Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old October 18th, 2008, 08:53 AM
brianivory08 brianivory08 is offline
New Member
 
Join Date: Oct 2008
Posts: 12
help!!! VIRUS ALERT

i have a bad virus, my time/date is showing VIRUS ALERT!. i cant acess any menus in my start menu


i ran hijackthis and this is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:33: VIRUS ALERT!, on 18/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Trend Micro\BM\TMBMSRV.exe
D:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
D:\Program Files\Trend Micro\Internet Security\TmProxy.exe
D:\Documents and Settings\All Users\Application Data\tedopifu\bcjytute.exe
D:\Program Files\Creative\Mixer\CTSVolFE.exe
D:\WINDOWS\stsystra.exe
D:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS\system32\dlcccoms.exe
D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\WINDOWS\system32\jglqvsbc.exe
D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
D:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe
D:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
D:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Trend Micro\Internet Security\UfNavi.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\H SChkProxyExe.exe
D:\Program Files\Trend Micro\Internet Security\UfNavi.exe
D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Brian Ivory\My Documents\Downloads\HiJackThis.exe
D:\WINDOWS\system32\jglqvsbc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - D:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
O3 - Toolbar: rosqxvmn - {148BDBE0-051C-4B70-84B3-889274D33E60} - D:\WINDOWS\rosqxvmn.dll
O4 - HKLM\..\Run: [CTSVolFE] "D:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "D:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "D:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NSLauncher] D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WebSrv] D:\WINDOWS\system32\jglqvsbc.exe
O4 - HKLM\..\Policies\Explorer\Run: [cIV2dUEeBN] D:\Documents and Settings\All Users\Application Data\tedopifu\bcjytute.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O21 - SSODL: ngwstxfd - {3064DFED-E1DB-44EC-BE78-C29BD5F16326} - D:\WINDOWS\ngwstxfd.dll
O21 - SSODL: qrbgltos - {79D97DF3-AC58-4FD0-A097-D4A7FD81C7F4} - D:\WINDOWS\qrbgltos.dll
O23 - Service: dlcc_device - - D:\WINDOWS\system32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - D:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - D:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 8211 bytes


any help would be realy appreciated!!
Reply With Quote


  #2  
Old October 18th, 2008, 04:53 PM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Please download SDFix
Save it to the Desktop

Now, reboot to Safe Mode
  • Restart your computer.
  • When the machine reboots, tap the F8 key before Windows starts
  • You are presented with a Windows XP Advanced Options menu.
  • Select the option for Safe Mode using the arrow keys.
  • Press Enter to boot into Safe Mode.
In Safe Mode, double-click SDFix.exe icon on the Desktop
  • Allow the program to extract to it's own folder (C:\SDFix)
  • Double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • The process removes any Trojan Services or Registry Entries found, and then prompts you to press any key to Reboot.
  • Press any key to restart the PC.
  • When the PC restarts the SDFix will run again and complete the removal process
  • It then displays Finished
  • Press any key to end the script and load the Desktop icons.
  • Once the Desktop icons load, the SDFix report opens on screen and saves itself in the SDFix folder as Report.txt.
~~~~
Next, download Malwarebytes' Anti-Malware (MBAM)
Save the program to the Desktop
Close all Windows, including this one. (Print the instructions first)

On the Desktop, double-click mbam-setup.exe to install the program, and follow the prompts
  • If an update is found, MBAM will download and install the latest.
  • Click OK
At the main program window
  • Make sure the following is checked: Perform Quick Scan
  • Click: Scan (The scan may take some time to finish, so please be patient.)
  • When the scan completes, a message box appears informing that it was completed successfully.
  • Click OK
At the main Scanner screen:
  • Click on: Show Results
  • Make sure everything found is checked, and click: Remove Selected
  • When the disinfection is complete, you may be prompted to Restart. Please do so.
  • When MBAM finishes removing the malware, a log opens in Notepad
  • The log is automatically saved and can be viewed by clicking the Logs tab.
~~~~
Download VArestorepolicies
Right-click and select: Extract all…
Open the VArestorepolicies folder, right-click the file VArestorepolicies, and select: Install

~~~~
Next, download OTListIt
Save it to the Desktop
  • Close all windows and double-click on the OTListIt.exe file
  • OK any warning about running OTListIt.
  • Place a check in the Scan All Users checkbox
  • Click the Run Scan button
  • When the scan is complete, two text files are produced on the Desktop: OTListIt.txt, and Extras.txt
~~~~
Please provide the following in your reply:
The contents of the SDFix Report.txt
The MBAM report
The OTListIt.txt and Extras.txt logs

Note: You may need to do consecutive posts (one after the other), if the logs are too long.
Reply With Quote
  #3  
Old October 21st, 2008, 08:55 AM
brianivory08 brianivory08 is offline
New Member
 
Join Date: Oct 2008
Posts: 12
Malwarebytes' Anti-Malware 1.29
Database version: 1288
Windows 5.1.2600 Service Pack 3

19/10/2008 5:03:13 PM
mbam-log-2008-10-19 (17-03-13).txt

Scan type: Quick Scan
Objects scanned: 47680
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
D:\WINDOWS\system32\efcCvWmN.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{960a9fa2-eaa1-4ff8-a500-69acff2595f6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{960a9fa2-eaa1-4ff8-a500-69acff2595f6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rosqxvmn.bnml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rosqxvmn.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\websrv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification Packages (Trojan.Vundo.H) -> Data: d:\windows\system32\efccvwmn -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: d:\windows\system32\efccvwmn -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
D:\WINDOWS\system32\efcCvWmN.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINDOWS\system32\NmWvCcfe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\NmWvCcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\jglqvsbc.exe (Trojan.FakeAlert.H) -> Delete on reboot.
D:\WINDOWS\system32\ljJBtqRK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
D:\WINDOWS\BM7314440b.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\BM7314440b.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
Reply With Quote
  #4  
Old October 21st, 2008, 08:56 AM
brianivory08 brianivory08 is offline
New Member
 
Join Date: Oct 2008
Posts: 12
SDFix: Version 1.236
Run by Brian Ivory on Sun 19/10/2008 at 11:51

