Results 1 to 10 of 76

Thread: Need help with conficker worm!!!!

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 2010-11-20, 08:14 #1
    peku006
    peku006 is offline
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi John
    yeah ,it comes back

    • Download OTS by Oldtimer to your Desktop and double-click on it to extract the files.

      • NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.

    • Close ALL OTHER PROGRAMS.
    • Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
    • Click the Scan All Users checkbox on the toolbar.
    • Do not change any other settings.
    • Now click the Run Scan button on the toolbar.
    • Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    • Close Notepad (saving the change if necessry).


    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.
  2. 2010-11-20, 22:51 #2
    dallak
    dallak is offline
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default Ots

    I will do this first thing, Monday.

    Thanks!
  3. 2010-11-23, 19:11 #3
    dallak
    dallak is offline
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default OTS log

    Peku006, sorry for taking so long, I have been away from the office. Here is the OTS log. Had to splint into two posts. Let me know if you see anything unusual.

    [code]
    OTS logfile created on: 11/23/2010 12:08:55 PM - Run 1
    OTS by OldTimer - Version 3.1.40.1 Folder = C:\Documents and Settings\john\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 625.00 Mb Available Physical Memory | 62.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.08 Gb Total Space | 4.51 Gb Free Space | 12.17% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: JOHN
    Current User Name: john
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days

    [Processes - Safe List]
    ots.exe -> C:\Documents and Settings\john\Desktop\OTS.exe -> [2010/11/23 12:07:53 | 000,642,048 | ---- | M] (OldTimer Tools)
    acrotray.exe -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe -> [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.)
    inetinfo.exe -> C:\WINDOWS\system32\inetsrv\inetinfo.exe -> [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation)
    explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    e_s40rp7.exe -> C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -> [2007/01/11 03:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION)
    isuspm.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -> [2006/09/11 03:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation)
    tdispvol.exe -> C:\WINDOWS\system32\TDispVol.exe -> [2005/12/27 19:34:34 | 000,073,728 | ---- | M] (TOSHIBA Corporation)
    tptray.exe -> C:\Program Files\Toshiba\TouchPad\TPTray.exe -> [2005/12/13 18:28:56 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.)
    tctrliohook.exe -> C:\WINDOWS\system32\TCtrlIOHook.exe -> [2005/12/05 16:50:22 | 000,028,672 | ---- | M] (TOSHIBA)
    zcfgsvc.exe -> C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe -> [2005/12/05 14:37:40 | 000,667,718 | ---- | M] (Intel Corporation)
    ceekey.exe -> C:\Program Files\Toshiba\E-KEY\CeEKey.exe -> [2005/12/01 13:13:42 | 000,671,744 | ---- | M] (COMPAL ELECTRONIC INC.)
    tvstray.exe -> C:\Program Files\Toshiba\Tvs\TvsTray.exe -> [2005/11/30 14:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation)
    dot1xcfg.exe -> C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe -> [2005/11/28 13:37:52 | 000,397,381 | ---- | M] (Intel Corporation)
    s24evmon.exe -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> [2005/11/28 13:31:32 | 000,540,745 | ---- | M] (Intel Corporation )
    evteng.exe -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2005/11/28 13:29:00 | 000,114,753 | ---- | M] (Intel Corporation)
    regsrvc.exe -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2005/11/28 13:28:14 | 000,217,164 | ---- | M] (Intel Corporation)
    sharptray.exe -> C:\Program Files\SHARP\Sharpdesk\SharpTray.exe -> [2005/11/05 19:47:24 | 000,032,768 | ---- | M] (SHARP CORPORATION)
    indexer.exe -> C:\Program Files\SHARP\Sharpdesk\Indexer.exe -> [2005/11/05 19:34:44 | 000,184,320 | ---- | M] (SHARP CORPORATION)
    indextray.exe -> C:\Program Files\SHARP\Sharpdesk\IndexTray.exe -> [2005/11/05 19:32:54 | 000,106,496 | ---- | M] (SHARP CORPORATION)
    dlactrlw.exe -> C:\WINDOWS\system32\DLA\DLACTRLW.EXE -> [2005/10/06 07:20:00 | 000,122,940 | ---- | M] (Sonic Solutions)
    padexe.exe -> C:\Program Files\Toshiba\Touch and Launch\PadExe.exe -> [2005/07/15 12:52:42 | 001,077,322 | ---- | M] (TOSHIBA)
    swupdtmr.exe -> c:\Toshiba\IVP\swupdate\swupdtmr.exe -> [2005/07/12 19:14:42 | 000,040,960 | ---- | M] ()
    zoominghook.exe -> C:\WINDOWS\system32\ZoomingHook.exe -> [2005/06/06 11:58:44 | 000,024,576 | ---- | M] (TOSHIBA)
    tpsmain.exe -> C:\WINDOWS\system32\TPSMain.exe -> [2005/05/31 19:16:44 | 000,282,624 | ---- | M] (TOSHIBA Corporation)
    tpsbattm.exe -> C:\WINDOWS\system32\TPSBattM.exe -> [2005/05/31 19:16:24 | 000,045,056 | ---- | M] (TOSHIBA Corporation)
    smoothview.exe -> C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe -> [2005/04/26 18:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation)
    cfsvcs.exe -> C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -> [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION)
    toscdspd.exe -> C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe -> [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA)
    ramasst.exe -> C:\WINDOWS\system32\RAMASST.exe -> [2004/08/28 02:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.)
    dvdramsv.exe -> C:\WINDOWS\system32\DVDRAMSV.exe -> [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.)
    cdantsrv.exe -> C:\WINDOWS\system32\drivers\CDANTSRV.EXE -> [2001/09/10 21:08:50 | 000,032,256 | ---- | M] (C-Dilla Ltd)

