|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
help!!! VIRUS ALERT
i have a bad virus, my time/date is showing VIRUS ALERT!. i cant acess any menus in my start menu
i ran hijackthis and this is my log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:33: VIRUS ALERT!, on 18/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\nvsvc32.exe D:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Trend Micro\BM\TMBMSRV.exe D:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe D:\Program Files\Trend Micro\Internet Security\TmProxy.exe D:\Documents and Settings\All Users\Application Data\tedopifu\bcjytute.exe D:\Program Files\Creative\Mixer\CTSVolFE.exe D:\WINDOWS\stsystra.exe D:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe D:\WINDOWS\system32\dlcccoms.exe D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Java\jre6\bin\jusched.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Messenger\msmsgs.exe D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe D:\WINDOWS\system32\jglqvsbc.exe D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe D:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe D:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe D:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Trend Micro\Internet Security\UfNavi.exe D:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\H SChkProxyExe.exe D:\Program Files\Trend Micro\Internet Security\UfNavi.exe D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Brian Ivory\My Documents\Downloads\HiJackThis.exe D:\WINDOWS\system32\jglqvsbc.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - D:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll O3 - Toolbar: rosqxvmn - {148BDBE0-051C-4B70-84B3-889274D33E60} - D:\WINDOWS\rosqxvmn.dll O4 - HKLM\..\Run: [CTSVolFE] "D:\Program Files\Creative\Mixer\CTSVolFE.exe" /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DLCCCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtim e.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [dlccmon.exe] "D:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" O4 - HKLM\..\Run: [UfSeAgnt.exe] "D:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NSLauncher] D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WebSrv] D:\WINDOWS\system32\jglqvsbc.exe O4 - HKLM\..\Policies\Explorer\Run: [cIV2dUEeBN] D:\Documents and Settings\All Users\Application Data\tedopifu\bcjytute.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O21 - SSODL: ngwstxfd - {3064DFED-E1DB-44EC-BE78-C29BD5F16326} - D:\WINDOWS\ngwstxfd.dll O21 - SSODL: qrbgltos - {79D97DF3-AC58-4FD0-A097-D4A7FD81C7F4} - D:\WINDOWS\qrbgltos.dll O23 - Service: dlcc_device - - D:\WINDOWS\system32\dlcccoms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - D:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - D:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 8211 bytes any help would be realy appreciated!! |
#2
|
||||
|
||||
Please download SDFix
Save it to the Desktop Now, reboot to Safe Mode
Next, download Malwarebytes' Anti-Malware (MBAM) Save the program to the Desktop Close all Windows, including this one. (Print the instructions first) On the Desktop, double-click mbam-setup.exe to install the program, and follow the prompts
Download VArestorepolicies Right-click and select: Extract all… Open the VArestorepolicies folder, right-click the file VArestorepolicies, and select: Install ~~~~ Next, download OTListIt Save it to the Desktop
Please provide the following in your reply: The contents of the SDFix Report.txt The MBAM report The OTListIt.txt and Extras.txt logs Note: You may need to do consecutive posts (one after the other), if the logs are too long. |
#3
|
|||
|
|||
Malwarebytes' Anti-Malware 1.29
Database version: 1288 Windows 5.1.2600 Service Pack 3 19/10/2008 5:03:13 PM mbam-log-2008-10-19 (17-03-13).txt Scan type: Quick Scan Objects scanned: 47680 Time elapsed: 4 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 7 Registry Values Infected: 3 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: D:\WINDOWS\system32\efcCvWmN.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{960a9fa2-eaa1-4ff8-a500-69acff2595f6} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{960a9fa2-eaa1-4ff8-a500-69acff2595f6} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\rosqxvmn.bnml (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\rosqxvmn.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\websrv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification Packages (Trojan.Vundo.H) -> Data: d:\windows\system32\efccvwmn -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: d:\windows\system32\efccvwmn -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: D:\WINDOWS\system32\efcCvWmN.dll (Trojan.Vundo.H) -> Delete on reboot. D:\WINDOWS\system32\NmWvCcfe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. D:\WINDOWS\system32\NmWvCcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. D:\WINDOWS\system32\jglqvsbc.exe (Trojan.FakeAlert.H) -> Delete on reboot. D:\WINDOWS\system32\ljJBtqRK.dll (Trojan.Vundo) -> Quarantined and deleted successfully. D:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. D:\WINDOWS\BM7314440b.xml (Trojan.Vundo) -> Quarantined and deleted successfully. D:\WINDOWS\BM7314440b.txt (Trojan.Vundo) -> Quarantined and deleted successfully. |
#4
|
|||
|
|||
SDFix: Version 1.236