Microsoft Windows XP [Version 5.1.2600]
Running From: D:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Windows Product ID To Remove Fake Virus Alert
Restoring Time Format To Remove Fake Virus Alert

Rebooting


Checking Files :

Trojan Files Found:

D:\WINDOWS\system32\nnnkKBqP.dll - Deleted
D:\WINDOWS\ESMF.EXE - Deleted
D:\Documents and Settings\Brian Ivory\Application Data\Adobe\crc.dat - Deleted
D:\Documents and Settings\Brian Ivory\Application Data\Adobe\Player.exe - Deleted
D:\Documents and Settings\Brian Ivory\Application Data\Adobe\Player.exe.bak - Deleted
D:\Documents and Settings\Brian Ivory\Desktop\Malware Defender.url - Deleted
D:\Documents and Settings\Brian Ivory\Favorites\Malware Defender.url - Deleted
D:\Documents and Settings\Brian Ivory\Desktop\Protect Your Privacy.url - Deleted
D:\Documents and Settings\Brian Ivory\Favorites\Protect Your Privacy.url - Deleted
D:\Documents and Settings\Brian Ivory\Desktop\System Error Fixer.url - Deleted
D:\Documents and Settings\Brian Ivory\Favorites\System Error Fixer.url - Deleted
D:\WINDOWS\mslagent\2_mslagent.dll - Deleted
D:\WINDOWS\mslagent\mslagent.exe - Deleted
D:\WINDOWS\mslagent\uninstall.exe - Deleted
D:\Program Files\akl\akl.dll - Deleted
D:\Program Files\akl\akl.exe - Deleted
D:\Program Files\akl\uninstall.exe - Deleted
D:\Program Files\akl\unsetup.exe - Deleted
D:\Program Files\Inet Delivery\inetdl.exe - Deleted
D:\Program Files\Inet Delivery\intdel.exe - Deleted
D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\pupdmgr.exe.bat - Deleted
D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\pwrmgr.exe.bat - Deleted
D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\smchk.exe.bat - Deleted
D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\windfr.exe.bat - Deleted
D:\WINDOWS\a.bat - Deleted
D:\WINDOWS\zip1.tmp - Deleted
D:\WINDOWS\zip2.tmp - Deleted
D:\WINDOWS\zip3.tmp - Deleted
D:\WINDOWS\zipped.tmp - Deleted
D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\myconfig.php.ba t - Deleted
D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\removalfile.bat - Deleted
D:\WINDOWS\a.bat - Deleted
D:\WINDOWS\base64.tmp - Deleted
D:\WINDOWS\bdn.com - Deleted
D:\WINDOWS\FVProtect.exe - Deleted
D:\WINDOWS\qrbgltos.dll - Deleted
D:\WINDOWS\iTunesMusic.exe - Deleted
D:\WINDOWS\lomxeqsn.exe - Deleted
D:\WINDOWS\mssecu.exe - Deleted
D:\WINDOWS\ngwstxfd.dll - Deleted
D:\WINDOWS\pskt.ini - Deleted
D:\WINDOWS\rosqxvmn.dll - Deleted
D:\WINDOWS\system32\akttzn.exe - Deleted
D:\WINDOWS\system32\anticipator.dll - Deleted
D:\WINDOWS\system32\awtoolb.dll - Deleted
D:\WINDOWS\system32\bdn.com - Deleted
D:\WINDOWS\system32\bsva-egihsg52.exe - Deleted
D:\WINDOWS\system32\dpcproxy.exe - Deleted
D:\WINDOWS\system32\emesx.dll - Deleted
D:\WINDOWS\system32\h@tkeysh@@k.dll - Deleted
D:\WINDOWS\system32\hoproxy.dll - Deleted
D:\WINDOWS\system32\hxiwlgpm.dat - Deleted
D:\WINDOWS\system32\hxiwlgpm.exe - Deleted
D:\WINDOWS\system32\medup012.dll - Deleted
D:\WINDOWS\system32\medup020.dll - Deleted
D:\WINDOWS\system32\msgp.exe - Deleted
D:\WINDOWS\system32\msnbho.dll - Deleted
D:\WINDOWS\system32\mssecu.exe - Deleted
D:\WINDOWS\system32\msvchost.exe - Deleted
D:\WINDOWS\system32\mtr2.exe - Deleted
D:\WINDOWS\system32\mwin32.exe - Deleted
D:\WINDOWS\system32\netode.exe - Deleted
D:\WINDOWS\system32\newsd32.exe - Deleted
D:\WINDOWS\system32\ps1.exe - Deleted
D:\WINDOWS\system32\psof1.exe - Deleted
D:\WINDOWS\system32\psoft1.exe - Deleted
D:\WINDOWS\system32\regc64.dll - Deleted
D:\WINDOWS\system32\regm64.dll - Deleted
D:\WINDOWS\system32\Rundl1.exe - Deleted
D:\WINDOWS\system32\smp\msrc.exe - Deleted
D:\WINDOWS\system32\sncntr.exe - Deleted
D:\WINDOWS\system32\ssurf022.dll - Deleted
D:\WINDOWS\system32\ssvchost.com - Deleted
D:\WINDOWS\system32\ssvchost.exe - Deleted
D:\WINDOWS\system32\sysreq.exe - Deleted
D:\WINDOWS\system32\taack.dat - Deleted
D:\WINDOWS\system32\taack.exe - Deleted
D:\WINDOWS\system32\temp#01.exe - Deleted
D:\WINDOWS\system32\thun.dll - Deleted
D:\WINDOWS\system32\thun32.dll - Deleted
D:\WINDOWS\system32\VBIEWER.OCX - Deleted
D:\WINDOWS\system32\vbsys2.dll - Deleted
D:\WINDOWS\system32\vcatchpi.dll - Deleted
D:\WINDOWS\system32\winlogonpc.exe - Deleted
D:\WINDOWS\system32\winsystem.exe - Deleted
D:\WINDOWS\system32\WINWGPX.EXE - Deleted
D:\WINDOWS\userconfig9x.dll - Deleted
D:\WINDOWS\winsystem.exe - Deleted