    [Modules - Safe List]
    ots.exe -> C:\Documents and Settings\john\Desktop\OTS.exe -> [2010/11/23 12:07:53 | 000,642,048 | ---- | M] (OldTimer Tools)
    comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
    tdispvol.dll -> C:\WINDOWS\system32\TDispVol.dll -> [2002/03/03 06:40:00 | 000,045,056 | ---- | M] ()

    [Win32 Services - Safe List]
    (RoxLiveShare9) LiveShare P2P Server 9 [Auto | Stopped] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -> File not found
    (PEVSystemStart) PEVSystemStart [Auto | Stopped] -> C:\conremoval\PEV.cfx -> File not found
    (myAgtSvc) McAfee Virus and Spyware Protection Service [Auto | Stopped] -> C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -> File not found
    (HidServ) Human Interface Device Access [Disabled | Stopped] -> C:\WINDOWS\System32\hidserv.dll -> File not found
    (EngineServer) EngineServer [Auto | Stopped] -> C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -> File not found
    (SolidWorks Licensing Service) SolidWorks Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -> [2010/09/01 10:23:24 | 000,079,360 | ---- | M] (SolidWorks)
    (FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/06/15 15:02:53 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.)
    (W3SVC) World Wide Web Publishing [Auto | Running] -> C:\WINDOWS\system32\inetsrv\inetinfo.exe -> [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation)
    (SMTPSVC) Simple Mail Transfer Protocol (SMTP) [Auto | Running] -> C:\WINDOWS\system32\inetsrv\inetinfo.exe -> [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation)
    (IISADMIN) IIS Admin [Auto | Running] -> C:\WINDOWS\system32\inetsrv\inetinfo.exe -> [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation)
    (rpcapd) Remote Packet Capture Protocol v.0 (experimental) [On_Demand | Stopped] -> C:\Program Files\WinPcap\rpcapd.exe -> [2007/11/06 14:22:26 | 000,092,792 | ---- | M] (CACE Technologies)
    (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) [Auto | Running] -> C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -> [2007/01/11 03:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION)
    (S24EventMonitor) Intel(R) PROSet/Wireless Service [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> [2005/11/28 13:31:32 | 000,540,745 | ---- | M] (Intel Corporation )
    (EvtEng) Intel(R) PROSet/Wireless Event Log [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2005/11/28 13:29:00 | 000,114,753 | ---- | M] (Intel Corporation)
    (RegSrvc) Intel(R) PROSet/Wireless Registry Service [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2005/11/28 13:28:14 | 000,217,164 | ---- | M] (Intel Corporation)
    (Swupdtmr) Swupdtmr [Auto | Running] -> c:\Toshiba\IVP\swupdate\swupdtmr.exe -> [2005/07/12 19:14:42 | 000,040,960 | ---- | M] ()
    (CFSvcs) ConfigFree Service [Auto | Running] -> C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -> [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION)
    (DVD-RAM_Service) DVD-RAM_Service [Auto | Running] -> C:\WINDOWS\system32\DVDRAMSV.exe -> [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.)
    (C-DillaSrv) C-DillaSrv [Auto | Running] -> C:\WINDOWS\system32\drivers\CDANTSRV.EXE -> [2001/09/10 21:08:50 | 000,032,256 | ---- | M] (C-Dilla Ltd)

