Jump to content

Malwarebytes

Please help. Trojan still there after clean/delete/quarantine

Started by henryhwong, Nov 17 2008 03:10 AM

5 replies to this topic

#1
henryhwong
Posted 17 November 2008 - 03:10 AM

    New Member

  • Members
  • Pip
  • 4 posts
Please help me. I dont know what i installed but i see 14 infections. After cleaning/deleting/quarantine/reboot i scan again and they are still there.

Here is the log file:

Malwarebytes' Anti-Malware 1.30
Database version: 1402
Windows 5.1.2600 Service Pack 2

11/17/2008 11:05:23 AM
mbam-log-2008-11-17 (11-05-23).txt

Scan type: Quick Scan
Objects scanned: 76411
Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (C:\WINDOWS\pchealth\Global.exe) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#2
Raid
Posted 17 November 2008 - 03:31 AM

    Malware Researcher

  • Experts
  • PipPipPipPipPipPip
  • 1,549 posts
  • Gender:Male
  • Location:United States
Important!
[indent]All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.

I need you to follow the instructions provided here Pre- HJT Post Instructions first.

I also need for you to download this program OTListIt.exe to your desktop.
    [indent]
  • Close all applications and windows so that you have nothing open and are at your Desktop
  • Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.
  • Place a checkmark in the "Scan All Users" checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)
  • Click the Run Scan button
  • NOTE: Please be patient and let the scan run without using the computer
  • When the scan is complete, a text file (OTListIt.Txt) will open in Notepad (if not, it can be found on your Desktop)
  • In Notepad, click Edit, Select all then Edit, Copy
  • Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.
  • Submit your reply and close the Notepad window with OTList.txt
  • Also OTListIt's Extras.txt log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window
  • In Notepad, click Edit, Select all then Edit, Copy
  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.
  • NOTE: If the files (OTListIt.txt, Extras.txt) do not appear in your taskbar, just open the files in notepad from your desktop.[/indent]
[/indent]
[indent]Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.[/indent]

#3
henryhwong
Posted 17 November 2008 - 06:25 AM

    New Member

  • Members
  • Pip
  • 4 posts
I ran spybot and fixed everything and immunized.

here is malwarebytes log:

Malwarebytes' Anti-Malware 1.30
Database version: 1402
Windows 5.1.2600 Service Pack 2

11/17/2008 12:12:35 PM
mbam-log-2008-11-17 (12-12-35).txt

Scan type: Quick Scan
Objects scanned: 76214
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (C:\WINDOWS\pchealth\Global.exe) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe (Trojan.Agent) -> Quarantined and deleted successfully.


AND HERE IS HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:05 PM, on 11/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\windows\RTHDCPL.EXE
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\windows\system32\svchost.exe
e:\Program Files\Xobni\XobniService.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE
C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\windows\explorer.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [] C:\WINDOWS\system\KEYBOARD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe
O4 - HKLM\..\Policies\Explorer\Run: [sys] C:\WINDOWS\Fonts\Fonts.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Append to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecu...s/as2stubie.cab
O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} (Nps Control) - http://kr.gameguard..../tyscan/nps.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213335756796
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213339704953
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SlingAgent Service (SlingAgentService) - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\windows\System32\TuneUpDefragService.exe
O23 - Service: XobniService - Xobni Corporation - e:\Program Files\Xobni\XobniService.exe

--
End of file - 11713 bytes

#4
henryhwong
Posted 17 November 2008 - 06:32 AM

    New Member

  • Members
  • Pip
  • 4 posts
sorry. FORGOT OTLIST. I took out a few WORK related word DOCS for confidentiality reasons. rest is intact.

