TRaNz Posted November 28, 2008 ID:36654 Share Posted November 28, 2008 Hey guys, i see to have a problem here. After running MBAM, it picks up this Trojan.Agent, which i'll remove and delete, but it comes back after i do another scan.Heres the Mbam log and the HJT underneath it.For the HJT it seems to be that line 'O21', that i cant get rid of, any help to remove that re-occuring registry key would be appreciated.Malwarebytes' Anti-Malware 1.30Database version: 1430Windows 5.1.2600 Service Pack 32008-11-28 11:40:05 AMmbam-log-2008-11-28 (11-40-01).txtScan type: Quick ScanObjects scanned: 57843Time elapsed: 3 minute(s), 53 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SSODL (Trojan.Agent) -> No action taken.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)--------------------------------------------------------------------------------------------------Malwarebytes' Anti-Malware 1.30Database version: 1430Windows 5.1.2600 Service Pack 32008-11-28 11:40:32 AMmbam-log-2008-11-28 (11-40-32).txtScan type: Quick ScanObjects scanned: 57843Time elapsed: 3 minute(s), 53 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SSODL (Trojan.Agent) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:34 AM, on 2008-11-28Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\DU Meter\DUMeter.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Documents and Settings\Jas0n\Desktop\procexp.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Xfire\xfire.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exeO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startguiO4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clearO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195474496046O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{DE5D2345-EDD5-4E42-87E4-4D99B1BB8006}: Domain = vic.bigpond.net.auO17 - HKLM\System\CCS\Services\Tcpip\..\{DE5D2345-EDD5-4E42-87E4-4D99B1BB8006}: NameServer = 61.9.133.193,61.9.134.49O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}t - (no file)O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exeO23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe--End of file - 9309 bytes Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 28, 2008 ID:36664 Share Posted November 28, 2008 Hello TRaNz,You need to disable Spybot's Tea Timer as long as we are trying to clean this system; otherwise it will interfere. AND may well be the reason that you had a problem cleaning all your issues.1. Run Spybot-S&D in Advanced Mode. If it is not already set to do this Go to the Mode menu select "Advanced Mode" On the left hand side, Click on Tools Then click on the Resident Icon in the List Uncheck "Resident TeaTimer" and OK any prompts. Restart your computer.2. Start HijackThis. Look for these lines and place a checkmark against each of the following, if still presentO21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}t - (no file)Click on Fix Checked when finished and exit HijackThis. Make sure your Internet Explorer (& or any other window) is closed when you click Fix Checked! 3. Set Windows to show all files and all folders. On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed. "CHECK" (turn on) Display the contents of system folders. Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders. Next, un-check Hide extensions for known file types. Next un-check Hide protected operating system files. 4. Take out the trash (temporary files & temporary internet files) Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.Start ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser, do this also:Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program. ATF-Cleaner should be run per the above in every user-login account {User Profile} =5. Start your MBAM. Click the Update tab. Press the "Check for Updates" button. When done, click the Scanner tab.Do another scan. Let it quarantine or remove tagged items. Get a copy of that log in your next reply.= 6. Download OTListIt.exe & SAVE it to your desktop.Close all applications and windows so that you have nothing open and are at your DesktopDouble-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.Place a checkmark in the "Scan All Users" checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)Click the Run Scan buttonNOTE: Please be patient and let the scan run without using the computerWhen the scan is complete, a text file (OTListIt.Txt) will open in Notepad (if not, it can be found on your Desktop)In Notepad, click Edit, Select all then Edit, CopyReply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.Submit your reply and close the Notepad window with OTList.txtAlso OTListIt's Extras.txt log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the windowIn Notepad, click Edit, Select all then Edit, CopyReply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.NOTE: If the files (OTListIt.txt, Extras.txt) do not appear in your taskbar, just open the files in notepad from your desktop. Link to post Share on other sites More sharing options...