    [Driver Services - Safe List]
    (smihlp) SMI helper driver [Kernel | Auto | Stopped] -> C:\Program Files\Protector Suite QL\smihlp.sys -> File not found
    (Lbd) Lbd [File_System | Boot | Stopped] -> C:\WINDOWS\System32\DRIVERS\Lbd.sys -> File not found
    (FileDisk2) FileDisk Protector Kernel Driver [Kernel | Auto | Stopped] -> C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -> File not found
    (FdRedir) FdRedir [File_System | Auto | Stopped] -> C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -> File not found
    (catchme) catchme [Kernel | On_Demand | Stopped] -> C:\DOCUME~1\john\LOCALS~1\Temp\catchme.sys -> File not found
    (NETw5x32) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NETw5x32.sys -> [2010/05/31 12:58:35 | 006,608,512 | ---- | M] (Intel Corporation)
    (mfetdik) McAfee Inc. mfetdik [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\mfetdik.sys -> [2009/12/15 14:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.)
    (nm) Network Monitor Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmnt.sys -> [2008/04/13 12:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation)
    (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
    (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\e1e5132.sys -> [2007/12/11 23:34:40 | 000,242,320 | ---- | M] (Intel Corporation)
    (NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\npf.sys -> [2007/11/06 14:22:06 | 000,034,064 | ---- | M] (CACE Technologies)
    (ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\asctrm.sys -> [2005/12/29 14:21:07 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
    (TcUsb) TC USB Kernel Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\tcusb.sys -> [2005/12/16 17:40:32 | 000,028,800 | ---- | M] (UPEK Inc.)
    (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.Sys -> [2005/12/09 18:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.)
    (w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\w39n51.sys -> [2005/12/05 03:55:30 | 001,428,096 | ---- | M] (IntelŪ Corporation)
    (TPwSav) Common Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\TPwSav.sys -> [2005/12/01 12:55:24 | 000,011,264 | ---- | M] (TOSHIBA )
    (Tvs) TOSHIBA Virtual Sound with SRS technologies [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Tvs.sys -> [2005/11/30 13:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation)
    (tifm21) tifm21 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\tifm21.sys -> [2005/11/30 12:12:36 | 000,162,560 | ---- | M] (Texas Instruments)
    (s24trans) WLAN Transport [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\s24trans.sys -> [2005/11/28 14:09:26 | 000,013,568 | ---- | M] (Intel Corporation)
    (AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\AGRSM.sys -> [2005/11/15 11:00:22 | 001,122,656 | ---- | M] (Agere Systems)
    (DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -> [2005/10/06 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions)
    (DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -> [2005/10/06 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions)
    (DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -> [2005/10/06 07:20:00 | 000,086,524 | ---- | M] (Sonic Solutions)
    (DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABOIOM.SYS -> [2005/10/06 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions)
    (DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -> [2005/10/06 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions)
    (DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAPoolM.SYS -> [2005/10/06 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions)
    (DLADResN) DLADResN [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLADResN.SYS -> [2005/10/06 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions)
    (DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -> [2005/09/12 05:30:00 | 000,089,264 | ---- | M] (Sonic Solutions)
    (DLACDBHM) DLACDBHM [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLACDBHM.SYS -> [2005/08/25 14:16:52 | 000,005,628 | ---- | M] (Sonic Solutions)
    (DLARTL_N) DLARTL_N [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_N.SYS -> [2005/08/25 14:16:16 | 000,022,684 | ---- | M] (Sonic Solutions)
    (DRVNDDM) DRVNDDM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DRVNDDM.SYS -> [2005/08/12 07:20:00 | 000,040,544 | ---- | M] (Sonic Solutions)
    (meiudf) meiudf [File_System | System | Running] -> C:\WINDOWS\system32\drivers\meiudf.sys -> [2005/06/02 05:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.)
    (ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Apfiltr.sys -> [2004/11/15 18:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.)
    (TBiosDrv) TBiosDrv [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\tbiosdrv.sys -> [2003/06/11 10:53:22 | 000,006,867 | ---- | M] ()
    (Netdevio) TOSHIBA Network Device Usermode I/O Protocol [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\Netdevio.sys -> [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.)
    (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.)
    (C-Dilla) C-Dilla [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\CDANT.SYS -> [2001/09/10 21:09:46 | 000,057,392 | ---- | M] (Macrovision)