Run by Brian Ivory on Sun 19/10/2008 at 11:51 Microsoft Windows XP [Version 5.1.2600] Running From: D:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value Restoring Windows Product ID To Remove Fake Virus Alert Restoring Time Format To Remove Fake Virus Alert Rebooting Checking Files : Trojan Files Found: D:\WINDOWS\system32\nnnkKBqP.dll - Deleted D:\WINDOWS\ESMF.EXE - Deleted D:\Documents and Settings\Brian Ivory\Application Data\Adobe\crc.dat - Deleted D:\Documents and Settings\Brian Ivory\Application Data\Adobe\Player.exe - Deleted D:\Documents and Settings\Brian Ivory\Application Data\Adobe\Player.exe.bak - Deleted D:\Documents and Settings\Brian Ivory\Desktop\Malware Defender.url - Deleted D:\Documents and Settings\Brian Ivory\Favorites\Malware Defender.url - Deleted D:\Documents and Settings\Brian Ivory\Desktop\Protect Your Privacy.url - Deleted D:\Documents and Settings\Brian Ivory\Favorites\Protect Your Privacy.url - Deleted D:\Documents and Settings\Brian Ivory\Desktop\System Error Fixer.url - Deleted D:\Documents and Settings\Brian Ivory\Favorites\System Error Fixer.url - Deleted D:\WINDOWS\mslagent\2_mslagent.dll - Deleted D:\WINDOWS\mslagent\mslagent.exe - Deleted D:\WINDOWS\mslagent\uninstall.exe - Deleted D:\Program Files\akl\akl.dll - Deleted D:\Program Files\akl\akl.exe - Deleted D:\Program Files\akl\uninstall.exe - Deleted D:\Program Files\akl\unsetup.exe - Deleted D:\Program Files\Inet Delivery\inetdl.exe - Deleted D:\Program Files\Inet Delivery\intdel.exe - Deleted D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\pupdmgr.exe.bat - Deleted D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\pwrmgr.exe.bat - Deleted D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\smchk.exe.bat - Deleted D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\windfr.exe.bat - Deleted D:\WINDOWS\a.bat - Deleted D:\WINDOWS\zip1.tmp - Deleted D:\WINDOWS\zip2.tmp - Deleted D:\WINDOWS\zip3.tmp - Deleted D:\WINDOWS\zipped.tmp - Deleted D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\myconfig.php.ba t - Deleted D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\removalfile.bat - Deleted D:\WINDOWS\a.bat - Deleted D:\WINDOWS\base64.tmp - Deleted D:\WINDOWS\bdn.com - Deleted D:\WINDOWS\FVProtect.exe - Deleted D:\WINDOWS\qrbgltos.dll - Deleted D:\WINDOWS\iTunesMusic.exe - Deleted D:\WINDOWS\lomxeqsn.exe - Deleted D:\WINDOWS\mssecu.exe - Deleted D:\WINDOWS\ngwstxfd.dll - Deleted D:\WINDOWS\pskt.ini - Deleted D:\WINDOWS\rosqxvmn.dll - Deleted D:\WINDOWS\system32\akttzn.exe - Deleted D:\WINDOWS\system32\anticipator.dll - Deleted D:\WINDOWS\system32\awtoolb.dll - Deleted D:\WINDOWS\system32\bdn.com - Deleted D:\WINDOWS\system32\bsva-egihsg52.exe - Deleted D:\WINDOWS\system32\dpcproxy.exe - Deleted D:\WINDOWS\system32\emesx.dll - Deleted D:\WINDOWS\system32\h@tkeysh@@k.dll - Deleted D:\WINDOWS\system32\hoproxy.dll - Deleted D:\WINDOWS\system32\hxiwlgpm.dat - Deleted D:\WINDOWS\system32\hxiwlgpm.exe - Deleted D:\WINDOWS\system32\medup012.dll - Deleted D:\WINDOWS\system32\medup020.dll - Deleted D:\WINDOWS\system32\msgp.exe - Deleted D:\WINDOWS\system32\msnbho.dll - Deleted D:\WINDOWS\system32\mssecu.exe - Deleted D:\WINDOWS\system32\msvchost.exe - Deleted D:\WINDOWS\system32\mtr2.exe - Deleted D:\WINDOWS\system32\mwin32.exe - Deleted D:\WINDOWS\system32\netode.exe - Deleted D:\WINDOWS\system32\newsd32.exe - Deleted D:\WINDOWS\system32\ps1.exe - Deleted D:\WINDOWS\system32\psof1.exe - Deleted D:\WINDOWS\system32\psoft1.exe - Deleted D:\WINDOWS\system32\regc64.dll - Deleted D:\WINDOWS\system32\regm64.dll - Deleted D:\WINDOWS\system32\Rundl1.exe - Deleted D:\WINDOWS\system32\smp\msrc.exe - Deleted D:\WINDOWS\system32\sncntr.exe - Deleted D:\WINDOWS\system32\ssurf022.dll - Deleted D:\WINDOWS\system32\ssvchost.com - Deleted D:\WINDOWS\system32\ssvchost.exe - Deleted D:\WINDOWS\system32\sysreq.exe - Deleted D:\WINDOWS\system32\taack.dat - Deleted D:\WINDOWS\system32\taack.exe - Deleted D:\WINDOWS\system32\temp#01.exe - Deleted D:\WINDOWS\system32\thun.dll - Deleted D:\WINDOWS\system32\thun32.dll - Deleted D:\WINDOWS\system32\VBIEWER.OCX - Deleted D:\WINDOWS\system32\vbsys2.dll - Deleted D:\WINDOWS\system32\vcatchpi.dll - Deleted D:\WINDOWS\system32\winlogonpc.exe - Deleted D:\WINDOWS\system32\winsystem.exe - Deleted D:\WINDOWS\system32\WINWGPX.EXE - Deleted D:\WINDOWS\userconfig9x.dll - Deleted D:\WINDOWS\winsystem.exe - Deleted Folder D:\Program Files\akl - Removed Folder D:\Program Files\Inet Delivery - Removed Folder D:\WINDOWS\mslagent - Removed Folder D:\WINDOWS\system32\smp - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-19 12:19:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent" "D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "D:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"="D:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3" "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "D:\\Documents and Settings\\Brian Ivory\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"="D: \\Documents and Settings\\Brian Ivory\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe:*:En abled:Google Chrome" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - D:\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 31 Jul 2008 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Fri 4 Jul 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\0c114cf5 b19927cfea8b29c83de1ed86\BIT17.tmp" Fri 4 Jul 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\109fef93 c24da62cf8f31668d6ba9060\BIT1B.tmp" Fri 4 Jul 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\131ae35a 2f5be2cefedd349d083bb253\BIT15.tmp" Fri 4 Jul 2008 153,861 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\32e99364 da67a7850c38a7a4e067a1ed\BIT13.tmp" Fri 4 Jul 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\55b5c397 ff94db07e8c1c336efaf0a7b\BIT1C.tmp" Fri 4 Jul 2008 3,109,928 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\ab9217b6 e5750f9481b4ee261d21b730\BIT12.tmp" Fri 4 Jul 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\c87932ae dce288373d0b6a6c23f00c8a\BIT16.tmp" Fri 4 Jul 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\ed6cff8b ccff865b52b93292e144ada6\BIT14.tmp" Finished! |
#5
|
||||
|
||||
Please post the OTListIt.txt and Extras.txt logs, so we can determine if there is additional malware or remnants to deal with.