TRaNz Posted November 28, 2008 Author ID:36670 Share Posted November 28, 2008 Malwarebytes' Anti-Malware 1.30Database version: 1430Windows 5.1.2600 Service Pack 32008-11-28 3:50:21 PMmbam-log-2008-11-28 (15-50-21).txtScan type: Quick ScanObjects scanned: 57319Time elapsed: 3 minute(s), 32 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
TRaNz Posted November 28, 2008 Author ID:36671 Share Posted November 28, 2008 OTListIt logfile created on: 2008-11-28 3:51:34 PM - Run OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Jas0n\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: yyyy-MM-dd2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.36% Memory free3.85 Gb Paging File | 3.50 Gb Available in Paging File | 91.07% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092;%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 186.31 Gb Total Space | 119.46 Gb Free Space | 64.12% Space Free | Partition Type: NTFSD: Drive not present or media not loadedDrive E: | 465.76 Gb Total Space | 134.19 Gb Free Space | 28.81% Space Free | Partition Type: NTFSF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: JASON-6MAVW4ZKZCurrent User Name: Jas0nLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersWhitelist: OnFile Age = 30 Days========== Processes ==========[2008-11-19 04:52:51 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[2008-11-19 04:38:57 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe[2004-12-22 20:09:44 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE[2006-11-27 15:18:48 | 01,582,616 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeter.exe[2008-08-04 10:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe[2007-08-24 08:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2008-11-19 04:39:02 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe[2008-04-14 11:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe[2007-08-03 12:51:06 | 00,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[2008-05-02 02:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe[2008-05-02 02:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe[2007-08-08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2007-07-03 12:32:16 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[2008-10-07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe[2007-12-28 13:53:58 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe[2008-11-28 12:21:34 | 00,202,040 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe[2005-09-27 12:16:00 | 02,635,472 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe[2008-11-19 04:38:44 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2008-11-19 04:36:32 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2007-08-03 12:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2007-08-03 12:51:18 | 01,422,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2008-04-14 11:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe[2008-11-28 15:36:10 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jas0n\Desktop\OTListIt.exe========== (O23) Win32 Services ==========[2007-11-19 22:00:46 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])[2007-10-24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])[2008-11-19 04:52:51 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])[2008-11-19 04:38:57 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])[2008-11-19 04:38:44 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])[2008-11-19 04:36:32 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])[2007-01-31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Disabled | Stopped])[2007-10-24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])[2007-10-09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])[2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])[2007-10-11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])[2008-05-02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])[2007-08-24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])[2007-08-08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])[2007-10-11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])[2007-08-03 12:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])[2007-07-03 12:32:16 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Running])[2008-10-07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])[2007-08-24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])[2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])[2007-12-28 13:53:58 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])[2008-11-28 12:21:34 | 00,202,040 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])[2008-08-07 12:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])[2005-09-27 12:16:00 | 02,635,472 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService [Auto | Running])[2007-10-18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [Disabled | Stopped])[2007-10-25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])[2006-10-18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])========== Driver Services ==========[2008-11-19 05:00:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Running])[2004-12-22 20:07:12 | 02,304,320 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])[2007-06-29 14:47:34 | 00,034,304 | ---- | M] (AMD, Inc.) -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD [On_Demand | Running])[2007-04-16 21:46:00 | 00,033,792 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM [system | Running])[2008-11-19 05:02:43 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])[2008-11-19 05:04:21 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])[2008-11-19 05:01:09 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])[2008-11-19 05:03:33 | 00,110,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Running])[2008-11-19 05:01:23 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running])[2006-11-11 00:08:50 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool [system | Running])[2005-01-11 12:39:58 | 00,234,140 | ---- | M] (Tetradyne Software, Inc.) -- C:\WINDOWS\system32\drivers\driverx.sys -- (DriverX [Auto | Running])[1996-04-04 06:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [boot | Running])[2001-08-18 00:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir [On_Demand | Running])[2008-02-29 03:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])[2008-02-29 03:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])[2008-02-29 03:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])[2008-05-07 08:38:20 | 00,017,536 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])[2008-05-07 08:38:20 | 00,020,864 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])[2008-10-07 13:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])[2005-05-17 20:45:08 | 00,092,800 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [boot | Running])[2005-04-06 06:22:28 | 00,033,536 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])[2005-04-06 06:22:30 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])[2007-07-03 12:33:04 | 00,006,912 | ---- | M] (NVidia Corp.) -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev [On_Demand | Running])[2008-06-19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running])[2007-09-17 16:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])[2002-09-16 17:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [system | Running])[2001-08-23 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])[2007-03-08 10:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])[2007-11-13 21:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])[2006-09-25 00:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [boot | Running])[2004-09-17 16:04:00 | 00,052,384 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus [On_Demand | Stopped])[2005-08-30 18:58:56 | 00,008,304 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])[2005-08-30 18:59:00 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])[2005-09-27 11:43:10 | 00,061,008 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\Teefer.sys -- (Teefer [boot | Running])[1999-08-30 15:51:42 | 00,009,152 | ---- | M] () -- C:\WINDOWS\System32\drivers\Ticalc.sys -- (TICalc [Auto | Running])[2008-02-27 19:26:29 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])[2005-12-19 13:06:16 | 00,076,768 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\umpusbxp.sys -- (umpusbxp [On_Demand | Stopped])[2008-06-06 10:24:44 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])[2008-04-14 05:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])[2008-05-07 08:38:36 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])[2006-11-02 08:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])[2005-09-27 12:16:06 | 00,014,944 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg3n.sys -- (wg3n [Auto | Running])[2005-09-27 12:16:06 | 00,014,944 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg4n.sys -- (wg4n [Auto | Running])[2005-09-27 12:16:08 | 00,014,944 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg5n.sys -- (wg5n [Auto | Running])[2005-09-27 12:16:08 | 00,014,944 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg6n.sys -- (wg6n [Auto | Running])[2005-09-27 11:44:56 | 00,021,075 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt [system | Running])[2005-07-14 12:59:06 | 00,389,788 | ---- | M] (Vimicro Corporation) -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303 [On_Demand | Stopped])========== Internet Explorer ==========HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsHKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htmHKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskHKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=homeHKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmHKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchHKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmHKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchHKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htmHKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchHKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhomeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchHKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhomeHKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchHKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhomeHKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0HKU\S-1-5-21-1202660629-1547161642-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchHKU\S-1-5-21-1202660629-1547161642-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htmHKU\S-1-5-21-1202660629-1547161642-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchHKU\S-1-5-21-1202660629-1547161642-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhomeHKU\S-1-5-21-1202660629-1547161642-839522115-1003\S-1-5-21-1202660629-1547161642-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)O4 - HKLM..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd)O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not foundO4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()O4 - HKLM..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui (Sygate Technologies, Inc.)O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" ()O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (Nero AG)O4 - HKCU..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (NVIDIA)O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog File not foundO4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog File not foundO4 - HKU\S-1-5-21-1202660629-1547161642-839522115-1003..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (Nero AG)O4 - HKU\S-1-5-21-1202660629-1547161642-839522115-1003..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (NVIDIA)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)O4 - Startup: C:\Documents and Settings\Jas0n\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1202660629-1547161642-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1202660629-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-21-1202660629-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0O7 - HKU\S-1-5-21-1202660629-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0O7 - HKU\S-1-5-21-1202660629-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0O7 - HKU\S-1-5-21-1202660629-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1O7 - HKU\S-1-5-21-1202660629-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0O7 - HKU\S-1-5-21-1202660629-1547161642-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O15 - HKLM\..Trusted Sites: 50 domain(s) and sub-domain(s) not assigned to a zone.O15 - HKCU\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.O15 - HKU\.DEFAULT\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.O15 - HKU\S-1-5-18\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.O15 - HKU\S-1-5-21-1202660629-1547161642-839522115-1003\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1195474496046 (MUWebControl Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vic.bigpond.net.auO17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 61.9.133.193,61.9.134.49O18 - Protocol\Handler: - grooveLocalGWS - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)O18 - Protocol\Handler: - ipp - No CLSID value foundO18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler: - livecall - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)O18 - Protocol\Handler: - msdaipp - No CLSID value foundO18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler: - ms-help - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler: - msnim - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)O18 - Protocol\Handler: - skype4com - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - See sections below for AppInitDlls and Winlogon settings========== Winlogon Notify Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]LBTWlgn: "DllName" = c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll -- c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)========== Shell Execute Hooks ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)========== Safeboot Options =========="AlternateShell" = cmd.exe========== CDRom AutoRun Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]"AutoRun" = 1========== Autorun Files on Drives ==========AUTOEXEC.BAT [][2007-11-19 18:26:26 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]========== MountPoints2 ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27d042f8-e72a-11dc-9e00-0014851c35bb}\Shell]"" = AutoRun[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27d042f8-e72a-11dc-9e00-0014851c35bb}\Shell\AutoRun]"" = Auto&Play[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27d042f8-e72a-11dc-9e00-0014851c35bb}\Shell\AutoRun\command]"" = F:\LaunchU3.exe -- File not found[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]"" = AutoRun[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun]"" = Auto&Play[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]"" = F:\LaunchU3.exe -- File not found========== Files/Folders - Created Within 30 Days ==========[2 C:\WINDOWS\System32\*.tmp files][5 C:\WINDOWS\*.tmp files][2008-11-28 15:36:16 | 00,418,304 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jas0n\Desktop\OTListIt.exe[2008-11-28 11:06:17 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys[2008-11-28 11:05:54 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security[2008-11-28 10:19:37 | 00,020,576 | ---- | C] () -- C:\Documents and Settings\Jas0n\My Documents\cc_20081128_101936.reg[2008-11-28 10:18:51 | 01,191,488 | ---- | C] () -- C:\Documents and Settings\Jas0n\My Documents\cc_20081128_101847.reg[2008-11-28 10:02:09 | 00,053,248 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE[2008-11-28 10:00:46 | 00,000,223 | ---- | C] () -- C:\Boot.bak[2008-11-28 10:00:45 | 00,260,272 | ---- | C] () -- C:\cmldr[2008-11-28 10:00:41 | 00,000,000 | RHSD | C] -- C:\cmdcons[2008-11-28 09:59:00 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe[2008-11-28 09:58:59 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe[2008-11-28 09:58:59 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe[2008-11-28 09:58:59 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe[2008-11-28 09:58:59 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[2008-11-28 09:58:59 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe[2008-11-28 09:58:59 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[2008-11-28 09:58:59 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[2008-11-28 09:58:59 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe[2008-11-28 09:58:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2008-11-28 09:58:47 | 00,000,000 | ---D | C] -- C:\Qoobox[2008-11-28 09:58:46 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7462.exe[2008-11-28 09:58:46 | 00,000,000 | ---D | C] -- C:\ComboFix[2008-11-28 09:41:40 | 03,054,932 | R--- | C] () -- C:\Documents and Settings\Jas0n\Desktop\ComboFix.exe[2008-11-28 04:07:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2[2008-11-28 04:02:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jas0n\Application Data\WinRAR[2008-11-28 03:55:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT[2008-11-28 03:22:00 | 00,002,834 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg[2008-11-28 02:46:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jas0n\Application Data\Malwarebytes[2008-11-28 02:46:33 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2008-11-28 02:46:31 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2008-11-28 02:46:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2008-11-28 02:46:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2008-11-28 02:45:50 | 02,372,472 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jas0n\Desktop\mbam-setup.exe[2008-11-28 01:11:13 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner[2008-11-27 12:01:05 | 00,001,752 | ---- | C] () -- C:\Documents and Settings\Jas0n\Desktop\HijackThis.lnk[2008-11-27 12:01:05 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2008-11-26 22:33:42 | 00,000,327 | ---- | C] () -- C:\WINDOWS\wininit.ini[2008-11-25 21:10:30 | 00,000,796 | ---- | C] () -- C:\Documents and Settings\Jas0n\Desktop\StepMania 3.9.lnk[2008-11-25 21:10:20 | 00,000,000 | ---D | C] -- C:\Program Files\StepMania[2008-11-25 20:47:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jas0n\Application Data\dyyno-vlc[2008-11-25 20:46:44 | 00,000,000 | ---D | C] -- C:\Program Files\Dyyno[2008-11-25 20:46:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jas0n\Local Settings\Application Data\Dyyno Receiver[2008-11-21 07:44:26 | 00,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll[2008-11-17 21:49:37 | 00,001,835 | ---- | C] () -- C:\Documents and Settings\Jas0n\Desktop\PoE2.lnk[2008-11-17 20:03:31 | 00,001,865 | ---- | C] () -- C:\Documents and Settings\Jas0n\Desktop\Battlefield 2 SF +szx 1680 +szy 1050.lnk[2008-11-17 15:51:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd[2008-11-17 15:51:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jas0n\Application Data\Logitech[2008-11-17 15:50:29 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf[2008-11-17 15:50:13 | 