Folder D:\Program Files\akl - Removed
Folder D:\Program Files\Inet Delivery - Removed
Folder D:\WINDOWS\mslagent - Removed
Folder D:\WINDOWS\system32\smp - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-19 12:19:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"="D:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Documents and Settings\\Brian Ivory\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"="D: \\Documents and Settings\\Brian Ivory\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe:*:En abled:Google Chrome"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - D:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 31 Jul 2008 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 4 Jul 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\0c114cf5 b19927cfea8b29c83de1ed86\BIT17.tmp"
Fri 4 Jul 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\109fef93 c24da62cf8f31668d6ba9060\BIT1B.tmp"
Fri 4 Jul 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\131ae35a 2f5be2cefedd349d083bb253\BIT15.tmp"
Fri 4 Jul 2008 153,861 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\32e99364 da67a7850c38a7a4e067a1ed\BIT13.tmp"
Fri 4 Jul 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\55b5c397 ff94db07e8c1c336efaf0a7b\BIT1C.tmp"
Fri 4 Jul 2008 3,109,928 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\ab9217b6 e5750f9481b4ee261d21b730\BIT12.tmp"
Fri 4 Jul 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\c87932ae dce288373d0b6a6c23f00c8a\BIT16.tmp"
Fri 4 Jul 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\ed6cff8b ccff865b52b93292e144ada6\BIT14.tmp"

Finished!
Reply With Quote
  #5  
Old October 21st, 2008, 02:34 PM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Please post the OTListIt.txt and Extras.txt logs, so we can determine if there is additional malware or remnants to deal with.

Note: You may need to do consecutive posts (one after the other), if the logs are too long.
Reply With Quote
  #6  
Old October 22nd, 2008, 11:20 AM
brianivory08 brianivory08 is offline
New Member
 
Join Date: Oct 2008
Posts: 12
OTListIt logfile created on: 22/10/2008 9:17:17 PM - Run 2
OTListIt by OldTimer - Version 1.0.10.0 Folder = D:\Documents and Settings\Brian Ivory\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072;

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 48.83 Gb Total Space | 42.78 Gb Free Space | 87.62% Space Free | Partition Type: NTFS
Drive D: | 148.96 Gb Total Space | 132.10 Gb Free Space | 88.68% Space Free | Partition Type: NTFS
Drive E: | 184.05 Gb Total Space | 108.01 Gb Free Space | 58.69% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRIAN
Current User Name: Brian Ivory
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/28 16:39:23 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe
[2005/07/08 19:57:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\nvsvc32.exe
[2008/07/29 18:18:14 | 00,698,888 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
[2008/03/07 08:01:52 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\BM\TMBMSRV.exe
[2008/07/29 18:18:16 | 01,398,024 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
[2005/02/23 16:57:24 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- D:\Program Files\Creative\Mixer\CTSVolFE.exe
[2008/04/14 11:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wscntfy.exe
[2005/03/22 18:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- D:\WINDOWS\stsystra.exe
[2005/10/22 02:40:26 | 00,430,080 | ---- | M] (Dell) -- D:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
[2007/08/24 08:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[2008/06/12 03:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[2005/10/28 23:41:52 | 00,491,520 | ---- | M] ( ) -- D:\WINDOWS\system32\dlcccoms.exe
[2006/11/28 02:12:24 | 02,658,304 | ---- | M] () -- D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
[2008/08/11 10:24:32 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/09/28 16:39:55 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jusched.exe
[2008/04/14 11:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\msmsgs.exe
[2008/09/03 22:25:24 | 00,133,104 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2006/11/24 16:55:16 | 00,770,048 | ---- | M] (Realtek Semiconductor Corp.) -- D:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe
[2006/06/05 14:59:18 | 00,174,080 | ---- | M] (Nokia.) -- D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
[2008/03/17 16:58:10 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmPfw.exe
[2008/03/17 16:58:10 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmProxy.exe
[2008/03/06 14:52:28 | 00,542,032 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
[2008/03/06 14:52:31 | 00,157,008 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
[2008/09/14 21:20:53 | 00,634,368 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/10/22 21:17:06 | 00,418,816 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Brian Ivory\My Documents\Downloads\OTListIt (1).exe

========== (O23) Win32 Services ==========

[2005/10/28 23:41:52 | 00,491,520 | ---- | M] ( ) -- D:\WINDOWS\system32\dlcccoms.exe -- (dlcc_device [On_Demand | Running])
[2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/09/28 16:39:23 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2005/07/08 19:57:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/06/05 14:59:18 | 00,174,080 | ---- | M] (Nokia.) -- D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
[2008/07/29 18:18:14 | 00,698,888 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Running])
[2008/03/07 08:01:52 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Running])
[2008/03/17 16:58:10 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [On_Demand | Running])
[2008/03/17 16:58:10 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy [On_Demand | Running])
[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/07/04 02:27:25 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- D:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2005/03/23 07:49:09 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- D:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
[2005/03/31 18:04:52 | 00,180,736 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])
[2006/11/15 17:23:06 | 00,038,144 | ---- | M] (Windows (R) 2000 DDK provider) -- D:\WINDOWS\system32\drivers\EAPPkt.sys -- (EAPPkt [Auto | Running])
[2004/05/02 19:47:08 | 00,023,040 | R--- | M] () -- D:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv [On_Demand | Stopped])
[2008/04/14 03:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2008/04/14 05:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/10/18 17:53:59 | 00,038,224 | ---- | M] (Bluegem Security) -- D:\WINDOWS\system32\drivers\neokdss.sys -- (neokdss [On_Demand | Stopped])
[2006/05/29 09:26:36 | 00,008,704 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped])
[2006/05/29 09:26:36 | 00,013,312 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped])
[2006/05/29 09:26:38 | 00,127,488 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped])
[2006/05/29 09:26:36 | 00,013,312 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped])
[2005/07/08 19:57:00 | 03,198,304 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/08/04 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- D:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/11/08 19:51:54 | 00,062,336 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/23 23:31:42 | 00,304,896 | R--- | M] (Realtek Semiconductor Corporation ) -- D:\WINDOWS\system32\drivers\rtl8185.sys -- (rtl8185 [On_Demand | Running])
[2008/06/12 17:28:49 | 00,056,108 | ---- | M] (PowerISO Computing, Inc.) -- D:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2007/11/13 21:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- D:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/11/16 16:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- D:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2008/03/07 08:01:52 | 00,052,496 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Running])
[2008/03/07 08:01:52 | 00,333,328 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw [On_Demand | Running])
[2008/03/07 08:01:52 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/03/07 08:01:52 | 00,052,240 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Running])
[2008/07/18 20:08:32 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running])
[2008/03/07 08:01:52 | 00,065,936 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running])
[2008/07/18 20:08:38 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running])
[2008/07/18 19:51:32 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome
URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\C urrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0
Reply With Quote
  #7  
Old October 22nd, 2008, 11:21 AM
brianivory08 brianivory08 is offline
New Member
 