Note: You may need to do consecutive posts (one after the other), if the logs are too long. |
#6
|
|||
|
|||
OTListIt logfile created on: 22/10/2008 9:17:17 PM - Run 2
OTListIt by OldTimer - Version 1.0.10.0 Folder = D:\Documents and Settings\Brian Ivory\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): D:\pagefile.sys 1536 3072; %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 48.83 Gb Total Space | 42.78 Gb Free Space | 87.62% Space Free | Partition Type: NTFS Drive D: | 148.96 Gb Total Space | 132.10 Gb Free Space | 88.68% Space Free | Partition Type: NTFS Drive E: | 184.05 Gb Total Space | 108.01 Gb Free Space | 58.69% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BRIAN Current User Name: Brian Ivory Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== Processes ========== [2008/09/28 16:39:23 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe [2005/07/08 19:57:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\nvsvc32.exe [2008/07/29 18:18:14 | 00,698,888 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008/03/07 08:01:52 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008/07/29 18:18:16 | 01,398,024 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2005/02/23 16:57:24 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- D:\Program Files\Creative\Mixer\CTSVolFE.exe [2008/04/14 11:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wscntfy.exe [2005/03/22 18:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- D:\WINDOWS\stsystra.exe [2005/10/22 02:40:26 | 00,430,080 | ---- | M] (Dell) -- D:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe [2007/08/24 08:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008/06/12 03:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [2005/10/28 23:41:52 | 00,491,520 | ---- | M] ( ) -- D:\WINDOWS\system32\dlcccoms.exe [2006/11/28 02:12:24 | 02,658,304 | ---- | M] () -- D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [2008/08/11 10:24:32 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008/09/28 16:39:55 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jusched.exe [2008/04/14 11:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\msmsgs.exe [2008/09/03 22:25:24 | 00,133,104 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2006/11/24 16:55:16 | 00,770,048 | ---- | M] (Realtek Semiconductor Corp.) -- D:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe [2006/06/05 14:59:18 | 00,174,080 | ---- | M] (Nokia.) -- D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2008/03/17 16:58:10 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2008/03/17 16:58:10 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008/03/06 14:52:28 | 00,542,032 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe [2008/03/06 14:52:31 | 00,157,008 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe [2008/09/14 21:20:53 | 00,634,368 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [2008/10/22 21:17:06 | 00,418,816 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Brian Ivory\My Documents\Downloads\OTListIt (1).exe ========== (O23) Win32 Services ========== [2005/10/28 23:41:52 | 00,491,520 | ---- | M] ( ) -- D:\WINDOWS\system32\dlcccoms.exe -- (dlcc_device [On_Demand | Running]) [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2008/09/28 16:39:23 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) [2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped]) [2005/07/08 19:57:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2006/06/05 14:59:18 | 00,174,080 | ---- | M] (Nokia.) -- D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running]) [2008/07/29 18:18:14 | 00,698,888 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Running]) [2008/03/07 08:01:52 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Running]) [2008/03/17 16:58:10 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [On_Demand | Running]) [2008/03/17 16:58:10 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy [On_Demand | Running]) [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped]) [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped]) [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services ========== [2008/07/04 02:27:25 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- D:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running]) [2005/03/23 07:49:09 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- D:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped]) [2005/03/31 18:04:52 | 00,180,736 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running]) [2006/11/15 17:23:06 | 00,038,144 | ---- | M] (Windows (R) 2000 DDK provider) -- D:\WINDOWS\system32\drivers\EAPPkt.sys -- (EAPPkt [Auto | Running]) [2004/05/02 19:47:08 | 00,023,040 | R--- | M] () -- D:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv [On_Demand | Stopped]) [2008/04/14 03:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running]) [2008/04/14 05:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running]) [2008/10/18 17:53:59 | 00,038,224 | ---- | M] (Bluegem Security) -- D:\WINDOWS\system32\drivers\neokdss.sys -- (neokdss [On_Demand | Stopped]) [2006/05/29 09:26:36 | 00,008,704 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped]) [2006/05/29 09:26:36 | 00,013,312 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped]) [2006/05/29 09:26:38 | 00,127,488 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped]) [2006/05/29 09:26:36 | 00,013,312 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped]) [2005/07/08 19:57:00 | 03,198,304 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running]) [2004/08/04 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- D:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2006/11/08 19:51:54 | 00,062,336 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\rspndr.sys -- (rspndr [Auto | Running]) [2006/11/23 23:31:42 | 00,304,896 | R--- | M] (Realtek Semiconductor Corporation ) -- D:\WINDOWS\system32\drivers\rtl8185.sys -- (rtl8185 [On_Demand | Running]) [2008/06/12 17:28:49 | 00,056,108 | ---- | M] (PowerISO Computing, Inc.) -- D:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running]) [2007/11/13 21:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- D:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2005/11/16 16:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- D:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running]) [2008/03/07 08:01:52 | 00,052,496 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Running]) [2008/03/07 08:01:52 | 00,333,328 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw [On_Demand | Running]) [2008/03/07 08:01:52 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running]) [2008/03/07 08:01:52 | 00,052,240 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Running]) [2008/07/18 20:08:32 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running]) [2008/03/07 08:01:52 | 00,065,936 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running]) [2008/07/18 20:08:38 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running]) [2008/07/18 19:51:32 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running]) ========== Internet Explorer ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\C urrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0 |
#7
|
|||
|
|||