    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
    < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
    HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
    HKEY_USERS\.DEFAULT\: "ProxyOverride" -> 192.168.1.*;127.0.0.*;192.168.0.*;192.168.2.* ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
    HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
    HKEY_USERS\S-1-5-18\: "ProxyOverride" -> 192.168.1.*;127.0.0.*;192.168.0.*;192.168.2.* ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
    HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://www.toshibadirect.com/dpdstart ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
    HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://www.toshibadirect.com/dpdstart ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> ->
    HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\: Main\\"Start Page" -> http://www.google.com/webhp?rls=ig ->
    HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\: "ProxyEnable" -> 0 ->
    HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\: "ProxyOverride" -> 192.168.1.*;127.0.0.*;192.168.0.*;192.168.2.* ->
    < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\john\Application Data\Mozilla\FireFox\Profiles\8kgpj2zy.default\prefs.js ->
    extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->
    extensions.enabledItems -> jqs@sun.com:1.0 ->
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions -> ->
    HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions -> ->
    HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/11/18 11:53:37 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/11/23 11:48:34 | 000,000,000 | ---D | M]
    < FireFox Extensions [User Folders] > ->
    -> C:\Documents and Settings\john\Application Data\Mozilla\Extensions -> [2010/11/18 11:53:45 | 000,000,000 | ---D | M]
    -> C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\8kgpj2zy.default\extensions -> [2010/11/18 11:53:50 | 000,000,000 | ---D | M]
    No name found -> C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\8kgpj2zy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/11/18 11:53:50 | 000,000,000 | ---D | M]
    -> C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\8kgpj2zy.default\extensions\staged-xpis -> [2010/11/18 11:53:50 | 000,000,000 | ---D | M]
    < FireFox Extensions [Program Folders] > ->
    -> C:\Program Files\Mozilla Firefox\extensions -> [2010/05/03 15:14:07 | 000,000,000 | ---D | M]
    Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/05/03 15:14:08 | 000,000,000 | ---D | M]
    < HOSTS File > ([2010/07/27 09:06:07 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
    Reset Hosts
    127.0.0.1 localhost
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
    {5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> [2005/10/06 07:20:00 | 000,110,652 | ---- | M] (Sonic Solutions)
    {AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
    {F4971EE7-DAA0-4053-9964-665D8EE6A077} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [SmartSelect Class] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\Software\Microsoft\Internet Explorer\Toolbar\ ->
    WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "Acrobat Assistant 8.0" -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"] -> [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.)
    "Adobe Acrobat Speed Launcher" -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe ["C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"] -> [2008/06/12 01:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated)
    "CeEKEY" -> C:\Program Files\Toshiba\E-KEY\CeEKey.exe [C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe] -> [2005/12/01 13:13:42 | 000,671,744 | ---- | M] (COMPAL ELECTRONIC INC.)
    "DLA" -> C:\WINDOWS\system32\DLA\DLACTRLW.EXE [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> [2005/10/06 07:20:00 | 000,122,940 | ---- | M] (Sonic Solutions)
    "Indexer" -> C:\Program Files\Sharp\Sharpdesk\Indexer.exe ["C:\Program Files\Sharp\Sharpdesk\Indexer.exe"] -> [2005/11/05 19:34:44 | 000,184,320 | ---- | M] (SHARP CORPORATION)
    "IndexTray" -> C:\Program Files\Sharp\Sharpdesk\IndexTray.exe ["C:\Program Files\Sharp\Sharpdesk\IndexTray.exe"] -> [2005/11/05 19:32:54 | 000,106,496 | ---- | M] (SHARP CORPORATION)
    "IntelZeroConfig" -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe ["C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"] -> [2005/12/05 14:37:40 | 000,667,718 | ---- | M] (Intel Corporation)
    "MVS Splash" -> C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe ["C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON] -> File not found
    "PadTouch" -> C:\Program Files\Toshiba\Touch and Launch\PadExe.exe [C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe] -> [2005/07/15 12:52:42 | 001,077,322 | ---- | M] (TOSHIBA)
    "Pinger" -> c:\toshiba\ivp\ism\pinger.exe [c:\toshiba\ivp\ism\pinger.exe /run] -> [2005/03/17 19:37:26 | 000,151,552 | ---- | M] (TOSHIBA Corporation)
    "SharpTray" -> C:\Program Files\Sharp\Sharpdesk\SharpTray.exe ["C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"] -> [2005/11/05 19:47:24 | 000,032,768 | ---- | M] (SHARP CORPORATION)
    "SmoothView" -> C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe [C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe] -> [2005/04/26 18:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation)