OTListIt logfile created on: 11/17/2008 2:25:40 PM - Run
OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\as\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 96.85% Memory free
4.00 Gb Paging File | 3.82 Gb Available in Paging File | 95.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 6.12 Gb Free Space | 12.54% Space Free | Partition Type: NTFS
Drive D: | 149.04 Gb Total Space | 88.03 Gb Free Space | 59.06% Space Free | Partition Type: NTFS
Drive E: | 547.34 Gb Total Space | 129.68 Gb Free Space | 23.69% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 5.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HENRYDESKTOP
Current User Name: as
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/04/09 20:23:11 | 00,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
[2007/04/10 15:28:44 | 16,126,464 | R--- | M] (Realtek Semiconductor Corp.) -- C:\windows\RTHDCPL.EXE
[2008/10/17 16:38:36 | 00,308,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
[2008/09/25 21:54:14 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2004/08/04 09:07:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\RUNDLL32.EXE
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
[2007/09/02 13:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
[2008/09/05 06:43:40 | 24,359,720 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
[2008/05/27 12:27:24 | 00,547,840 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/11/14 10:03:30 | 00,084,440 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
[2008/09/25 21:53:20 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/07/21 17:15:14 | 00,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
[2008/07/26 12:48:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\windows\system32\nvsvc32.exe
[2008/09/21 18:01:22 | 00,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
[2007/05/29 00:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
[2008/07/19 04:18:42 | 00,036,352 | ---- | M] (Xobni Corporation) -- e:\Program Files\Xobni\XobniService.exe
[2004/08/04 09:07:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\wscntfy.exe
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
[2008/10/28 17:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- E:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE
[2008/10/28 17:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/10/28 17:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/09/29 18:38:18 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/10/28 17:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/02/13 08:32:58 | 00,225,280 | RHS- | M] () -- C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe
[2008/02/13 08:32:58 | 00,225,280 | R-S- | M] () -- C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe
[2008/02/13 08:32:58 | 00,225,280 | RHS- | M] () -- C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe
[2008/08/23 13:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/09/20 10:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/10/28 17:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\as\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2004/08/04 09:07:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\rundll32.exe
[2008/11/17 11:18:36 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
[2004/08/04 09:07:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2004/08/04 09:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\NOTEPAD.EXE
[2008/11/17 12:16:47 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\as\My Documents\Downloads\OTListIt.exe