Join Date: Oct 2008
Posts: 12
HKU\S-1-5-21-2052111302-1767777339-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-2052111302-1767777339-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\S-1-5-21-2052111302-1767777339-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome
URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
HKU\S-1-5-21-2052111302-1767777339-839522115-1004\S-1-5-21-2052111302-1767777339-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

O1 HOSTS File: (686 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {AAD7932C-5E4E-403B-87F2-453337346AC8} - D:\WINDOWS\system32\qoMdCrsR.dll File not found
O2 - BHO: (TSToolbarBHO) - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - D:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Transaction Protector) - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - D:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll (Trend Micro Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTSVolFE] "D:\Program Files\Creative\Mixer\CTSVolFE.exe" /r (Creative Technology Ltd)
O4 - HKLM..\Run: [DLCCCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtim e.dll,_RunDLLEntry@16 ()
O4 - HKLM..\Run: [dlccmon.exe] "D:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" (Dell)
O4 - HKLM..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [NSLauncher] D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] "D:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)
O4 - HKCU..\Run: [Google Update] "D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-2052111302-1767777339-839522115-1004..\Run: [Google Update] "D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKU\S-1-5-21-2052111302-1767777339-839522115-1004..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8185 Wireless LAN Utility.lnk = D:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2052111302-1767777339-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2052111302-1767777339-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-1767777339-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler: - grooveLocalGWS - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - livecall - D:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-help - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - D:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler: - wlmailhtml - D:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/07/04 02:20:22 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{5038d919-524e-11dd-abb0-00052510d909}\Shell\AutoRun\command]
"" = M:\setupSNK.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[4 D:\WINDOWS\*.tmp files]
[2008/10/21 18:57:53 | 00,000,000 | -HSD | C] -- D:\Config.Msi
[2008/10/20 18:33:33 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Brian Ivory\My Documents\Bills
[2008/10/19 22:23:29 | 00,002,026 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\Desktop\VArestorepolicies.inf
[2008/10/19 16:57:01 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Brian Ivory\Application Data\Malwarebytes
[2008/10/19 16:56:55 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2008/10/19 16:56:55 | 00,000,696 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/19 16:56:53 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/19 16:56:52 | 00,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2008/10/19 16:56:52 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/19 16:55:21 | 02,351,120 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\Brian Ivory\Desktop\mbam-setup.exe
[2008/10/19 11:50:16 | 00,578,560 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\user32.dll
[2008/10/19 11:48:13 | 00,000,000 | ---D | C] -- D:\WINDOWS\ERUNT
[2008/10/19 11:47:20 | 00,000,000 | ---D | C] -- D:\SDFix
[2008/10/19 11:44:30 | 01,522,584 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\Desktop\SDFix (1).exe
[2008/10/18 17:53:45 | 00,038,224 | ---- | C] (Bluegem Security) -- D:\WINDOWS\System32\drivers\neokdss.sys
[2008/10/18 17:53:03 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Brian Ivory\Desktop\aa
[2008/10/18 17:29:36 | 00,005,767 | ---- | C] () -- D:\WINDOWS\System32\navuklst.dll
[2008/10/18 17:27:43 | 00,005,769 | ---- | C] () -- D:\WINDOWS\System32\ydkevghc.dll
[2008/10/17 18:35:39 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Brian Ivory\Application Data\WinRAR
[2008/10/17 18:35:26 | 00,000,000 | ---D | C] -- D:\Program Files\WinRAR
[2008/10/17 18:34:53 | 01,234,120 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\Desktop\wrar380.exe
[2008/10/17 13:06:26 | 00,012,682 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\My Documents\Planner.xlsx
[2008/10/17 13:04:33 | 00,005,767 | ---- | C] () -- D:\WINDOWS\System32\fmninxve.dll
[2008/10/17 13:02:13 | 00,005,769 | ---- | C] () -- D:\WINDOWS\System32\avgyuuvl.dll
[2008/10/17 12:55:23 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\tedopifu
[2008/10/17 12:55:11 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Brian Ivory\Application Data\TmpRecentIcons
[2008/10/17 02:19:54 | 00,333,824 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\srv.sys
[2008/10/17 02:18:57 | 01,846,400 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/17 02:18:49 | 02,145,280 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/17 02:18:45 | 02,189,184 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/17 02:18:43 | 02,023,936 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/17 02:18:38 | 02,066,048 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/09/29 23:23:34 | 00,009,609 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\Desktop\trade game.xlsx