HKU\S-1-5-21-2052111302-1767777339-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-2052111302-1767777339-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch HKU\S-1-5-21-2052111302-1767777339-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) HKU\S-1-5-21-2052111302-1767777339-839522115-1004\S-1-5-21-2052111302-1767777339-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 O1 HOSTS File: (686 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {AAD7932C-5E4E-403B-87F2-453337346AC8} - D:\WINDOWS\system32\qoMdCrsR.dll File not found O2 - BHO: (TSToolbarBHO) - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - D:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll (Trend Micro Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Transaction Protector) - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - D:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll (Trend Micro Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [CTSVolFE] "D:\Program Files\Creative\Mixer\CTSVolFE.exe" /r (Creative Technology Ltd) O4 - HKLM..\Run: [DLCCCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtim e.dll,_RunDLLEntry@16 () O4 - HKLM..\Run: [dlccmon.exe] "D:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" (Dell) O4 - HKLM..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation) O4 - HKLM..\Run: [NSLauncher] D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup () O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) O4 - HKLM..\Run: [UfSeAgnt.exe] "D:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.) O4 - HKCU..\Run: [Google Update] "D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.) O4 - HKCU..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation) O4 - HKU\S-1-5-21-2052111302-1767777339-839522115-1004..\Run: [Google Update] "D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.) O4 - HKU\S-1-5-21-2052111302-1767777339-839522115-1004..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation) O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8185 Wireless LAN Utility.lnk = D:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-2052111302-1767777339-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-2052111302-1767777339-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2052111302-1767777339-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler: - grooveLocalGWS - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler: - ipp - No CLSID value found O18 - Protocol\Handler: - ipp\0x00000001 - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - livecall - D:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp - No CLSID value found O18 - Protocol\Handler: - msdaipp\0x00000001 - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp\oledb - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - ms-help - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler: - msnim - D:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler: - wlmailhtml - D:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - See sections below for AppInitDlls and Winlogon settings ========== Shell Execute Hooks ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ========== Safeboot Options ========== "AlternateShell" = cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2008/07/04 02:20:22 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{5038d919-524e-11dd-abb0-00052510d909}\Shell\AutoRun\command] "" = M:\setupSNK.exe -- File not found ========== Files/Folders - Created Within 30 Days ========== [4 D:\WINDOWS\*.tmp files] [2008/10/21 18:57:53 | 00,000,000 | -HSD | C] -- D:\Config.Msi [2008/10/20 18:33:33 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Brian Ivory\My Documents\Bills [2008/10/19 22:23:29 | 00,002,026 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\Desktop\VArestorepolicies.inf [2008/10/19 16:57:01 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Brian Ivory\Application Data\Malwarebytes [2008/10/19 16:56:55 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys [2008/10/19 16:56:55 | 00,000,696 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2008/10/19 16:56:53 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/10/19 16:56:52 | 00,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware [2008/10/19 16:56:52 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes [2008/10/19 16:55:21 | 02,351,120 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\Brian Ivory\Desktop\mbam-setup.exe [2008/10/19 11:50:16 | 00,578,560 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\user32.dll [2008/10/19 11:48:13 | 00,000,000 | ---D | C] -- D:\WINDOWS\ERUNT [2008/10/19 11:47:20 | 00,000,000 | ---D | C] -- D:\SDFix [2008/10/19 11:44:30 | 01,522,584 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\Desktop\SDFix (1).exe [2008/10/18 17:53:45 | 00,038,224 | ---- | C] (Bluegem Security) -- D:\WINDOWS\System32\drivers\neokdss.sys [2008/10/18 17:53:03 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Brian Ivory\Desktop\aa [2008/10/18 17:29:36 | 00,005,767 | ---- | C] () -- D:\WINDOWS\System32\navuklst.dll [2008/10/18 17:27:43 | 00,005,769 | ---- | C] () -- D:\WINDOWS\System32\ydkevghc.dll [2008/10/17 18:35:39 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Brian Ivory\Application Data\WinRAR [2008/10/17 18:35:26 | 00,000,000 | ---D | C] -- D:\Program Files\WinRAR [2008/10/17 18:34:53 | 01,234,120 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\Desktop\wrar380.exe [2008/10/17 13:06:26 | 00,012,682 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\My Documents\Planner.xlsx [2008/10/17 13:04:33 | 00,005,767 | ---- | C] () -- D:\WINDOWS\System32\fmninxve.dll [2008/10/17 13:02:13 | 00,005,769 | ---- | C] () -- D:\WINDOWS\System32\avgyuuvl.dll [2008/10/17 12:55:23 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\tedopifu [2008/10/17 12:55:11 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Brian Ivory\Application Data\TmpRecentIcons [2008/10/17 02:19:54 | 00,333,824 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\srv.sys [2008/10/17 02:18:57 | 01,846,400 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\win32k.sys [2008/10/17 02:18:49 | 02,145,280 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2008/10/17 02:18:45 | 02,189,184 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntoskrnl.exe [2008/10/17 02:18:43 | 02,023,936 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntkrpamp.exe [2008/10/17 02:18:38 | 02,066,048 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2008/09/29 23:23:34 | 00,009,609 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\Desktop\trade game.xlsx ========== Files - Modified Within 30 Days ========== [1 D:\WINDOWS\System32\*.tmp files] [4 D:\WINDOWS\*.tmp files] [2008/10/22 21:13:58 | 00,029,204 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml [2008/10/22 21:13:52 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT [2008/10/22 21:13:51 | 00,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2008/10/22 21:13:49 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2008/10/20 00:08:18 | 05,361,608 | -H-- | M] () -- D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\IconCache.db [2008/10/19 16:56:55 | 00,000,696 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2008/10/19 16:56:09 | 02,351,120 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Brian Ivory\Desktop\mbam-setup.exe [2008/10/19 11:51:25 | 00,000,686 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\HOSTS [2008/10/19 11:50:16 | 00,578,560 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\user32.dll [2008/10/19 11:44:30 | 01,522,584 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\Desktop\SDFix (1).exe [2008/10/19 00:11:18 | 00,000,589 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\My Documents\My Sharing Folders.lnk [2008/10/18 17:53:59 | 00,038,224 | ---- | M] (Bluegem Security) -- D:\WINDOWS\System32\drivers\neokdss.sys [2008/10/18 17:53:45 | 00,192,512 | ---- | M] (킹스정보통신) -- D:\WINDOWS\System32\kdfvmgr.exe [2008/10/18 17:53:45 | 00,077,824 | ---- | M] (Kings Information & Network) -- D:\WINDOWS\System32\kdfapi.dll [2008/10/18 17:53:45 | 00,053,248 | ---- | M] (Kings Information & Network) -- D:\WINDOWS\System32\Kdfhok.dll [2008/10/18 17:53:44 | 00,722,472 | ---- | M] (Bluegem Security) -- D:\WINDOWS\System32\kdfmgr.exe [2008/10/18 17:30:21 | 00,000,000 | ---- | M] () -- D:\Documents and Settings\All Users\Documents\{499663EE-202C-4468-874C-198A9E0BC058} [2008/10/18 17:29:36 | 00,005,767 | ---- | M] () -- D:\WINDOWS\System32\navuklst.dll [2008/10/18 17:27:43 | 00,005,769 | ---- | M] () -- D:\WINDOWS\System32\ydkevghc.dll [2008/10/17 