========== (O23) Win32 Services ==========

File not found -- -- (Adobe Version Cue CS3 [On_Demand | Stopped])
File not found -- -- (Alerter [Disabled | Stopped])
File not found -- -- (Apple Mobile Device [Auto | Running])
[2008/06/19 15:55:06 00,000,000 | ---D | M] -- C:\windows\System32\appmgmt -- (AppMgmt [On_Demand | Stopped])
File not found -- -- (aspnet_state [On_Demand | Stopped])
File not found -- -- (BITS [On_Demand | Stopped])
File not found -- -- (Bonjour Service [Auto | Running])
File not found -- -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (COMSysApp [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Auto | Running])
[2008/06/12 21:39:17 00,000,000 | ---D | M] -- C:\windows\System32\dhcp -- (Dhcp [Auto | Running])
File not found -- -- (Dnscache [Auto | Running])
[2004/08/04 09:07:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\eventlog.dll -- (Eventlog [Auto | Running])
File not found -- -- (EventSystem [On_Demand | Running])
File not found -- -- (FastUserSwitchingCompatibility [On_Demand | Running])
File not found -- -- (FLEXnet Licensing Service [On_Demand | Stopped])
File not found -- -- (FontCache3.0.0.0 [On_Demand | Stopped])
File not found -- -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
File not found -- -- (helpsvc [Auto | Running])
File not found -- -- (HotspotShieldService [Auto | Running])
File not found -- -- (HTTPFilter [On_Demand | Stopped])
File not found -- -- (IDriverT [On_Demand | Stopped])
File not found -- -- (idsvc [Unknown | Stopped])
File not found -- -- (ImapiService [On_Demand | Stopped])
File not found -- -- (iPod Service [On_Demand | Running])
File not found -- -- (JavaQuickStarterService [Auto | Running])
File not found -- -- (lanmanserver [Auto | Running])
File not found -- -- (lanmanworkstation [Auto | Running])
File not found -- -- (LmHosts [Auto | Running])
File not found -- -- (Maxtor Sync Service [Auto | Running])
File not found -- -- (Messenger [Disabled | Stopped])
File not found -- -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2008/06/13 04:52:40 00,000,000 | ---D | M] -- C:\WINDOWS\system32\msdtc -- (MSDTC [On_Demand | Stopped])
File not found -- -- (MSIServer [On_Demand | Stopped])
File not found -- -- (NetDDEdsdm [Disabled | Stopped])
[2004/08/04 09:07:00 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])
File not found -- -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (Nla [On_Demand | Running])
File not found -- -- (NtLmSsp [On_Demand | Stopped])
File not found -- -- (NVSvc [Auto | Running])
File not found -- -- (odserv [On_Demand | Stopped])
File not found -- -- (ose [On_Demand | Stopped])
File not found -- -- (PlugPlay [Auto | Running])
File not found -- -- (Pml Driver HPZ12 [On_Demand | Stopped])
File not found -- -- (PolicyAgent [Auto | Running])
File not found -- -- (ProtectedStorage [Auto | Running])
[2004/08/04 09:07:00 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\rasman.dll -- (RasMan [On_Demand | Running])
File not found -- -- (RDSessMgr [On_Demand | Stopped])
File not found -- -- (RemoteAccess [Disabled | Stopped])
File not found -- -- (RemoteRegistry [Auto | Running])
File not found -- -- (RpcLocator [On_Demand | Stopped])
[2005/07/26 12:39:49 | 00,397,824 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\rpcss.dll -- (RpcSs [Auto | Running])
File not found -- -- (SamSs [Auto | Running])
File not found -- -- (Schedule [Auto | Running])
File not found -- -- (ServiceLayer [On_Demand | Stopped])
File not found -- -- (SharedAccess [Auto | Running])
File not found -- -- (ShellHWDetection [Auto | Running])
File not found -- -- (SlingAgentService [Auto | Running])
File not found -- -- (Spooler [Auto | Running])
File not found -- -- (srservice [Auto | Running])
[2004/08/04 09:07:00 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ssdpsrv.dll -- (SSDPSRV [Disabled | Stopped])
File not found -- -- (StarWindServiceAE [Auto | Running])
File not found -- -- (stisvc [Auto | Running])
[2004/08/04 09:07:00 | 00,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\swprv.dll -- (SwPrv [On_Demand | Stopped])
File not found -- -- (SysmonLog [On_Demand | Stopped])
File not found -- -- (TermService [On_Demand | Running])
File not found -- -- (Themes [Auto | Running])
File not found -- -- (TuneUp.Defrag [On_Demand | Stopped])
[2007/02/06 04:17:02 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\upnphost.dll -- (upnphost [Disabled | Stopped])
File not found -- -- (usnjsvc [On_Demand | Running])
File not found -- -- (usprserv [On_Demand | Stopped])
[2008/05/29 09:28:54 | 00,028,416 | ---- | M] (TuneUp Software GmbH) -- C:\windows\System32\uxtuneup.dll -- (UxTuneUp [Auto | Running])
File not found -- -- (VSS [On_Demand | Stopped])
File not found -- -- (WebClient [Auto | Running])
File not found -- -- (winmgmt [Auto | Running])
File not found -- -- (WLSetupSvc [On_Demand | Stopped])
File not found -- -- (WmdmPmSN [On_Demand | Stopped])
[2004/08/04 09:07:00 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wmi.dll -- (Wmi [On_Demand | Stopped])
File not found -- -- (WmiApSrv [On_Demand | Stopped])
File not found -- -- (XobniService [Auto | Running])