00,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk[2008-11-17 15:50:13 | 00,001,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk[2008-11-17 15:50:09 | 00,170,512 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\kemutb.dll[2008-11-17 15:50:09 | 00,145,936 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemUtil.dll[2008-11-17 15:50:09 | 00,117,264 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemWnd.dll[2008-11-17 15:50:09 | 00,084,496 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemXML.dll[2008-11-17 15:49:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech[2008-11-17 15:49:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd[2008-11-17 15:49:50 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech[2008-11-17 15:49:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jas0n\Application Data\InstallShield[2008-11-17 15:44:14 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys[2008-11-17 15:44:14 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys[2008-11-17 14:36:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA[2008-11-17 14:36:54 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies[2008-11-17 14:36:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\NV32081800.TMP[2008-11-12 13:47:24 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys[2008-11-12 13:47:14 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll[2008-11-09 03:44:28 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition[2008-11-09 03:36:03 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live[2008-11-09 02:38:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft[2008-11-09 02:35:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live[2008-11-06 14:54:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jas0n\Application Data\Winamp[2008-11-04 21:26:57 | 00,069,644 | ---- | C] () -- C:\Documents and Settings\Jas0n\My Documents\ProExplorer 0.9.rar========== Files - Modified Within 30 Days ==========[2 C:\WINDOWS\System32\*.tmp files][5 C:\WINDOWS\*.tmp files][2008-11-28 15:40:47 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT[2008-11-28 15:40:15 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2008-11-28 15:40:06 | 00,194,986 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml[2008-11-28 15:40:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2008-11-28 15:39:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2008-11-28 15:36:10 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jas0n\Desktop\OTListIt.exe[2008-11-28 12:21:43 | 00,137,688 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys[2008-11-28 12:21:34 | 00,202,040 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe[2008-11-28 10:19:39 | 00,020,576 | ---- | M] () -- C:\Documents and Settings\Jas0n\My Documents\cc_20081128_101936.reg[2008-11-28 10:19:12 | 01,191,488 | ---- | M] () -- C:\Documents and Settings\Jas0n\My Documents\cc_20081128_101847.reg[2008-11-28 10:04:21 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2008-11-28 10:04:07 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2008-11-28 10:02:09 | 00,053,248 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE[2008-11-28 10:00:46 | 00,000,293 | RHS- | M] () -- C:\boot.ini[2008-11-28 09:58:42 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7462.exe[2008-11-28 09:56:01 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb[2008-11-28 09:56:01 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb[2008-11-28 09:42:05 | 03,054,932 | R--- | M] () -- C:\Documents and Settings\Jas0n\Desktop\ComboFix.exe[2008-11-28 04:08:34 | 00,526,710 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2008-11-28 04:08:34 | 00,444,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2008-11-28 04:08:34 | 00,072,268 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2008-11-28 03:44:44 | 00,002,834 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg[2008-11-28 02:45:36 | 00,008,812 | -H-- | M] () -- C:\WINDOWS\System32\pobeseza[2008-11-28 02:32:42 | 02,372,472 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jas0n\Desktop\mbam-setup.exe[2008-11-28 01:59:09 | 00,000,327 | ---- | M] () -- C:\WINDOWS\wininit.ini[2008-11-27 12:01:05 | 00,001,752 | ---- | M] () -- C:\Documents and Settings\Jas0n\Desktop\HijackThis.lnk[2008-11-26 23:53:44 | 00,000,974 | ---- | M] () -- C:\WINDOWS\win.ini[2008-11-26 23:53:44 | 00,000,223 | ---- | M] () -- C:\Boot.bak[2008-11-25 21:10:30 | 00,000,796 | ---- | M] () -- C:\Documents and Settings\Jas0n\Desktop\StepMania 3.9.lnk[2008-11-25 15:37:33 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2008-11-21 07:44:26 | 00,042,320 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll[2008-11-20 02:23:08 | 00,148,480 | ---- | M] () -- C:\Documents and Settings\Jas0n\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2008-11-19 05:04:36 | 00,093,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys[2008-11-19 05:04:21 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys[2008-11-19 05:03:33 | 00,110,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys[2008-11-19 05:02:43 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys[2008-11-19 05:01:23 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys[2008-11-19 05:01:09 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys[2008-11-19 05:00:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys[2008-11-19 04:41:38 | 01,233,112 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe[2008-11-19 04:35:22 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr[2008-11-17 21:49:37 | 00,001,835 | ---- | M] () -- C:\Documents and Settings\Jas0n\Desktop\PoE2.lnk[2008-11-17 20:03:31 | 00,001,865 | ---- | M] () -- C:\Documents and Settings\Jas0n\Desktop\Battlefield 2 SF +szx 1680 +szy 1050.lnk[2008-11-17 16:06:26 | 00,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Battlefield 2 +szx 1680 +szy 1050.lnk[2008-11-17 15:50:29 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf[2008-11-17 15:50:13 | 00,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk[2008-11-17 15:50:13 | 00,001,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk[2008-11-10 22:51:08 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Jas0n\Local Settings\Application Data\PUTTY.RND[2008-11-04 21:27:01 | 00,069,644 | ---- | M] () -- C:\Documents and Settings\Jas0n\My Documents\ProExplorer 0.9.rar< End of report > Link to post Share on other sites More sharing options...