    "TCtryIOHook" -> C:\WINDOWS\System32\TCtrlIOHook.exe [TCtrlIOHook.exe] -> [2005/12/05 16:50:22 | 000,028,672 | ---- | M] (TOSHIBA)
    "TDispVol" -> C:\WINDOWS\System32\TDispVol.exe [TDispVol.exe] -> [2005/12/27 19:34:34 | 000,073,728 | ---- | M] (TOSHIBA Corporation)
    "TPNF" -> C:\Program Files\Toshiba\TouchPad\TPTray.exe [C:\Program Files\TOSHIBA\TouchPad\TPTray.exe] -> [2005/12/13 18:28:56 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.)
    "TPSMain" -> C:\WINDOWS\System32\TPSMain.exe [TPSMain.exe] -> [2005/05/31 19:16:44 | 000,282,624 | ---- | M] (TOSHIBA Corporation)
    "Tvs" -> C:\Program Files\Toshiba\Tvs\TvsTray.exe [C:\Program Files\Toshiba\Tvs\TvsTray.exe] -> [2005/11/30 14:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation)
    "TypeRegChecker" -> C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe ["C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe"] -> [2005/11/05 19:35:22 | 000,057,344 | ---- | M] (SHARP CORPORATION)
    "ZoomingHook" -> C:\WINDOWS\System32\ZoomingHook.exe [ZoomingHook.exe] -> [2005/06/06 11:58:44 | 000,024,576 | ---- | M] (TOSHIBA)
    < Run [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "ISUSPM" -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler] -> [2006/09/11 03:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation)
    "TOSCDSPD" -> C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA)
    < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
    < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk -> C:\WINDOWS\system32\RAMASST.exe -> [2004/08/28 02:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.)
    < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
    < john Startup Folder > -> C:\Documents and Settings\john\Start Menu\Programs\Startup ->
    < john kallas Startup Folder > -> C:\Documents and Settings\john kallas\Start Menu\Programs\Startup ->
    < johnk Startup Folder > -> C:\Documents and Settings\johnk\Start Menu\Programs\Startup ->
    < McAfeeMVSUser Startup Folder > -> C:\Documents and Settings\McAfeeMVSUser\Start Menu\Programs\Startup ->
    < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
    \Infodelivery\Restrictions\\"NoUpdateCheck" -> [1] -> File not found
    < Software Policy Settings [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Policies\Microsoft\Internet Explorer ->
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoCDBurning" -> [0] -> File not found
    \\"HonorAutoRunSetting" -> [1] -> File not found
    \\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
    \\"NoResolveSearch" -> [1] -> File not found
    \\"NoDriveAutoRun" -> [67108863] -> File not found
    \\"NoDriveTypeAutoRun" -> [323] -> File not found
    \\"NoDrives" -> [0] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" -> [323] -> File not found
    \\"NoDriveAutoRun" -> [67108863] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" -> [323] -> File not found
    \\"NoDriveAutoRun" -> [67108863] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" -> [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" -> [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" -> [323] -> File not found
    \\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
    \\"NoDriveAutoRun" -> [67108863] -> File not found
    \\"NoDrives" -> [0] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\Software\Microsoft\Internet Explorer\MenuExt\ ->
    &Google Search -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html] -> [2005/12/29 13:51:51 | 000,720,896 | ---- | M] (Google Inc.)
    Append Link Target to Existing PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
    Append to Existing PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
    Backward Links -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html] -> [2005/12/29 13:51:51 | 000,720,896 | ---- | M] (Google Inc.)
    Cached Snapshot of Page -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html] -> [2005/12/29 13:51:51 | 000,720,896 | ---- | M] (Google Inc.)
    Convert Link Target to Adobe PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
    Convert to Adobe PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
    Similar Pages -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html] -> [2005/12/29 13:51:51 | 000,720,896 | ---- | M] (Google Inc.)
    Translate into English -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html] -> [2005/12/29 13:51:51 | 000,720,896 | ---- | M] (Google Inc.)
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Menu: Sun Java Console] -> [2010/04/12 16:29:21 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
    < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
    CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Sun Java Console] -> [2010/04/12 16:29:21 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
    < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
    CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Sun Java Console] -> [2010/04/12 16:29:21 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
    < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\Software\Microsoft\Internet Explorer\Extensions\ ->
    CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Sun Java Console] -> [2010/04/12 16:29:21 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 18 domain(s) found. ->
    //about.htm/ .[myui] -> Trusted sites ->