========== Driver Services ==========

[2004/11/12 03:09:06 | 00,197,120 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\aarsi3x.sys -- (aarsi3x [Boot | Running])
[2004/10/08 09:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\windows\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
[2007/07/03 18:33:26 | 00,029,696 | R--- | M] (Atheros Communications Inc.) -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002 [On_Demand | Running])
[2004/08/04 09:07:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga [System | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/01/08 08:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2004/02/27 22:05:02 | 00,051,056 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412 [On_Demand | Running])
[2004/02/27 22:05:02 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
[2004/02/27 22:05:04 | 00,021,488 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])
[2007/04/10 19:04:40 | 04,397,568 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/05/27 12:11:54 | 00,096,896 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus [On_Demand | Running])
[2004/08/13 10:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2008/07/26 12:48:00 | 06,097,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/08/04 09:07:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/04/09 20:27:07 | 00,031,548 | ---- | M] (PowerISO Computing, Inc.) -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2007/11/13 18:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/11/20 18:35:48 | 00,049,792 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl [On_Demand | Stopped])
[2008/07/11 19:15:59 | 00,716,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/08/01 06:42:02 | 00,025,216 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901 [On_Demand | Running])
[2008/01/24 05:25:32 | 00,027,136 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn [On_Demand | Running])
[2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (287907 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 9924 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files\Adobe [2008/06/12 16:44:04 00,000,000 | ---D | M]
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files\Adobe [2008/06/12 16:44:04 00,000,000 | ---D | M]
O3 - HKCU\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] C:\WINDOWS\system\KEYBOARD.exe File not found
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE File not found
O4 - HKLM..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName File not found
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE File not found
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE File not found
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe File not found
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O4 - HKCU..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized File not found
O4 - HKLM..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe File not found
O4 - HKCU..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe File not found
O4 - Startup: C:\Documents and Settings\as\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs File not found
O15 - HKLM\..Trusted Sites: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecu...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} http://kr.gameguard..../tyscan/nps.cab (Nps Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1213335756796 (WUWebControl Class)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.c.../acclaim_v4.cab (GameLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1213339704953 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O18 - Protocol\Handler: - cetihpz - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler: - grooveLocalGWS - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - livecall - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-help - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = Explorer.exe
>File not found -- C:\WINDOWS\explorer

"UserInit" = C:\WINDOWS\system32\userinit.exe,
>File not found -- C:\WINDOWS\system32\userinit

"UIHost" = C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --


========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
auto.exe:"Debugger" = C:\WINDOWS\system32\drivers\drivers.cab File not found
autorun.exe:"Debugger" = C:\WINDOWS\system32\drivers\drivers.cab File not found
autoruns.exe:"Debugger" = C:\WINDOWS\system32\drivers\drivers.cab File not found
boot.exe:"Debugger" = C:\WINDOWS\Fonts\Fonts File not found
ctfmon.exe:"Debugger" = C:\WINDOWS\Fonts\Fonts File not found
msconfig.exe:"Debugger" = C:\WINDOWS\Media\rndll32 File not found
procexp.exe:"Debugger" = C:\WINDOWS\pchealth\helpctr\binaries\HelpHost File not found
taskmgr.exe:"Debugger" = C:\WINDOWS\Fonts\tskmgr File not found
Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\system32\ntsd File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autorun.inf [[autorun] | Open=MS-DOS.com | Shellexecute=MS-DOS.com | Shell\Open\command=MS-DOS.com | Shell\Explore\command=MS-DOS.com | ]
[2008/11/17 14:23:11 | 00,000,118 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]

autorun.inf [[autorun] | Open=MS-DOS.com | Shellexecute=MS-DOS.com | Shell\Open\command=MS-DOS.com | Shell\Explore\command=MS-DOS.com | ]
[2008/11/17 14:23:11 | 00,000,118 | RHS- | M] () -- D:\autorun.inf -- [ NTFS ]

autorun.inf [[autorun] | Open=MS-DOS.com | Shellexecute=MS-DOS.com | Shell\Open\command=MS-DOS.com | Shell\Explore\command=MS-DOS.com | ]
[2008/11/17 14:23:11 | 00,000,118 | RHS- | M] () -- E:\autorun.inf -- [ NTFS ]