18:35:18 | 01,234,120 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\Desktop\wrar380.exe [2008/10/17 13:06:26 | 00,012,682 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\My Documents\Planner.xlsx [2008/10/17 13:04:33 | 00,005,767 | ---- | M] () -- D:\WINDOWS\System32\fmninxve.dll [2008/10/17 13:02:13 | 00,005,769 | ---- | M] () -- D:\WINDOWS\System32\avgyuuvl.dll [2008/10/17 10:57:40 | 00,261,432 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT [2008/10/17 10:52:33 | 00,001,393 | ---- | M] () -- D:\WINDOWS\imsins.BAK [2008/10/16 20:25:46 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/10/16 20:25:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys [2008/10/08 06:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\MRT.exe [2008/10/05 15:16:38 | 00,360,124 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI [2008/10/05 15:16:38 | 00,314,508 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat [2008/10/05 15:16:38 | 00,040,836 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat [2008/10/04 04:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\ieframe.dll [2008/10/04 04:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ieframe.dll [2008/09/29 23:23:34 | 00,009,609 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\Desktop\trade game.xlsx < End of report > |
#8
|
|||
|
|||
OTListIt Extras logfile created on: 22/10/2008 9:17:17 PM - Run 2
OTListIt by OldTimer - Version 1.0.10.0 Folder = D:\Documents and Settings\Brian Ivory\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): D:\pagefile.sys 1536 3072; %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 48.83 Gb Total Space | 42.78 Gb Free Space | 87.62% Space Free | Partition Type: NTFS Drive D: | 148.96 Gb Total Space | 132.10 Gb Free Space | 88.68% Space Free | Partition Type: NTFS Drive E: | 184.05 Gb Total Space | 108.01 Gb Free Space | 58.69% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BRIAN Current User Name: Brian Ivory Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url [@ = InternetShortcut] -- D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List] [2008/04/14 05:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger [2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List] [2008/04/14 05:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2008/10/10 23:14:48 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent [2008/05/21 05:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook [2007/08/29 01:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove [2008/05/21 06:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote [2008/07/11 03:58:58 | 11,825,152 | ---- | M] (Ensemble Studios) -- D:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3 [2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger [2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) [2008/09/14 21:20:53 | 00,634,368 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enable d:Google Chrome ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution "{0E94871C-623C-464F-A117-B8474BFF84E1}" = Nokia MTP driver "{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5 "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger "{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite "{5CCABD37-479D-4304-B1A5-67952C25F8F2}" = Nokia Software Launcher "{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security Pro "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon "{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{95774351-6087-3A3B-8CA8-70BEE49D2BD5}" = Google Gears "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security Pro "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer "{AAB32978-ADDE-4CE8-A9D2-754AEC0C4CD1}" = REALTEK RTL8185 Wireless LAN Driver and Utility "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant "{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD "3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player Plugin "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com "CTMBDemo" = Sound Blaster Audigy ADVANCED MB Demo "Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924 "DVD to VCD AVI DivX Converter v3.2 (build 069)" = DVD to VCD AVI DivX Converter v3.2 (build 069) "Elecard MPEG-2 Decoder&Streaming Plug-in for WMP 3.6.80523" = Elecard MPEG-2 Decoder&Streaming Plug-in for WMP "ENTERPRISE" = Microsoft Office Enterprise 2007 "e-tax 2008" = e-tax 2008 "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MIXERLITE" = Mixer "Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "PokerStars" = PokerStars "PowerISO" = PowerISO "PROSet" = Intel(R) PRO Network Connections Drivers "RealPlayer 6.0" = RealPlayer "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XviD_is1" = XviD MPEG-4 Video Codec Last edited by brianivory08; October 22nd, 2008 at 11:26 AM. |
#9
|
|||
|
|||
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall] "Footy Fanatic FX" = Footy Fanatic FX "Google Chrome" = Google Chrome "uTorrent" = µTorrent ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2052111302-1767777339-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall] "Footy Fanatic FX" = Footy Fanatic FX "Google Chrome" = Google Chrome "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 8/10/2008 6:31:56 AM | Computer Name = BRIAN | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Error - 9/10/2008 6:10:18 AM | Computer Name = BRIAN | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Error - 10/10/2008 4:40:19 AM | Computer Name = BRIAN | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting module unknown, version 0.0.0.0, fault address 0x02455bd0. Error - 10/10/2008 8:56:24 AM | Computer Name = BRIAN | Source = Application Hang | ID = 1002 Description = Hanging application realplay.exe, version 11.0.0.446, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/10/2008 11:19:25 PM | Computer Name = BRIAN | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Error - 12/10/2008 3:59:46 AM | Computer Name = BRIAN | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Error - 16/10/2008 11:08:55 AM | Computer Name = BRIAN | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Error - 16/10/2008 7:45:34 PM | Computer Name = BRIAN | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Error - 19/10/2008 1:37:01 AM | Computer Name = BRIAN | Source = Google Update | ID = 20 Description = Error - 21/10/2008 3:47:45 AM | Computer Name = BRIAN | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved [ System Events ] Error - 18/10/2008 8:47:15 PM | Computer Name = BRIAN | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 18/10/2008 8:47:50 PM | Computer Name = BRIAN | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 18/10/2008 8:48:01 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7001 Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: %%31 Error - 18/10/2008 8:48:01 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7001 Description = The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 18/10/2008 8:48:01 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7001 Description = The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 Error - 18/10/2008 8:48:01 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7001 Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error - 18/10/2008 8:48:01 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip tmtdi Error - 18/10/2008 8:48:02 PM | Computer Name = BRIAN | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 19/10/2008 1:49:09 AM | Computer Name = BRIAN | Source = Dhcp | ID = 1001 Description = Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00052510D909. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Error - 21/10/2008 3:47:45 AM | Computer Name = BRIAN | Source = Dhcp | ID = 1001 Description = Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00052510D909. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. < End of report > |
#10
|
||||
|
||||
Please download OTMoveIt3 to the Desktop.