    //Exclude.htm/ .[myui] -> Trusted sites ->
    //LanguageSelection.htm/ .[myui] -> Trusted sites ->
    //Message.htm/ .[myui] -> Trusted sites ->
    //MyAgttryCmd.htm/ .[myui] -> Trusted sites ->
    //MyAgttryNag.htm/ .[myui] -> Trusted sites ->
    //MyNotification.htm/ .[myui] -> Trusted sites ->
    //NOCLessUpdate.htm/ .[myui] -> Trusted sites ->
    //quarantine.htm/ .[myui] -> Trusted sites ->
    //ScanNow.htm/ .[myui] -> Trusted sites ->
    //strings.vbs/ .[myui] -> Trusted sites ->
    //Template.htm/ .[myui] -> Trusted sites ->
    //Update.htm/ .[myui] -> Trusted sites ->
    //VirFound.htm/ .[myui] -> Trusted sites ->
    www_isqft.com [https] -> Trusted sites ->
    *_mcafee.com [http] -> Trusted sites ->
    *_mcafee.com [https] -> Trusted sites ->
    betavscan_mcafeeasap.com [http] -> Trusted sites ->
    betavscan_mcafeeasap.com [https] -> Trusted sites ->
    vs_mcafeeasap.com [http] -> Trusted sites ->
    vs_mcafeeasap.com [https] -> Trusted sites ->
    www_mcafeeasap.com [http] -> Trusted sites ->
    www_mcafeeasap.com [https] -> Trusted sites ->
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4819 domain(s) found. ->
    www_isqft.com [https] -> Trusted sites ->
    < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4819 domain(s) found. ->
    www_isqft.com [https] -> Trusted sites ->
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4818 domain(s) found. ->
    www_isqft.com [https] -> Trusted sites ->
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> http://office.microsoft.com/sites/production/ieawsdc32.cab [Microsoft Office Template and Media Control] ->
    {5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab [Windows Live Safety Center Base Module] ->
    {6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280770706517 [WUWebControl Class] ->
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280770671086 [MUWebControl Class] ->
    {7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
    {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
    {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Value error.] ->
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
    DhcpNameServer -> 192.168.1.254 ->
    Domain -> SmithEng.local ->
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {C0C6EE0E-425C-4CB7-8CC6-1FF28B11005D}\\DhcpNameServer -> 192.168.0.1 (Intel(R) PRO/1000 PL Network Connection) ->
    {CCCBBBEE-AC1A-41A8-BA75-D8041DD75B28}\\DhcpNameServer -> 192.168.1.254 (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
    Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> ->
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
    igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2005/11/28 15:51:04 | 000,135,168 | ---- | M] (Intel Corporation)
    < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe [C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> File not found
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" -> C:\Program Files\HP\HP Software Update\hpwucli.exe [C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe] -> File not found
    "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" -> C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent] -> File not found
    "C:\Program Files\SHARP\Sharpdesk\FTPServer.exe" -> C:\Program Files\SHARP\Sharpdesk\FTPServer.exe [C:\Program Files\SHARP\Sharpdesk\FTPServer.exe:*:Enabled:Network Scanner Tool] -> [2005/11/05 19:04:26 | 000,688,128 | ---- | M] (SHARP CORPORATION)
    "C:\WINDOWS\system32\mmc.exe" -> C:\WINDOWS\System32\mmc.exe [C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console] -> [2008/04/13 18:12:25 | 001,414,656 | ---- | M] (Microsoft Corporation)
    "D:\setup\hpznui01.exe" -> D:\setup\hpznui01.exe [D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe] -> File not found
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> [2004/10/14 16:33:08 | 000,012,888 | ---- | M] (America Online, Inc.)
    "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" -> C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent] -> File not found
    "C:\Program Files\SHARP\Sharpdesk\FTPServer.exe" -> C:\Program Files\SHARP\Sharpdesk\FTPServer.exe [C:\Program Files\SHARP\Sharpdesk\FTPServer.exe:*:Enabled:Network Scanner Tool] -> [2005/11/05 19:04:26 | 000,688,128 | ---- | M] (SHARP CORPORATION)
    "C:\TOSHIBA\Ivp\ISM\pinger.exe" -> C:\TOSHIBA\IVP\ISM\pinger.exe [C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger] -> [2005/03/17 19:37:26 | 000,151,552 | ---- | M] (TOSHIBA Corporation)
    "C:\TOSHIBA\ivp\NetInt\Netint.exe" -> C:\TOSHIBA\ivp\NetInt\Netint.exe [C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine] -> [2004/11/03 17:06:34 | 000,462,848 | ---- | M] (TOSHIBA Corporation)
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 ->
    "DisplayName" -> CD-ROM Driver ->
    "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
    comfile [open] -> "%1" %* ->
    exefile [open] -> "%1" %* ->
    < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
    .com [@ = comfile] -> "%1" %* ->
    .exe [@ = exefile] -> "%1" %* ->
    < File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Classes\<extension>\ ->
    .exe [@ = exefile] -> Reg Error: Key error. -> File not found
  4. 2010-11-23, 19:12 #4
    dallak
    dallak is offline
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default OTS log Part 2