autorun.inf [[autorun] | open = FalloutLauncher.exe | icon = Fallout3.ico | ]
[2008/09/09 05:13:25 | 00,000,058 | R--- | M] () -- I:\autorun.inf -- [ UDF ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{360e9efa-38c4-11dd-8add-806d6172696f}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{360e9efa-38c4-11dd-8add-806d6172696f}\Shell\AutoRun]
"" = Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{360e9efa-38c4-11dd-8add-806d6172696f}\Shell\AutoRun\command]
"" = D:\maxsun.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ef5d0d9-71e4-11dd-bf0f-001fc6b66ccf}\Shell\AutoRun\command]
"" = wscript.exe .\.vbs


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ef5d0d9-71e4-11dd-bf0f-001fc6b66ccf}\Shell\open\command]
"" = wscript.exe .\.vbs

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun]
"" = Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command]
"" = H:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\windows\System32\*.tmp files]
[6 C:\windows\*.tmp files]
[2008/11/17 12:21:53 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\windows\System32\drivers\pavboot.sys
[2008/11/17 12:21:50 | 00,000,000 | ---D | C] -- C:\windows\LastGood
[2008/11/17 12:16:59 | 00,225,280 | R-S- | C] () -- C:\windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe
[2008/11/17 12:16:59 | 00,225,280 | RHS- | C] () -- C:\windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe
[2008/11/17 12:16:59 | 00,225,280 | RHS- | C] () -- C:\windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe
[2008/11/17 12:16:59 | 00,000,000 | -HSD | C] -- C:\windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}
[2008/11/17 12:12:55 | 00,061,440 | ---- | C] () -- C:\windows\System32\drivers\wptdv.sys
[2008/11/17 12:06:53 | 00,000,118 | RHS- | C] () -- C:\windows\System32\dllcache\autorun.inf
[2008/11/17 11:21:32 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\as\Desktop\Spybot - Search & Destroy.lnk
[2008/11/17 11:21:29 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/17 11:21:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/11/17 11:18:36 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\as\Desktop\HijackThis.lnk
[2008/11/17 10:56:36 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\as\Desktop\msconfig.exe
[2008/11/16 23:49:11 | 00,000,799 | ---- | C] () -- C:\Documents and Settings\as\Desktop\Hotspot Shield Launch.lnk
[2008/11/16 23:49:10 | 00,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2008/11/16 14:48:17 | 00,000,000 | ---D | C] -- C:\windows\NV15521452.TMP
[2008/11/16 14:44:22 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\kbdhid.sys
[2008/11/16 14:44:22 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\kbdhid.sys
[2008/11/15 18:39:29 | 00,225,280 | RHS- | C] () -- C:\MS-DOS.com
[2008/11/15 18:39:29 | 00,000,118 | RHS- | C] () -- C:\autorun.inf
[2008/11/15 18:39:22 | 00,225,280 | RHS- | C] () -- C:\windows\System32\regedit.exe
[2008/11/15 18:39:22 | 00,225,280 | RHS- | C] () -- C:\windows\System32\drivers\drivers.cab.exe
[2008/11/15 18:39:22 | 00,225,280 | RHS- | C] () -- C:\windows\System32\dllcache\Global.exe
[2008/11/15 18:39:22 | 00,225,280 | RHS- | C] () -- C:\windows\System32\dllcache\Default.exe
[2008/11/15 18:39:22 | 00,225,280 | RHS- | C] () -- C:\windows\System\KEYBOARD.exe
[2008/11/15 18:39:22 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\tskmgr.exe
[2008/11/15 17:57:58 | 00,000,000 | ---D | C] -- C:\windows\NV6761340.TMP
[2008/11/15 14:33:09 | 00,000,000 | ---D | C] -- C:\Logs
[2008/11/15 13:37:21 | 00,000,118 | ---- | C] () -- C:\windows\System32\MRT.INI