TRaNz Posted November 28, 2008 Author ID:36672 Share Posted November 28, 2008 OTListIt Extras logfile created on: 2008-11-28 3:51:34 PM - Run OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Jas0n\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: yyyy-MM-dd2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.36% Memory free3.85 Gb Paging File | 3.50 Gb Available in Paging File | 91.07% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092;%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 186.31 Gb Total Space | 119.46 Gb Free Space | 64.12% Space Free | Partition Type: NTFSD: Drive not present or media not loadedDrive E: | 465.76 Gb Total Space | 134.19 Gb Free Space | 28.81% Space Free | Partition Type: NTFSF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: JASON-6MAVW4ZKZCurrent User Name: Jas0nLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersWhitelist: OnFile Age = 30 Days========== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][2008-04-14 05:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000[2007-10-18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger[2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List][2006-09-26 17:53:22 | 07,574,463 | ---- | M] () -- C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2[2008-04-14 05:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000[2007-01-02 08:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk[2008-11-21 07:44:24 | 02,986,320 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire[2008-03-08 14:14:09 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus[2008-10-17 19:39:50 | 02,810,880 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC[2008-06-06 06:04:30 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire[2007-08-30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger[2007-08-30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server[2007-12-28 13:53:58 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA[2008-11-28 12:21:34 | 00,202,040 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB[2007-10-24 15:32:04 | 08,409,716 | ---- | M] () -- C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2[2008-05-21 05:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook[2007-08-29 01:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove[2008-05-21 06:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote[2008-06-20 16:43:00 | 03,330,048 | ---- | M] () -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare [2007-12-12 15:20:48 | 21,686,568 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype[2007-10-18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger[2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer"{10B446B3-4DF4-4489-A168-8A98F7CD807E}" = Sygate Personal Firewall Pro"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5"{32A3A4F4-B792-11D6-A78A-00B0D0150110}" = J2SE Development Kit 5.0 Update 11"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare 1.4 Patch"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer"{4513F51E-3D1B-4791-B652-4C8B263ACD07}" = Samsung PC Studio 2.0 PIM & File Manager"{4CFB3821-1582-4F3B-BF8D-30986923B36B}" = Nokia Multimedia Factory"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 28, 2008 ID:36713 Share Posted November 28, 2008 The last MBAM run was fine. The Java runtime needs to be cleaned up & updated, and I'd like for you to do 2 other scans.This pc needs the latest version of Java runtime. Uninstall jre1.6 (JRE Runtime Environment ) Sun Java package via Add/Remove Programs. If you see earlier versions there (e.g., JRE Runtime Environment 5.0 ), uninstall all of occurences. After uninstalling, reboot if directed to do so.In Windows Explorer, navigate to and delete C:\Program Files\Java <=this folder, if found.Do NOT delete C:\Program Files\JavaVM <=this folder, if found! Open an IE window and go to http://java.sun.com/javase/downloads/index.jsp > In top of the page (first in the list), click on the Download button to the right of Java Runtime Environment (JRE) 6 Update 10> If Information Bar pop-ups up, right-click on it and say it's OK to display the blocked content; You do not have to install the Java Web Start ActiveX Control > Accept the license agreement > Click on Windows Offline Installation, Multi-language and Save the file to your desktop; do not Run it.When the download is complete, close all browser windows and double-click on the saved file to install the update.Tip: Choose Custom install to select only the part(s) you need/want.Delete the downloaded installation file after completing the above procedure and reboot if prompted to do so.If you were /not/ prompted to reboot, please do so now.=>Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet. Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Scan with DrWeb-CureIt as follows:Double-click on cureit.exe to start the program. An "Express Scan of your PC" notice will appear. Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. Once the short scan has finished, Click Options > Change settings Choose the "Scan tab" and UNcheck "Heuristic analysis" Back at the main window, click "Select drives" (a red dot will show which drives have been chosen) Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start. When done, a message will be displayed at the bottom advising if any viruses were found. Click "Yes to all" if it asks if you want to cure/move the file. When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable". (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured) Next, in the Dr.Web CureIt menu on top, click file and choose save report list. Save the DrWeb.csv report to your desktop. Exit Dr.Web Cureit when done. Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot. After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)>Using Internet Explorer browser only, go to ESET Online Scanner website:Accept the Terms of Use and press Start button;Approve the install of the required ActiveX Control, then follow on-screen instructions;Enable (check) the Remove found threats option, and run the scan.After the scan completes, the Details tab in the Results window will display what was found and removed. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.Look at contents of this file using Notepad or Wordpad.The Frequently Asked Questions for ESET Online Scanner can be viewed herehttp://www.eset.com/onlinescan/cac4.php?page=faqFrom ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner. Otherwise the scan will take twice as long to do: everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result. It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner. (And the prompt re-enabling when finished.) If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.Next, start HijackThis. Do a Scan and Save.Reply with copies of DrWeb-CureIt report, the Eset log, + the new HijackThis report.And tell me, How is your system now ? Link to post Share on other sites More sharing options...