========== Files - Modified Within 30 Days ==========

[1 D:\WINDOWS\System32\*.tmp files]
[4 D:\WINDOWS\*.tmp files]
[2008/10/22 21:13:58 | 00,029,204 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml
[2008/10/22 21:13:52 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2008/10/22 21:13:51 | 00,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2008/10/22 21:13:49 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2008/10/20 00:08:18 | 05,361,608 | -H-- | M] () -- D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\IconCache.db
[2008/10/19 16:56:55 | 00,000,696 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/19 16:56:09 | 02,351,120 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Brian Ivory\Desktop\mbam-setup.exe
[2008/10/19 11:51:25 | 00,000,686 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\HOSTS
[2008/10/19 11:50:16 | 00,578,560 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\user32.dll
[2008/10/19 11:44:30 | 01,522,584 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\Desktop\SDFix (1).exe
[2008/10/19 00:11:18 | 00,000,589 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\My Documents\My Sharing Folders.lnk
[2008/10/18 17:53:59 | 00,038,224 | ---- | M] (Bluegem Security) -- D:\WINDOWS\System32\drivers\neokdss.sys
[2008/10/18 17:53:45 | 00,192,512 | ---- | M] (킹스정보통신) -- D:\WINDOWS\System32\kdfvmgr.exe
[2008/10/18 17:53:45 | 00,077,824 | ---- | M] (Kings Information & Network) -- D:\WINDOWS\System32\kdfapi.dll
[2008/10/18 17:53:45 | 00,053,248 | ---- | M] (Kings Information & Network) -- D:\WINDOWS\System32\Kdfhok.dll
[2008/10/18 17:53:44 | 00,722,472 | ---- | M] (Bluegem Security) -- D:\WINDOWS\System32\kdfmgr.exe
[2008/10/18 17:30:21 | 00,000,000 | ---- | M] () -- D:\Documents and Settings\All Users\Documents\{499663EE-202C-4468-874C-198A9E0BC058}
[2008/10/18 17:29:36 | 00,005,767 | ---- | M] () -- D:\WINDOWS\System32\navuklst.dll
[2008/10/18 17:27:43 | 00,005,769 | ---- | M] () -- D:\WINDOWS\System32\ydkevghc.dll
[2008/10/17 18:35:18 | 01,234,120 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\Desktop\wrar380.exe
[2008/10/17 13:06:26 | 00,012,682 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\My Documents\Planner.xlsx
[2008/10/17 13:04:33 | 00,005,767 | ---- | M] () -- D:\WINDOWS\System32\fmninxve.dll
[2008/10/17 13:02:13 | 00,005,769 | ---- | M] () -- D:\WINDOWS\System32\avgyuuvl.dll
[2008/10/17 10:57:40 | 00,261,432 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/17 10:52:33 | 00,001,393 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2008/10/16 20:25:46 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/16 20:25:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2008/10/08 06:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\MRT.exe
[2008/10/05 15:16:38 | 00,360,124 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/05 15:16:38 | 00,314,508 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2008/10/05 15:16:38 | 00,040,836 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2008/10/04 04:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\ieframe.dll
[2008/10/04 04:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ieframe.dll
[2008/09/29 23:23:34 | 00,009,609 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\Desktop\trade game.xlsx

< End of report >
Reply With Quote
  #8  
Old October 22nd, 2008, 11:24 AM
brianivory08 brianivory08 is offline
New Member
 
Join Date: Oct 2008
Posts: 12
OTListIt Extras logfile created on: 22/10/2008 9:17:17 PM - Run 2
OTListIt by OldTimer - Version 1.0.10.0 Folder = D:\Documents and Settings\Brian Ivory\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072;

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 48.83 Gb Total Space | 42.78 Gb Free Space | 87.62% Space Free | Partition Type: NTFS
Drive D: | 148.96 Gb Total Space | 132.10 Gb Free Space | 88.68% Space Free | Partition Type: NTFS
Drive E: | 184.05 Gb Total Space | 108.01 Gb Free Space | 58.69% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRIAN
Current User Name: Brian Ivory
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
[2008/04/14 05:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
[2008/04/14 05:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/10/10 23:14:48 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/05/21 05:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2007/08/29 01:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2008/05/21 06:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2008/07/11 03:58:58 | 11,825,152 | ---- | M] (Ensemble Studios) -- D:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/09/14 21:20:53 | 00,634,368 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enable d:Google Chrome

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{0E94871C-623C-464F-A117-B8474BFF84E1}" = Nokia MTP driver
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{5CCABD37-479D-4304-B1A5-67952C25F8F2}" = Nokia Software Launcher
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security Pro
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95774351-6087-3A3B-8CA8-70BEE49D2BD5}" = Google Gears
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security Pro
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AAB32978-ADDE-4CE8-A9D2-754AEC0C4CD1}" = REALTEK RTL8185 Wireless LAN Driver and Utility
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com
"CTMBDemo" = Sound Blaster Audigy ADVANCED MB Demo
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"DVD to VCD AVI DivX Converter v3.2 (build 069)" = DVD to VCD AVI DivX Converter v3.2 (build 069)
"Elecard MPEG-2 Decoder&Streaming Plug-in for WMP 3.6.80523" = Elecard MPEG-2 Decoder&Streaming Plug-in for WMP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"e-tax 2008" = e-tax 2008
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MIXERLITE" = Mixer
"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec

Last edited by brianivory08; October 22nd, 2008 at 11:26 AM.
Reply With Quote
  #9  
Old October 22nd, 2008, 11:26 AM
brianivory08 brianivory08 is offline
New Member
 
Join Date: Oct 2008
Posts: 12
========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Footy Fanatic FX" = Footy Fanatic FX
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2052111302-1767777339-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"Footy Fanatic FX" = Footy Fanatic FX
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/10/2008 6:31:56 AM | Computer Name = BRIAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 9/10/2008 6:10:18 AM | Computer Name = BRIAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/10/2008 4:40:19 AM | Computer Name = BRIAN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module unknown, version 0.0.0.0, fault address 0x02455bd0.

Error - 10/10/2008 8:56:24 AM | Computer Name = BRIAN | Source = Application Hang | ID = 1002
Description = Hanging application realplay.exe, version 11.0.0.446, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/10/2008 11:19:25 PM | Computer Name = BRIAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 12/10/2008 3:59:46 AM | Computer Name = BRIAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 16/10/2008 11:08:55 AM | Computer Name = BRIAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 16/10/2008 7:45:34 PM | Computer Name = BRIAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 19/10/2008 1:37:01 AM | Computer Name = BRIAN | Source = Google Update | ID = 20
Description =

Error - 21/10/2008 3:47:45 AM | Computer Name = BRIAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 18/10/2008 8:47:15 PM | Computer Name = BRIAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 18/10/2008 8:47:50 PM | Computer Name = BRIAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 18/10/2008 8:48:01 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 18/10/2008 8:48:01 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 18/10/2008 8:48:01 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 18/10/2008 8:48:01 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 18/10/2008 8:48:01 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip tmtdi

Error - 18/10/2008 8:48:02 PM | Computer Name = BRIAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 19/10/2008 1:49:09 AM | Computer Name = BRIAN | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00052510D909. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 21/10/2008 3:47:45 AM | Computer Name = BRIAN | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00052510D909. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.