[2008/11/14 22:46:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Application Data\PlayFirst
[2008/11/14 22:46:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/11/14 22:44:38 | 00,000,000 | ---D | C] -- C:\Program Files\THQ
[2008/11/14 21:38:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2008/11/08 15:06:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\My Documents\My Spore Creations
[2008/11/08 15:06:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Application Data\SPORE
[2008/11/07 00:06:47 | 00,000,027 | ---- | C] () -- C:\XeroBank.ini
[2008/11/06 18:01:42 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_1.dll
[2008/11/06 18:01:42 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_0.dll
[2008/11/06 18:01:41 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_38.dll
[2008/11/06 18:01:41 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_38.dll
[2008/11/06 18:01:41 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_38.dll
[2008/11/06 18:01:41 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_1.dll
[2008/11/06 18:01:41 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_4.dll
[2008/11/06 18:01:05 | 00,000,000 | ---D | C] -- C:\windows\Logs
[2008/11/06 17:59:10 | 00,000,000 | ---D | C] -- C:\windows\System32\XPSViewer
[2008/11/06 17:58:49 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2008/11/06 17:58:25 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spmsg2.dll
[2008/11/02 21:58:38 | 00,000,000 | ---D | C] -- C:\SERVER FILES
[2008/11/02 21:46:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Local Settings\Application Data\GlobalSCAPE
[2008/11/02 21:46:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2008/11/02 21:25:21 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System\msconfig.exe
[2008/11/02 21:22:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\The Incredibles (PSP, iPhone, iPod Touch, Nano, Zune)
[2008/11/02 21:20:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Application Data\GlobalSCAPE
[2008/11/02 21:19:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Itouch.Iphone.Apps.PACK.2.BGMRK
[2008/11/02 21:18:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Itouch.Iphone.Apps.PACK.3.BGMRK
[2008/11/01 13:24:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Application Data\IBP
[2008/11/01 12:41:41 | 00,000,000 | ---D | C] -- C:\Program Files\FXstyle-Spider
[2008/11/01 11:37:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Application Data\AtomPark
[2008/11/01 03:21:34 | 00,000,000 | ---D | C] -- C:\windows\CSC
[2008/11/01 03:14:35 | 00,000,073 | ---- | C] () -- C:\windows\EurekaLog.ini
[2008/11/01 02:16:37 | 00,000,000 | ---D | C] -- C:\Program Files\Tweak Marketing
[2008/11/01 02:11:31 | 00,001,406 | ---- | C] () -- C:\Program Files\favicon.ico
[2008/11/01 01:53:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lencom
[2008/11/01 01:52:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LencomShare
[2008/10/30 23:16:21 | 06,438,005 | ---- | C] () -- C:\Documents and Settings\as\Desktop\The Bravery - Believe.mp3
[2008/10/30 10:48:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Local Settings\Application Data\Cranium
[2008/10/30 04:34:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Local Settings\Application Data\Cranium_Consulting_and_Cu
[2008/10/30 04:33:59 | 00,000,000 | ---D | C] -- C:\Program Files\iPhoneBrowser
[2008/10/30 04:26:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Application Data\Computer Aces