TRaNz Posted November 29, 2008 Author ID:36823 Share Posted November 29, 2008 psexesvc.exe;c:\windows;Program.PsExec.170;Moved.;psexec.cfexe;C:\ComboFix;Program.PsExec.171;Incurable.Moved.;cing_cong144044661791.xml;C:\Documents and Settings\Jas0n\My Documents\My Received Files\x8_jas0n_8x2704991553\History;Modification of Win32.Yasv.924;Moved.;Process.exe;C:\Program Files\Mozilla Firefox\SmitfraudFix;Tool.Prockill;Incurable.Moved.;restart.exe;C:\Program Files\Mozilla Firefox\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;A0229612.exe;C:\System Volume Information\_restore{F1839CB4-5EA3-4C42-988A-4AF5988470ED}\RP326;Trojan.PWS.Panda.31;Deleted.;A0232788.exe;C:\System Volume Information\_restore{F1839CB4-5EA3-4C42-988A-4AF5988470ED}\RP328;Program.mIRC.623;Incurable.Moved.;A0267701.exe;C:\System Volume Information\_restore{F1839CB4-5EA3-4C42-988A-4AF5988470ED}\RP367;Tool.Prockill;Incurable.Moved.;A0267703.exe;C:\System Volume Information\_restore{F1839CB4-5EA3-4C42-988A-4AF5988470ED}\RP367;Tool.ShutDown.11;Incurable.Moved.;A0267753.exe\SmitfraudFix\Process.exe;C:\System Volume Information\_restore{F1839CB4-5EA3-4C42-988A-4AF5988470ED}\RP367\A0267753.exe;Tool.Prockill;;A0267753.exe\SmitfraudFix\restart.exe;C:\System Volume Information\_restore{F1839CB4-5EA3-4C42-988A-4AF5988470ED}\RP367\A0267753.exe;Tool.ShutDown.11;;A0267753.exe;C:\System Volume Information\_restore{F1839CB4-5EA3-4C42-988A-4AF5988470ED}\RP367;Archive contains infected objects;Moved.;A0267803.exe;C:\System Volume Information\_restore{F1839CB4-5EA3-4C42-988A-4AF5988470ED}\RP367;Tool.Prockill;Incurable.Moved.;A0268902.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{F1839CB4-5EA3-4C42-988A-4AF5988470ED}\RP368\A0268902.exe;Tool.Prockill;;A0268902.exe;C:\System Volume Information\_restore{F1839CB4-5EA3-4C42-988A-4AF5988470ED}\RP368;Archive contains infected objects;Moved.;A0269087.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{F1839CB4-5EA3-4C42-988A-4AF5988470ED}\RP368\A0269087.exe;Program.PsExec.171;;A0269087.exe;C:\System Volume Information\_restore{F1839CB4-5EA3-4C42-988A-4AF5988470ED}\RP368;Archive contains infected objects;Moved.;A0270201.exe;C:\System Volume Information\_restore{F1839CB4-5EA3-4C42-988A-4AF5988470ED}\RP374;Program.PsExec.170;Incurable.Moved.;vivp.exe\data009;C:\VTPFiles\vivp.exe;Tool.Prockill;;vivp.exe;C:\VTPFiles;Archive contains infected objects;Moved.;pskill.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;# version=4# OnlineScanner.ocx=1.0.0.635# OnlineScannerDLLA.dll=1, 0, 0, 79# OnlineScannerDLLW.dll=1, 0, 0, 78# OnlineScannerUninstaller.exe=1, 0, 0, 49# vers_standard_module=3650 (20081128)# vers_arch_module=1.064 (20080214)# vers_adv_heur_module=1.066 (20070917)# EOSSerial=6909eb73a1555845a752d298ff6ad165# end=finished# remove_checked=true# unwanted_checked=false# utc_time=2008-11-29 07:49:24# local_time=2008-11-29 06:49:24 (+1000, AUS Eastern Daylight Time)# country="Australia"# osver=5.1.2600 NT Service Pack 3# scanned=584389# found=1# scan_time=4981C:\WINDOWS\system32\drivers\etc\hosts.20081128-012955.backup Win32/Qhost trojan (unable to clean - deleted) 00000000000000000000000000000000 Link to post Share on other sites More sharing options...