< End of report >
Reply With Quote
  #10  
Old October 23rd, 2008, 03:08 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Please download OTMoveIt3 to the Desktop.

Double-click on to run it.

Copy and paste all of the following inside the code box below into the Paste List Of File/Folders To Move area of OTMoveIt3

Code:
:processes 
explorer.exe 
:files 
D:\WINDOWS\System32\navuklst.dll
D:\WINDOWS\System32\ydkevghc.dll
D:\WINDOWS\System32\fmninxve.dll
D:\WINDOWS\System32\avgyuuvl.dll
D:\Documents and Settings\All Users\Application Data\tedopifu
D:\Documents and Settings\Brian Ivory\Application Data\TmpRecentIcons
:commands 
[emptytemp] 
[start explorer]
Click the red Moveit! button

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the moving process. If you are asked to reboot the machine choose Yes.

Please copy/Paste the contents under Results in your reply. However, if the machine was rebooted and you are unable to copy/paste from the Results window:
Open Notepad (Start > All Programs > Accessories > Notepad)
Click: File > Open
In the File Name box enter *.log and press the Enter key
Navigate to the C:\_OTMoveIt\MovedFiles folder
Open the newest .log file present

Close OTMoveIt3

Please provide the OTMoveIt3 log contents in your reply.
Reply With Quote
  #11  
Old October 25th, 2008, 01:46 AM
brianivory08 brianivory08 is offline
New Member
 
Join Date: Oct 2008
Posts: 12
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
LoadLibrary failed for D:\WINDOWS\System32\navuklst.dll
D:\WINDOWS\System32\navuklst.dll NOT unregistered.
D:\WINDOWS\System32\navuklst.dll moved successfully.
LoadLibrary failed for D:\WINDOWS\System32\ydkevghc.dll
D:\WINDOWS\System32\ydkevghc.dll NOT unregistered.
D:\WINDOWS\System32\ydkevghc.dll moved successfully.
LoadLibrary failed for D:\WINDOWS\System32\fmninxve.dll
D:\WINDOWS\System32\fmninxve.dll NOT unregistered.
D:\WINDOWS\System32\fmninxve.dll moved successfully.
LoadLibrary failed for D:\WINDOWS\System32\avgyuuvl.dll
D:\WINDOWS\System32\avgyuuvl.dll NOT unregistered.
D:\WINDOWS\System32\avgyuuvl.dll moved successfully.
D:\Documents and Settings\All Users\Application Data\tedopifu moved successfully.
D:\Documents and Settings\Brian Ivory\Application Data\TmpRecentIcons moved successfully.
========== COMMANDS ==========
File delete failed. D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\etilqs_drFCKvgy 86UAtWQ scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\etilqs_nHpxi72L b3aYveq scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. D:\WINDOWS\temp\Perflib_Perfdata_36c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10252008_114025

Files moved on Reboot...
File D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\etilqs_drFCKvgy 86UAtWQ not found!
File D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\etilqs_nHpxi72L b3aYveq not found!
File move failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File D:\WINDOWS\temp\Perflib_Perfdata_36c.dat not found!
Reply With Quote
  #12  
Old October 25th, 2008, 03:45 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Please run OTListIt once again, and post the OTListIt.txt in your reply.
Reply With Quote
  #13  
Old October 25th, 2008, 04:50 AM
brianivory08 brianivory08 is offline
New Member
 
Join Date: Oct 2008
Posts: 12
OTListIt logfile created on: 25/10/2008 2:48:39 PM - Run 3
OTListIt by OldTimer - Version 1.0.10.0 Folder = D:\Documents and Settings\Brian Ivory\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.99 Gb Available in Paging File | 99.70% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072;

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 48.83 Gb Total Space | 44.51 Gb Free Space | 91.15% Space Free | Partition Type: NTFS
Drive D: | 148.96 Gb Total Space | 132.21 Gb Free Space | 88.75% Space Free | Partition Type: NTFS
Drive E: | 184.05 Gb Total Space | 108.01 Gb Free Space | 58.69% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRIAN
Current User Name: Brian Ivory
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/28 16:39:23 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe
[2005/07/08 19:57:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\nvsvc32.exe
[2008/07/29 18:18:14 | 00,698,888 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
[2008/03/07 08:01:52 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\BM\TMBMSRV.exe
[2008/07/29 18:18:16 | 01,398,024 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
[2008/04/14 11:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wscntfy.exe
[2008/03/17 16:58:10 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmPfw.exe
[2008/03/17 16:58:10 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmProxy.exe
[2005/02/23 16:57:24 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- D:\Program Files\Creative\Mixer\CTSVolFE.exe
[2005/03/22 18:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- D:\WINDOWS\stsystra.exe
[2005/10/22 02:40:26 | 00,430,080 | ---- | M] (Dell) -- D:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
[2007/08/24 08:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[2006/11/28 02:12:24 | 02,658,304 | ---- | M] () -- D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
[2008/08/11 10:24:32 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/09/28 16:39:55 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jusched.exe
[2008/04/14 11:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\msmsgs.exe
[2008/09/03 22:25:24 | 00,133,104 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2006/11/24 16:55:16 | 00,770,048 | ---- | M] (Realtek Semiconductor Corp.) -- D:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe
[2005/10/28 23:41:52 | 00,491,520 | ---- | M] ( ) -- D:\WINDOWS\system32\dlcccoms.exe
[2006/06/05 14:59:18 | 00,174,080 | ---- | M] (Nokia.) -- D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
[2008/03/06 14:52:28 | 00,542,032 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
[2008/03/06 14:52:31 | 00,157,008 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
[2008/09/14 21:20:53 | 00,634,368 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/09/14 21:20:53 | 00,634,368 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/09/14 21:20:53 | 00,634,368 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/10/19 22:25:49 | 00,418,816 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Brian Ivory\My Documents\Downloads\OTListIt.exe