[2008/10/30 01:15:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\My Documents\Red Kawa
[2008/10/30 01:15:13 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2008/10/30 01:15:11 | 00,000,000 | ---D | C] -- C:\Program Files\Red Kawa
[2008/10/29 21:28:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Desktop\QuickPwn21-1
[2008/10/29 17:12:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ptpusb.dll
[2008/10/29 17:12:01 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ptpusd.dll
[2008/10/29 15:05:33 | 22,450,2002 | ---- | C] () -- C:\Documents and Settings\as\Desktop\Magazines.zip
[2008/10/26 20:44:30 | 00,000,000 | ---D | C] -- C:\Program Files\TagRename
[2008/10/26 13:26:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Local Settings\Application Data\RcIncidents
[2008/10/23 19:31:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Media Center Programs
[2008/10/23 19:28:34 | 00,000,000 | ---D | C] -- C:\windows\System32\AGEIA
[2008/10/23 19:28:34 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2008/10/20 21:05:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VanDyke
[2008/10/20 02:52:12 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/10/20 02:52:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/20 02:50:56 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2008/10/20 02:50:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2008/10/20 02:50:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/10/20 02:29:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/10/20 01:43:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\My Documents\Audible
[2008/10/20 01:43:37 | 00,000,000 | ---D | C] -- C:\Program Files\Audible
[2008/10/20 01:01:49 | 00,000,000 | R--D | C] -- C:\Documents and Settings\as\My Documents\My Videos
[2008/10/20 01:01:11 | 00,060,812 | R--- | C] () -- C:\Documents and Settings\as\My Documents\Phone Numbers.nbu
[2008/10/20 00:58:12 | 00,054,156 | -H-- | C] () -- C:\windows\QTFont.qfn
[2008/10/20 00:58:12 | 00,001,409 | ---- | C] () -- C:\windows\QTFont.for
[2008/10/20 00:40:16 | 00,049,792 | ---- | C] (Prolific Technology Inc.) -- C:\windows\System32\drivers\ser2pl.sys
[2008/10/20 00:37:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LogoManager
[2008/10/20 00:35:33 | 00,000,000 | ---D | C] -- C:\Program Files\MobiMB Mobile Media Browser
[2008/10/20 00:14:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2008/10/20 00:14:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2008/10/20 00:14:02 | 00,000,000 | ---D | C] -- C:\Program Files\Nokia
[2008/10/19 23:25:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Application Data\Nokia
[2008/10/19 23:25:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Application Data\PC Suite
[2008/10/19 23:25:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/10/19 23:24:37 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2008/10/19 23:24:36 | 00,021,632 | ---- | C] (Nokia) -- C:\windows\System32\drivers\pccsmcfd.sys
[2008/10/19 23:24:33 | 00,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2008/10/19 23:24:28 | 00,090,624 | ---- | C] (Nokia) -- C:\windows\System32\nmwcdcls.dll
[2008/10/19 23:24:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008/10/19 20:28:22 | 00,000,000 | ---D | C] -- C:\Program Files\ASUS
[2008/10/19 01:38:46 | 00,000,000 | ---D | C] -- C:\Program Files\Prime95
[2008/10/19 00:16:53 | 00,000,000 | ---D | C] -- C:\Program Files\VanDyke Software
[2008/10/19 00:16:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\as\Local Settings\Application Data\Downloaded Installations