TRaNz Posted November 29, 2008 Author ID:36824 Share Posted November 29, 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:54 PM, on 2008-11-29Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\DU Meter\DUMeter.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exeC:\program files\steam\steam.exeC:\Program Files\SteamWatch\SteamWatchTray.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\Sygate\SPF\smc.exeC:\Program Files\SteamWatch\SteamWatch.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exeO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startguiO4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clearO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silentO4 - HKCU\..\Run: [steamWatchTray] C:\Program Files\SteamWatch\SteamWatchTray.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cabO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195474496046O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{DE5D2345-EDD5-4E42-87E4-4D99B1BB8006}: Domain = vic.bigpond.net.auO17 - HKLM\System\CCS\Services\Tcpip\..\{DE5D2345-EDD5-4E42-87E4-4D99B1BB8006}: NameServer = 61.9.133.193,61.9.134.49O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exeO23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exeO23 - Service: SteamWatch - CL - C:\Program Files\SteamWatch\SteamWatch.exe--End of file - 9400 bytes Link to post Share on other sites More sharing options...
TRaNz Posted November 29, 2008 Author ID:36825 Share Posted November 29, 2008 well, after the first 2 thigns you got me to do with the disabling the TeaTimer, i managed to get rid of that O21. Comp runs fine, no problems.The extra things u got me to do afterwards took forever. Those scans were long as. It found a few more things, sorta freaked me out, but i didnt think they were affecting the comp at the time. I could be wrong.But after all this, seems fine. Hope it is.Just waiting on you giving the all-clear. Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 29, 2008 ID:36843 Share Posted November 29, 2008 Your logs showed some peer-to-peer filesharing apps. I do not recommend their use since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware."File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."Be sure to have your Avast AV kept always up-to-date and scan your system on a regular basis, say at least weekly, or better daily.If you download something, 1st save it do disk, then scan it with Avast next, before just running or opening the download file.This system apparently had leftover tools & some prior quarantined items from an older malware removal. OTMoveIt3 (below) will be removing them along with the ones I had you use. A lot of the items flagged by the Eset scan were from those older tools, and also from the system's restore points.You may reset your My Computer {Windows Explorer} View options back to where they had been before.I see that you are clear of your original issues. If you have a problem with these steps, or something does not quite work here, do let me know.The following few steps will remove tools we used; followed by advice on staying safer. Please download OTMoveIt3 by OldTimer: http://oldtimer.geekstogo.com/OTMoveIt3.exe Save it to your desktop. Please double-click OTMoveIt3.exe to run it. Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes. This step removes the files, folders, and shortcuts created by the tools I had you download and run.Run Disk Cleanup and also have it clean up Restore Points. Start > All Programs > Accessories > System Tools > Disk CleanupSee and follow these steps http://bertk.mvps.org/html/diskclean.html Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.Check in at Windows Update and install any Critical Updates offered.Download and Install Windows Defender by Microsoft (free) if you do not already have it: http://www.microsoft.com/downloads/details...A4-F7F14E605A0D Make certain that Automatic Updates is enabled.How to configure and use Automatic Updates in WinXP: http://support.microsoft.com/kb/306525[*]Download and install Comodo BOClean (free): http://www.comodo.com/boclean/CBO_download.html[*]Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)[*]I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm That would help to keep your browser away from known spyware/malware sites. [*] Make regular backups of your system to removable media: DVD, USB external hard drive, etc.On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:Kaspersky Webscan Online Virus Scanner ESET Online ScannerPanda ActiveScan? Trend Micro HousecallF-Secure Online Scanner [*] Read Tony Klein's article How Did I Get Infected In The First Place[*] Never, ever download free games, free tools, smileys, or anything free unless you can be absolutely sure the source is safe !Finally, spend some time reading about how to keep your computer safe on the Internet: http://www.bleepingcomputer.com/tutorials/tutorial82.htmlWe are done here. All the best. Link to post Share on other sites More sharing options...
TRaNz Posted November 29, 2008 Author ID:36845 Share Posted November 29, 2008 Ahhh i see, nice selection there.THanks a lot for the help mate, really appreciate it. Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 29, 2008 ID:36847 Share Posted November 29, 2008 You're welcome. Do practice safe computing Link to post Share on other sites More sharing options...
Recommended Posts