    [Files/Folders - Created Within 30 Days]
    OTS.exe -> C:\Documents and Settings\john\Desktop\OTS.exe -> [2010/11/23 12:07:42 | 000,642,048 | ---- | C] (OldTimer Tools)
    conremoval -> C:\conremoval -> [2010/11/19 16:17:22 | 000,000,000 | --SD | C]
    SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/11/19 14:04:48 | 000,212,480 | ---- | C] (SteelWerX)
    SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/11/19 14:04:48 | 000,161,792 | ---- | C] (SteelWerX)
    SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/11/19 14:04:48 | 000,136,704 | ---- | C] (SteelWerX)
    NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/11/19 14:04:48 | 000,031,232 | ---- | C] (NirSoft)
    Qoobox -> C:\Qoobox -> [2010/11/19 14:04:36 | 000,000,000 | ---D | C]
    windows-kb890830-v3.13.exe -> C:\Documents and Settings\john\Desktop\windows-kb890830-v3.13.exe -> [2010/11/19 13:41:22 | 011,843,016 | ---- | C] (Microsoft Corporation)
    Mozilla -> C:\Documents and Settings\john\Local Settings\Application Data\Mozilla -> [2010/11/18 11:53:35 | 000,000,000 | ---D | C]
    fixit -> C:\fixit -> [2010/11/17 15:35:43 | 000,000,000 | --SD | C]
    Rooter$ -> C:\Rooter$ -> [2010/11/16 11:32:06 | 000,000,000 | ---D | C]
    Rooter.exe -> C:\Documents and Settings\john\Desktop\Rooter.exe -> [2010/11/16 11:30:59 | 000,173,119 | ---- | C] (Eric_71)
    RootRepeal.exe -> C:\Documents and Settings\john\Desktop\RootRepeal.exe -> [2010/11/16 10:10:18 | 000,472,064 | ---- | C] ( )
    TDSSKiller.exe -> C:\Documents and Settings\john\Desktop\TDSSKiller.exe -> [2010/11/12 13:20:12 | 001,330,776 | ---- | C] (Kaspersky Lab ZAO)
    McAfee -> C:\Documents and Settings\john\Desktop\McAfee -> [2010/11/10 15:21:58 | 000,000,000 | ---D | C]
    trend micro -> C:\Program Files\trend micro -> [2010/11/09 13:50:37 | 000,000,000 | ---D | C]
    rsit -> C:\rsit -> [2010/11/09 13:50:34 | 000,000,000 | ---D | C]
    mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/11/08 13:53:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
    mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/11/08 13:52:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation)
    Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/11/08 13:51:36 | 000,000,000 | ---D | C]
    mbam-setup-1.46.exe -> C:\Documents and Settings\john\Desktop\mbam-setup-1.46.exe -> [2010/11/08 13:50:30 | 006,153,352 | ---- | C] (Malwarebytes Corporation )
    2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
    1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