========== Files - Modified Within 30 Days ==========

[1 C:\windows\System32\*.tmp files]
[6 C:\windows\*.tmp files]
[2008/11/17 14:23:11 | 00,000,118 | RHS- | M] () -- C:\windows\System32\dllcache\autorun.inf
[2008/11/17 14:23:11 | 00,000,118 | RHS- | M] () -- C:\autorun.inf
[2008/11/17 14:00:00 | 00,000,512 | ---- | M] () -- C:\windows\tasks\Verifica e correzione automatica.job
[2008/11/17 14:00:00 | 00,000,480 | ---- | M] () -- C:\windows\tasks\1-Click Maintenance.job
[2008/11/17 12:12:55 | 00,061,440 | ---- | M] () -- C:\windows\System32\drivers\wptdv.sys
[2008/11/17 12:09:07 | 00,287,907 | R--- | M] () -- C:\windows\System32\drivers\etc\HOSTS
[2008/11/17 11:56:12 | 00,527,750 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2008/11/17 11:56:12 | 00,445,480 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2008/11/17 11:56:12 | 00,072,562 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2008/11/17 11:52:12 | 00,000,565 | ---- | M] () -- C:\Documents and Settings\as\My Documents\My Sharing Folders.lnk
[2008/11/17 11:51:52 | 00,190,556 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2008/11/17 11:51:41 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2008/11/17 11:51:40 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2008/11/17 11:21:32 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\as\Desktop\Spybot - Search & Destroy.lnk
[2008/11/17 11:18:36 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\as\Desktop\HijackThis.lnk
[2008/11/17 10:54:05 | 00,158,208 | ---- | M] (Microsoft Corporation) -- C:\windows\System\msconfig.exe
[2008/11/17 10:54:05 | 00,158,208 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\as\Desktop\msconfig.exe
[2008/11/17 07:24:00 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2008/11/16 23:52:07 | 00,000,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2008/11/16 23:49:11 | 00,000,799 | ---- | M] () -- C:\Documents and Settings\as\Desktop\Hotspot Shield Launch.lnk
[2008/11/16 21:37:31 | 00,000,875 | ---- | M] () -- C:\Documents and Settings\as\Desktop\Fallout 3.lnk
[2008/11/15 14:58:22 | 01,577,274 | -H-- | M] () -- C:\Documents and Settings\as\Local Settings\Application Data\IconCache.db
[2008/11/15 13:37:21 | 00,000,118 | ---- | M] () -- C:\windows\System32\MRT.INI
[2008/11/15 13:33:59 | 00,001,393 | ---- | M] () -- C:\windows\imsins.BAK
[2008/11/15 02:38:14 | 00,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2008/11/15 02:38:10 | 00,100,864 | ---- | M] () -- C:\Documents and Settings\as\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/14 17:42:14 | 00,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2008/11/09 20:48:48 | 01,644,848 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2008/11/07 00:06:47 | 00,000,027 | ---- | M] () -- C:\XeroBank.ini
[2008/11/06 18:25:20 | 00,090,872 | ---- | M] () -- C:\Documents and Settings\as\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/11/04 08:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MRT.exe
[2008/11/02 21:25:42 | 00,000,587 | ---- | M] () -- C:\windows\win.ini
[2008/11/02 21:25:42 | 00,000,227 | ---- | M] () -- C:\windows\system.ini
[2008/11/01 03:54:54 | 00,000,073 | ---- | M] () -- C:\windows\EurekaLog.ini
[2008/11/01 03:39:29 | 00,355,584 | ---- | M] (TuneUp Software GmbH) -- C:\windows\System32\TuneUpDefragService.exe
[2008/10/31 22:09:29 | 06,438,005 | ---- | M] () -- C:\Documents and Settings\as\Desktop\The Bravery - Believe.mp3
[2008/10/29 15:06:18 | 22,450,2002 | ---- | M] () -- C:\Documents and Settings\as\Desktop\Magazines.zip
[2008/10/24 19:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\mrxsmb.sys
[2008/10/24 19:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mrxsmb.sys
[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2008/10/20 01:01:41 | 00,060,812 | R--- | M] () -- C:\Documents and Settings\as\My Documents\Phone Numbers.nbu
[2008/10/20 00:58:12 | 00,054,156 | -H-- | M] () -- C:\windows\QTFont.qfn
[2008/10/20 00:58:12 | 00,001,409 | ---- | M] () -- C:\windows\QTFont.for

< End of report >

#5
henryhwong
Posted 17 November 2008 - 07:38 AM

    New Member

  • Members
  • Pip
  • 4 posts
panda fixed the problems. how do i close this topic or delete these posts?

#6
Raid
Posted 17 November 2008 - 07:00 PM

    Malware Researcher

  • Experts
  • PipPipPipPipPipPip
  • 1,549 posts
  • Gender:Male
  • Location:United States
I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you Fully Understand how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting Pre- HJT Post Instructions


Also don't forget that we offer FREE assistance with General PC questions and repair here PC Help
If you're pleased with the product Malwarebytes and the service provided you, please let your friends, family, and co-workers know. http://www.malwarebytes.org[/indent]
Back to General Malwarebytes Anti-Malware Forum · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Malwarebytes Anti-Malware Support
  3. General Malwarebytes Anti-Malware Forum

Products

About

Partners

Follow Us