Double-click on to run it. Copy and paste all of the following inside the code box below into the Paste List Of File/Folders To Move area of OTMoveIt3 Code:
:processes explorer.exe :files D:\WINDOWS\System32\navuklst.dll D:\WINDOWS\System32\ydkevghc.dll D:\WINDOWS\System32\fmninxve.dll D:\WINDOWS\System32\avgyuuvl.dll D:\Documents and Settings\All Users\Application Data\tedopifu D:\Documents and Settings\Brian Ivory\Application Data\TmpRecentIcons :commands [emptytemp] [start explorer] Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the moving process. If you are asked to reboot the machine choose Yes. Please copy/Paste the contents under Results in your reply. However, if the machine was rebooted and you are unable to copy/paste from the Results window: Open Notepad (Start > All Programs > Accessories > Notepad) Click: File > Open In the File Name box enter *.log and press the Enter key Navigate to the C:\_OTMoveIt\MovedFiles folder Open the newest .log file present Close OTMoveIt3 Please provide the OTMoveIt3 log contents in your reply. |
#11
|
|||
|
|||
========== PROCESSES ==========
Process explorer.exe killed successfully. ========== FILES ========== LoadLibrary failed for D:\WINDOWS\System32\navuklst.dll D:\WINDOWS\System32\navuklst.dll NOT unregistered. D:\WINDOWS\System32\navuklst.dll moved successfully. LoadLibrary failed for D:\WINDOWS\System32\ydkevghc.dll D:\WINDOWS\System32\ydkevghc.dll NOT unregistered. D:\WINDOWS\System32\ydkevghc.dll moved successfully. LoadLibrary failed for D:\WINDOWS\System32\fmninxve.dll D:\WINDOWS\System32\fmninxve.dll NOT unregistered. D:\WINDOWS\System32\fmninxve.dll moved successfully. LoadLibrary failed for D:\WINDOWS\System32\avgyuuvl.dll D:\WINDOWS\System32\avgyuuvl.dll NOT unregistered. D:\WINDOWS\System32\avgyuuvl.dll moved successfully. D:\Documents and Settings\All Users\Application Data\tedopifu moved successfully. D:\Documents and Settings\Brian Ivory\Application Data\TmpRecentIcons moved successfully. ========== COMMANDS ========== File delete failed. D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\etilqs_drFCKvgy 86UAtWQ scheduled to be deleted on reboot. File delete failed. D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\etilqs_nHpxi72L b3aYveq scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. D:\WINDOWS\temp\Perflib_Perfdata_36c.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10252008_114025 Files moved on Reboot... File D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\etilqs_drFCKvgy 86UAtWQ not found! File D:\DOCUME~1\BRIANI~1\LOCALS~1\Temp\etilqs_nHpxi72L b3aYveq not found! File move failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File D:\WINDOWS\temp\Perflib_Perfdata_36c.dat not found! |
#12
|
||||
|
||||
Please run OTListIt once again, and post the OTListIt.txt in your reply.
|
#13
|
|||
|
|||
OTListIt logfile created on: 25/10/2008 2:48:39 PM - Run 3
OTListIt by OldTimer - Version 1.0.10.0 Folder = D:\Documents and Settings\Brian Ivory\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 3.99 Gb Available in Paging File | 99.70% Paging File free Paging file location(s): D:\pagefile.sys 1536 3072; %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 48.83 Gb Total Space | 44.51 Gb Free Space | 91.15% Space Free | Partition Type: NTFS Drive D: | 148.96 Gb Total Space | 132.21 Gb Free Space | 88.75% Space Free | Partition Type: NTFS Drive E: | 184.05 Gb Total Space | 108.01 Gb Free Space | 58.69% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BRIAN Current User Name: Brian Ivory Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days ========== Processes ========== [2008/09/28 16:39:23 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe [2005/07/08 19:57:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\nvsvc32.exe [2008/07/29 18:18:14 | 00,698,888 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008/03/07 08:01:52 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008/07/29 18:18:16 | 01,398,024 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008/04/14 11:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wscntfy.exe [2008/03/17 16:58:10 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2008/03/17 16:58:10 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2005/02/23 16:57:24 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- D:\Program Files\Creative\Mixer\CTSVolFE.exe [2005/03/22 18:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- D:\WINDOWS\stsystra.exe [2005/10/22 02:40:26 | 00,430,080 | ---- | M] (Dell) -- D:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe [2007/08/24 08:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006/11/28 02:12:24 | 02,658,304 | ---- | M] () -- D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [2008/08/11 10:24:32 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008/09/28 16:39:55 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jusched.exe [2008/04/14 11:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\msmsgs.exe [2008/09/03 22:25:24 | 00,133,104 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2006/11/24 16:55:16 | 00,770,048 | ---- | M] (Realtek Semiconductor Corp.) -- D:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe [2005/10/28 23:41:52 | 00,491,520 | ---- | M] ( ) -- D:\WINDOWS\system32\dlcccoms.exe [2006/06/05 14:59:18 | 00,174,080 | ---- | M] (Nokia.) -- D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2008/03/06 14:52:28 | 00,542,032 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe [2008/03/06 14:52:31 | 00,157,008 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe [2008/09/14 21:20:53 | 00,634,368 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [2008/09/14 21:20:53 | 00,634,368 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [2008/09/14 21:20:53 | 00,634,368 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [2008/10/19 22:25:49 | 00,418,816 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Brian Ivory\My Documents\Downloads\OTListIt.exe ========== (O23) Win32 Services ========== [2005/10/28 23:41:52 | 00,491,520 | ---- | M] ( ) -- D:\WINDOWS\system32\dlcccoms.exe -- (dlcc_device [On_Demand | Running]) [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2008/09/28 16:39:23 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) [2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped]) [2005/07/08 19:57:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2006/06/05 14:59:18 | 00,174,080 | ---- | M] (Nokia.) -- D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running]) [2008/07/29 18:18:14 | 00,698,888 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Running]) [2008/03/07 08:01:52 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Running]) [2008/03/17 16:58:10 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [On_Demand | Running]) [2008/03/17 16:58:10 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy [On_Demand | Running]) [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped]) [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped]) [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services ========== [2008/07/04 02:27:25 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- D:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running]) [2005/03/23 07:49:09 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- D:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped]) [2005/03/31 18:04:52 | 00,180,736 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running]) [2006/11/15 17:23:06 | 00,038,144 | ---- | M] (Windows (R) 2000 DDK provider) -- D:\WINDOWS\system32\drivers\EAPPkt.sys -- (EAPPkt [Auto | Running]) [2004/05/02 19:47:08 | 00,023,040 | R--- | M] () -- D:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv [On_Demand | Stopped]) [2008/04/14 03:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running]) [2008/04/14 05:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running]) [2008/10/18 17:53:59 | 00,038,224 | ---- | M] (Bluegem Security) -- D:\WINDOWS\system32\drivers\neokdss.sys -- (neokdss [On_Demand | Stopped]) [2006/05/29 09:26:36 | 00,008,704 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped]) [2006/05/29 09:26:36 | 00,013,312 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped]) [2006/05/29 09:26:38 | 00,127,488 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped]) [2006/05/29 09:26:36 | 00,013,312 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped]) [2005/07/08 19:57:00 | 03,198,304 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running]) [2004/08/04 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- D:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2006/11/08 19:51:54 | 00,062,336 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\rspndr.sys -- (rspndr [Auto | Running]) [2006/11/23 23:31:42 | 00,304,896 | R--- | M] (Realtek Semiconductor Corporation ) -- D:\WINDOWS\system32\drivers\rtl8185.sys -- (rtl8185 [On_Demand | Running]) [2008/06/12 17:28:49 | 00,056,108 | ---- | M] (PowerISO Computing, Inc.) -- D:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running]) [2007/11/13 21:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- D:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2005/11/16 16:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- D:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running]) [2008/03/07 08:01:52 | 00,052,496 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Running]) [2008/03/07 08:01:52 | 00,333,328 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw [On_Demand | Running]) [2008/03/07 08:01:52 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running]) [2008/03/07 08:01:52 | 00,052,240 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Running]) [2008/07/18 20:08:32 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running]) [2008/03/07 08:01:52 | 00,065,936 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running]) [2008/07/18 20:08:38 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running]) [2008/07/18 19:51:32 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running]) ========== Internet Explorer ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 |
#14
|
|||
|
|||
========== (O23) Win32 Services ==========
[2005/10/28 23:41:52 | 00,491,520 | ---- | M] ( ) -- D:\WINDOWS\system32\dlcccoms.exe -- (dlcc_device [On_Demand | Running]) [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2008/09/28 16:39:23 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) [2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped]) [2005/07/08 19:57:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2006/06/05 14:59:18 | 00,174,080 | ---- | M] (Nokia.) -- D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running]) [2008/07/29 18:18:14 | 00,698,888 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Running]) [2008/03/07 08:01:52 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Running]) [2008/03/17 16:58:10 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [On_Demand | Running]) [2008/03/17 16:58:10 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy [On_Demand | Running]) [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped]) [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped]) [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services ========== [2008/07/04 02:27:25 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- D:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running]) [2005/03/23 07:49:09 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- D:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped]) [2005/03/31 18:04:52 | 00,180,736 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running]) [2006/11/15 17:23:06 | 00,038,144 | ---- | M] (Windows (R) 2000 DDK provider) -- D:\WINDOWS\system32\drivers\EAPPkt.sys -- (EAPPkt [Auto | Running]) [2004/05/02 19:47:08 | 00,023,040 | R--- | M] () -- D:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv [On_Demand | Stopped]) [2008/04/14 03:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running]) [2008/04/14 05:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running]) [2008/10/18 17:53:59 | 00,038,224 | ---- | M] (Bluegem Security) -- D:\WINDOWS\system32\drivers\neokdss.sys -- (neokdss [On_Demand | Stopped]) [2006/05/29 09:26:36 | 00,008,704 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped]) [2006/05/29 09:26:36 | 00,013,312 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped]) [2006/05/29 09:26:38 | 00,127,488 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped]) [2006/05/29 09:26:36 | 00,013,312 | ---- | M] (Nokia) -- D:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped]) [2005/07/08 19:57:00 | 03,198,304 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running]) [2004/08/04 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- D:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2006/11/08 19:51:54 | 00,062,336 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\rspndr.sys -- (rspndr [Auto | Running]) [2006/11/23 23:31:42 | 00,304,896 | R--- | M] (Realtek Semiconductor Corporation ) -- D:\WINDOWS\system32\drivers\rtl8185.sys -- (rtl8185 [On_Demand | Running]) [2008/06/12 17:28:49 | 00,056,108 | ---- | M] (PowerISO Computing, Inc.) -- D:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running]) [2007/11/13 21:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- D:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2005/11/16 16:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- D:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running]) [2008/03/07 08:01:52 | 00,052,496 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Running]) [2008/03/07 08:01:52 | 00,333,328 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw [On_Demand | Running]) [2008/03/07 08:01:52 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running]) [2008/03/07 08:01:52 | 00,052,240 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Running]) [2008/07/18 20:08:32 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running]) [2008/03/07 08:01:52 | 00,065,936 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running]) [2008/07/18 20:08:38 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running]) [2008/07/18 19:51:32 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running]) ========== Internet Explorer ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 O1 HOSTS File: (686 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {AAD7932C-5E4E-403B-87F2-453337346AC8} - D:\WINDOWS\system32\qoMdCrsR.dll File not found O2 - BHO: (TSToolbarBHO) - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - D:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll (Trend Micro Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Transaction Protector) - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - D:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll (Trend Micro Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [CTSVolFE] "D:\Program Files\Creative\Mixer\CTSVolFE.exe" /r (Creative Technology Ltd) O4 - HKLM..\Run: [DLCCCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtim e.dll,_RunDLLEntry@16 () O4 - HKLM..\Run: [dlccmon.exe] "D:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" (Dell) O4 - HKLM..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation) O4 - HKLM..\Run: [NSLauncher] D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup () O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) O4 - HKLM..