========== (O23) Win32 Services ==========

[2005/10/28 23:41:52 | 00,491,520 | ---- | M] ( ) -- D:\WINDOWS\system32\dlcccoms.exe -- (dlcc_device [On_Demand | Running])
[2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/09/28 16:39:23 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2005/07/08 19:57:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/06/05 14:59:18 | 00,174,080 | ---- | M] (Nokia.) -- D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
[2008/07/29 18:18:14 | 00,698,888 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Running])
[2008/03/07 08:01:52 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Running])
[2008/03/17 16:58:10 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [On_Demand | Running])
[2008/03/17 16:58:10 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy [On_Demand | Running])
[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/07/04 02:27:25 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- D:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2005/03/23 07:49:09 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- D:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
[2005/03/31 18:04:52 | 00,180,736 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])
[2006/11/15 17:23:06 | 00,038,144 | ---- | M] (Windows (R) 2000 DDK provider) -- D:\WINDOWS\system32\drivers\EAPPkt.sys -- (EAPPkt [Auto | Running])
[2004/05/02 19:47:08 | 00,023,040 | R--- | M] () -- D:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv [On_Demand | Stopped])
[2008/04/14 03:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2008/04/14 05:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/10/18 17:53:59 | 00,038,224 | ---- | M] (Bluegem Security) -- D:\WINDOWS\system32\drivers\neokdss.sys -- (neokdss [On_Demand | Stopped])
[2006/05/29 09:26:36 | 00,008,704 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped])
[2006/05/29 09:26:36 | 00,013,312 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped])
[2006/05/29 09:26:38 | 00,127,488 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped])
[2006/05/29 09:26:36 | 00,013,312 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped])
[2005/07/08 19:57:00 | 03,198,304 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/08/04 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- D:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/11/08 19:51:54 | 00,062,336 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/23 23:31:42 | 00,304,896 | R--- | M] (Realtek Semiconductor Corporation ) -- D:\WINDOWS\system32\drivers\rtl8185.sys -- (rtl8185 [On_Demand | Running])
[2008/06/12 17:28:49 | 00,056,108 | ---- | M] (PowerISO Computing, Inc.) -- D:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2007/11/13 21:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- D:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/11/16 16:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- D:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2008/03/07 08:01:52 | 00,052,496 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Running])
[2008/03/07 08:01:52 | 00,333,328 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw [On_Demand | Running])
[2008/03/07 08:01:52 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/03/07 08:01:52 | 00,052,240 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Running])
[2008/07/18 20:08:32 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running])
[2008/03/07 08:01:52 | 00,065,936 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running])
[2008/07/18 20:08:38 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running])
[2008/07/18 19:51:32 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome
URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
Reply With Quote
  #14  
Old October 25th, 2008, 04:51 AM
brianivory08 brianivory08 is offline
New Member
 
Join Date: Oct 2008
Posts: 12
========== (O23) Win32 Services ==========

[2005/10/28 23:41:52 | 00,491,520 | ---- | M] ( ) -- D:\WINDOWS\system32\dlcccoms.exe -- (dlcc_device [On_Demand | Running])
[2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/09/28 16:39:23 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2005/07/08 19:57:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/06/05 14:59:18 | 00,174,080 | ---- | M] (Nokia.) -- D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
[2008/07/29 18:18:14 | 00,698,888 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Running])
[2008/03/07 08:01:52 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Running])
[2008/03/17 16:58:10 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [On_Demand | Running])
[2008/03/17 16:58:10 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy [On_Demand | Running])
[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/07/04 02:27:25 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- D:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2005/03/23 07:49:09 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- D:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
[2005/03/31 18:04:52 | 00,180,736 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])
[2006/11/15 17:23:06 | 00,038,144 | ---- | M] (Windows (R) 2000 DDK provider) -- D:\WINDOWS\system32\drivers\EAPPkt.sys -- (EAPPkt [Auto | Running])
[2004/05/02 19:47:08 | 00,023,040 | R--- | M] () -- D:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv [On_Demand | Stopped])
[2008/04/14 03:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2008/04/14 05:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/10/18 17:53:59 | 00,038,224 | ---- | M] (Bluegem Security) -- D:\WINDOWS\system32\drivers\neokdss.sys -- (neokdss [On_Demand | Stopped])
[2006/05/29 09:26:36 | 00,008,704 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped])
[2006/05/29 09:26:36 | 00,013,312 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped])
[2006/05/29 09:26:38 | 00,127,488 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped])
[2006/05/29 09:26:36 | 00,013,312 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped])
[2005/07/08 19:57:00 | 03,198,304 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/08/04 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- D:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/11/08 19:51:54 | 00,062,336 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/23 23:31:42 | 00,304,896 | R--- | M] (Realtek Semiconductor Corporation ) -- D:\WINDOWS\system32\drivers\rtl8185.sys -- (rtl8185 [On_Demand | Running])
[2008/06/12 17:28:49 | 00,056,108 | ---- | M] (PowerISO Computing, Inc.) -- D:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2007/11/13 21:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- D:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/11/16 16:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- D:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2008/03/07 08:01:52 | 00,052,496 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Running])
[2008/03/07 08:01:52 | 00,333,328 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw [On_Demand | Running])
[2008/03/07 08:01:52 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/03/07 08:01:52 | 00,052,240 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Running])
[2008/07/18 20:08:32 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running])
[2008/03/07 08:01:52 | 00,065,936 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running])
[2008/07/18 20:08:38 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running])
[2008/07/18 19:51:32 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome
URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

