17 12:09:07 | 00,287,907 | R--- | M] () -- C:\windows\System32\drivers\etc\HOSTS

[2008/11/17 11:56:12 | 00,527,750 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI

[2008/11/17 11:56:12 | 00,445,480 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2008/11/17 11:56:12 | 00,072,562 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2008/11/17 11:52:12 | 00,000,565 | ---- | M] () -- C:\Documents and Settings\as\My Documents\My Sharing Folders.lnk

[2008/11/17 11:51:52 | 00,190,556 | ---- | M] () -- C:\windows\System32\nvapps.xml

[2008/11/17 11:51:41 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT

[2008/11/17 11:51:40 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat

[2008/11/17 11:21:32 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\as\Desktop\Spybot - Search & Destroy.lnk

[2008/11/17 11:18:36 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\as\Desktop\HijackThis.lnk

[2008/11/17 10:54:05 | 00,158,208 | ---- | M] (Microsoft Corporation) -- C:\windows\System\msconfig.exe

[2008/11/17 10:54:05 | 00,158,208 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\as\Desktop\msconfig.exe

[2008/11/17 07:24:00 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job

[2008/11/16 23:52:07 | 00,000,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk

[2008/11/16 23:49:11 | 00,000,799 | ---- | M] () -- C:\Documents and Settings\as\Desktop\Hotspot Shield Launch.lnk

[2008/11/16 21:37:31 | 00,000,875 | ---- | M] () -- C:\Documents and Settings\as\Desktop\Fallout 3.lnk

[2008/11/15 14:58:22 | 01,577,274 | -H-- | M] () -- C:\Documents and Settings\as\Local Settings\Application Data\IconCache.db

[2008/11/15 13:37:21 | 00,000,118 | ---- | M] () -- C:\windows\System32\MRT.INI

[2008/11/15 13:33:59 | 00,001,393 | ---- | M] () -- C:\windows\imsins.BAK

[2008/11/15 02:38:14 | 00,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini

[2008/11/15 02:38:10 | 00,100,864 | ---- | M] () -- C:\Documents and Settings\as\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/11/14 17:42:14 | 00,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl

[2008/11/09 20:48:48 | 01,644,848 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2008/11/07 00:06:47 | 00,000,027 | ---- | M] () -- C:\XeroBank.ini

[2008/11/06 18:25:20 | 00,090,872 | ---- | M] () -- C:\Documents and Settings\as\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2008/11/04 08:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MRT.exe

[2008/11/02 21:25:42 | 00,000,587 | ---- | M] () -- C:\windows\win.ini

[2008/11/02 21:25:42 | 00,000,227 | ---- | M] () -- C:\windows\system.ini

[2008/11/01 03:54:54 | 00,000,073 | ---- | M] () -- C:\windows\EurekaLog.ini

[2008/11/01 03:39:29 | 00,355,584 | ---- | M] (TuneUp Software GmbH) -- C:\windows\System32\TuneUpDefragService.exe

[2008/10/31 22:09:29 | 06,438,005 | ---- | M] () -- C:\Documents and Settings\as\Desktop\The Bravery - Believe.mp3

[2008/10/29 15:06:18 | 22,450,2002 | ---- | M] () -- C:\Documents and Settings\as\Desktop\Magazines.zip

[2008/10/24 19:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\mrxsmb.sys

[2008/10/24 19:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mrxsmb.sys

[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys

[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2008/10/20 01:01:41 | 00,060,812 | R--- | M] () -- C:\Documents and Settings\as\My Documents\Phone Numbers.nbu

[2008/10/20 00:58:12 | 00,054,156 | -H-- | M] () -- C:\windows\QTFont.qfn

[2008/10/20 00:58:12 | 00,001,409 | ---- | M] () -- C:\windows\QTFont.for

< End of report >

Link to post
Share on other sites

I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you Fully Understand how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting Pre- HJT Post Instructions

Also don't forget that we offer FREE assistance with General PC questions and repair here PC Help

If you're pleased with the product Malwarebytes and the service provided you, please let your friends, family, and co-workers know. http://www.malwarebytes.org

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.