\Run: [UfSeAgnt.exe] "D:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.) O4 - HKCU..\Run: [Google Update] "D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.) O4 - HKCU..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation) O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8185 Wireless LAN Utility.lnk = D:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler: - grooveLocalGWS - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler: - ipp - No CLSID value found O18 - Protocol\Handler: - ipp\0x00000001 - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - livecall - D:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp - No CLSID value found O18 - Protocol\Handler: - msdaipp\0x00000001 - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp\oledb - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - ms-help - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler: - msnim - D:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler: - wlmailhtml - D:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - See sections below for AppInitDlls and Winlogon settings ========== Shell Execute Hooks ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) |
#15
|
|||
|
|||
========== Safeboot Options ==========
"AlternateShell" = cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2008/07/04 02:20:22 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{5038d919-524e-11dd-abb0-00052510d909}\Shell\AutoRun\command] "" = M:\setupSNK.exe -- File not found ========== Files/Folders - Created Within 30 Days ========== [4 D:\WINDOWS\*.tmp files] [2008/10/25 11:40:25 | 00,000,000 | ---D | C] -- D:\_OTMoveIt [2008/10/21 18:57:53 | 00,000,000 | -HSD | C] -- D:\Config.Msi [2008/10/20 18:33:33 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Brian Ivory\My Documents\Bills [2008/10/19 22:23:29 | 00,002,026 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\Desktop\VArestorepolicies.inf [2008/10/19 16:57:01 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Brian Ivory\Application Data\Malwarebytes [2008/10/19 16:56:55 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys [2008/10/19 16:56:55 | 00,000,696 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2008/10/19 16:56:53 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/10/19 16:56:52 | 00,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware [2008/10/19 16:56:52 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes [2008/10/19 16:55:21 | 02,351,120 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\Brian Ivory\Desktop\mbam-setup.exe [2008/10/19 11:50:16 | 00,578,560 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\user32.dll [2008/10/19 11:48:13 | 00,000,000 | ---D | C] -- D:\WINDOWS\ERUNT [2008/10/19 11:47:20 | 00,000,000 | ---D | C] -- D:\SDFix [2008/10/19 11:44:30 | 01,522,584 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\Desktop\SDFix (1).exe [2008/10/18 17:53:45 | 00,038,224 | ---- | C] (Bluegem Security) -- D:\WINDOWS\System32\drivers\neokdss.sys [2008/10/18 17:53:03 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Brian Ivory\Desktop\aa [2008/10/17 18:35:39 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Brian Ivory\Application Data\WinRAR [2008/10/17 18:35:26 | 00,000,000 | ---D | C] -- D:\Program Files\WinRAR [2008/10/17 18:34:53 | 01,234,120 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\Desktop\wrar380.exe [2008/10/17 13:06:26 | 00,012,682 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\My Documents\Planner.xlsx [2008/10/17 02:19:54 | 00,333,824 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\srv.sys [2008/10/17 02:18:57 | 01,846,400 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\win32k.sys [2008/10/17 02:18:49 | 02,145,280 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2008/10/17 02:18:45 | 02,189,184 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntoskrnl.exe [2008/10/17 02:18:43 | 02,023,936 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntkrpamp.exe [2008/10/17 02:18:38 | 02,066,048 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2008/09/29 23:23:34 | 00,009,609 | ---- | C] () -- D:\Documents and Settings\Brian Ivory\Desktop\trade game.xlsx ========== Files - Modified Within 30 Days ========== [1 D:\WINDOWS\System32\*.tmp files] [4 D:\WINDOWS\*.tmp files] [2008/10/25 11:45:34 | 00,029,204 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml [2008/10/25 11:44:48 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT [2008/10/25 11:44:47 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2008/10/25 11:43:44 | 05,362,468 | -H-- | M] () -- D:\Documents and Settings\Brian Ivory\Local Settings\Application Data\IconCache.db [2008/10/25 11:37:02 | 00,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2008/10/22 21:38:49 | 00,000,589 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\My Documents\My Sharing Folders.lnk [2008/10/19 16:56:55 | 00,000,696 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2008/10/19 16:56:09 | 02,351,120 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Brian Ivory\Desktop\mbam-setup.exe [2008/10/19 11:51:25 | 00,000,686 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\HOSTS [2008/10/19 11:50:16 | 00,578,560 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\user32.dll [2008/10/19 11:44:30 | 01,522,584 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\Desktop\SDFix (1).exe [2008/10/18 17:53:59 | 00,038,224 | ---- | M] (Bluegem Security) -- D:\WINDOWS\System32\drivers\neokdss.sys [2008/10/18 17:53:45 | 00,192,512 | ---- | M] (킹스정보통신) -- D:\WINDOWS\System32\kdfvmgr.exe [2008/10/18 17:53:45 | 00,077,824 | ---- | M] (Kings Information & Network) -- D:\WINDOWS\System32\kdfapi.dll [2008/10/18 17:53:45 | 00,053,248 | ---- | M] (Kings Information & Network) -- D:\WINDOWS\System32\Kdfhok.dll [2008/10/18 17:53:44 | 00,722,472 | ---- | M] (Bluegem Security) -- D:\WINDOWS\System32\kdfmgr.exe [2008/10/18 17:30:21 | 00,000,000 | ---- | M] () -- D:\Documents and Settings\All Users\Documents\{499663EE-202C-4468-874C-198A9E0BC058} [2008/10/17 18:35:18 | 01,234,120 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\Desktop\wrar380.exe [2008/10/17 13:06:26 | 00,012,682 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\My Documents\Planner.xlsx [2008/10/17 10:57:40 | 00,261,432 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT [2008/10/17 10:52:33 | 00,001,393 | ---- | M] () -- D:\WINDOWS\imsins.BAK [2008/10/16 20:25:46 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/10/16 20:25:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys [2008/10/08 06:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\MRT.exe [2008/10/05 15:16:38 | 00,360,124 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI [2008/10/05 15:16:38 | 00,314,508 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat [2008/10/05 15:16:38 | 00,040,836 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat [2008/10/04 04:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\ieframe.dll [2008/10/04 04:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ieframe.dll [2008/09/29 23:23:34 | 00,009,609 | ---- | M] () -- D:\Documents and Settings\Brian Ivory\Desktop\trade game.xlsx < End of report > |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Virus alert! | laptopaddict | Malware Removal | 1 | May 26th, 2011 02:36 AM |
Virus Alert | Ready55Chevy | Malware Removal | 34 | August 24th, 2008 11:48 PM |
Virus!!!alert!! | ninjawarrior13 | Windows XP | 4 | November 5th, 2004 03:59 PM |
*virus Alert* | dammit | Jokes Forum | 2 | April 1st, 2004 08:58 PM |
Virus Alert | Samiam | Malware Removal | 3 | February 28th, 2004 12:30 AM |
All times are GMT +1. The time now is 08:44 PM.