O1 HOSTS File: (686 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {AAD7932C-5E4E-403B-87F2-453337346AC8} - D:\WINDOWS\system32\qoMdCrsR.dll File not found
O2 - BHO: (TSToolbarBHO) - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - D:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Transaction Protector) - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - D:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll (Trend Micro Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTSVolFE] "D:\Program Files\Creative\Mixer\CTSVolFE.exe" /r (Creative Technology Ltd)
O4 - HKLM..\Run: [DLCCCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtim e.dll,_RunDLLEntry@16 ()
O4 - HKLM..\Run: [dlccmon.exe] "D:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" (Dell)
O4 - HKLM..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [NSLauncher] D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] "D:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)
O4 - HKCU..\Run: [Google Update] "D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8185 Wireless LAN Utility.lnk = D:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler: - grooveLocalGWS - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - livecall - D:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-help - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - D:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler: - wlmailhtml - D:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Reply With Quote
  #15  
Old October 25th, 2008, 04:51 AM
brianivory08 brianivory08 is offline
New Member
 
Join Date: Oct 2008
Posts: 12
========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/07/04 02:20:22 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{5038d919-524e-11dd-abb0-00052510d909}\Shell\AutoRun\command]
"" = M:\setupSNK.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[4 D:\WINDOWS\*.tmp files]
[2008/10/25 11:40:25 | 00,000,000 | ---D | C] -- D:\_OTMoveIt
[2008/10/21 18:57:53 | 00,000,000 | -HSD | C] -- D:\Config.Msi
[2008/10/20 18:33:33 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Brian Ivory\My Documents\Bills
[2008/10/19 22:23:29 | 00,002,026 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\Desktop\VArestorepolicies.inf
[2008/10/19 16:57:01 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Brian Ivory\Application Data\Malwarebytes
[2008/10/19 16:56:55 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2008/10/19 16:56:55 | 00,000,696 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/19 16:56:53 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/19 16:56:52 | 00,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2008/10/19 16:56:52 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/19 16:55:21 | 02,351,120 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\Brian Ivory\Desktop\mbam-setup.exe
[2008/10/19 11:50:16 | 00,578,560 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\user32.dll
[2008/10/19 11:48:13 | 00,000,000 | ---D | C] -- D:\WINDOWS\ERUNT
[2008/10/19 11:47:20 | 00,000,000 | ---D | C] -- D:\SDFix
[2008/10/19 11:44:30 | 01,522,584 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\Desktop\SDFix (1).exe
[2008/10/18 17:53:45 | 00,038,224 | ---- | C] (Bluegem Security) -- D:\WINDOWS\System32\drivers\neokdss.sys
[2008/10/18 17:53:03 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Brian Ivory\Desktop\aa
[2008/10/17 18:35:39 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Brian Ivory\Application Data\WinRAR
[2008/10/17 18:35:26 | 00,000,000 | ---D | C] -- D:\Program Files\WinRAR
[2008/10/17 18:34:53 | 01,234,120 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\Desktop\wrar380.exe
[2008/10/17 13:06:26 | 00,012,682 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\My Documents\Planner.xlsx
[2008/10/17 02:19:54 | 00,333,824 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\srv.sys
[2008/10/17 02:18:57 | 01,846,400 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/17 02:18:49 | 02,145,280 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/17 02:18:45 | 02,189,184 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/17 02:18:43 | 02,023,936 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/17 02:18:38 | 02,066,048 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/09/29 23:23:34 | 00,009,609 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\Desktop\trade game.xlsx


========== Files - Modified Within 30 Days ==========

[1 D:\WINDOWS\System32\*.tmp files]
[4 D:\WINDOWS\*.tmp files]
[2008/10/25 11:45:34 | 00,029,204 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml
[2008/10/25 11:44:48 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2008/10/25 11:44:47 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2008/10/25 11:43:44 | 05,362,468 | -H-- | M] () -- D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\IconCache.db
[2008/10/25 11:37:02 | 00,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2008/10/22 21:38:49 | 00,000,589 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\My Documents\My Sharing Folders.lnk
[2008/10/19 16:56:55 | 00,000,696 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/19 16:56:09 | 02,351,120 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Brian Ivory\Desktop\mbam-setup.exe
[2008/10/19 11:51:25 | 00,000,686 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\HOSTS
[2008/10/19 11:50:16 | 00,578,560 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\user32.dll
[2008/10/19 11:44:30 | 01,522,584 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\Desktop\SDFix (1).exe
[2008/10/18 17:53:59 | 00,038,224 | ---- | M] (Bluegem Security) -- D:\WINDOWS\System32\drivers\neokdss.sys
[2008/10/18 17:53:45 | 00,192,512 | ---- | M] (킹스정보통신) -- D:\WINDOWS\System32\kdfvmgr.exe
[2008/10/18 17:53:45 | 00,077,824 | ---- | M] (Kings Information & Network) -- D:\WINDOWS\System32\kdfapi.dll
[2008/10/18 17:53:45 | 00,053,248 | ---- | M] (Kings Information & Network) -- D:\WINDOWS\System32\Kdfhok.dll
[2008/10/18 17:53:44 | 00,722,472 | ---- | M] (Bluegem Security) -- D:\WINDOWS\System32\kdfmgr.exe
[2008/10/18 17:30:21 | 00,000,000 | ---- | M] () -- D:\Documents and Settings\All Users\Documents\{499663EE-202C-4468-874C-198A9E0BC058}
[2008/10/17 18:35:18 | 01,234,120 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\Desktop\wrar380.exe
[2008/10/17 13:06:26 | 00,012,682 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\My Documents\Planner.xlsx
[2008/10/17 10:57:40 | 00,261,432 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/17 10:52:33 | 00,001,393 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2008/10/16 20:25:46 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/16 20:25:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2008/10/08 06:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\MRT.exe
[2008/10/05 15:16:38 | 00,360,124 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/05 15:16:38 | 00,314,508 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2008/10/05 15:16:38 | 00,040,836 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2008/10/04 04:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\ieframe.dll
[2008/10/04 04:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ieframe.dll
[2008/09/29 23:23:34 | 00,009,609 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\Desktop\trade game.xlsx

< End of report >
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 07:35 PM.