    [Files/Folders - Modified Within 30 Days]
    OTS.exe -> C:\Documents and Settings\john\Desktop\OTS.exe -> [2010/11/23 12:07:53 | 000,642,048 | ---- | M] (OldTimer Tools)
    Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/11/23 11:48:36 | 000,001,769 | ---- | M] ()
    wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/11/23 11:46:57 | 000,001,158 | ---- | M] ()
    bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/11/23 11:46:07 | 000,002,048 | --S- | M] ()
    AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/11/20 23:41:01 | 000,000,284 | ---- | M] ()
    conremoval.exe -> C:\Documents and Settings\john\Desktop\conremoval.exe -> [2010/11/19 14:13:23 | 003,911,939 | R--- | M] ()
    windows-kb890830-v3.13.exe -> C:\Documents and Settings\john\Desktop\windows-kb890830-v3.13.exe -> [2010/11/19 13:41:22 | 011,843,016 | ---- | M] (Microsoft Corporation)
    Microsoft Office Word 2003.lnk -> C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk -> [2010/11/19 09:44:29 | 000,002,515 | ---- | M] ()
    SystemLook.exe -> C:\Documents and Settings\john\Desktop\SystemLook.exe -> [2010/11/18 11:45:16 | 000,075,264 | ---- | M] ()
    complaint form.pdf -> C:\Documents and Settings\john\Desktop\complaint form.pdf -> [2010/11/17 16:18:51 | 000,118,747 | ---- | M] ()
    MBRCheck.exe -> C:\Documents and Settings\john\Desktop\MBRCheck.exe -> [2010/11/16 13:10:10 | 000,080,384 | ---- | M] ()
    Rooter.exe -> C:\Documents and Settings\john\Desktop\Rooter.exe -> [2010/11/16 11:31:02 | 000,173,119 | ---- | M] (Eric_71)
    fixdownadup.exe -> C:\Documents and Settings\john\Desktop\fixdownadup.exe -> [2010/11/12 15:43:51 | 002,348,928 | ---- | M] ()
    Launch Microsoft Office Outlook.lnk -> C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk -> [2010/11/10 15:58:22 | 000,000,832 | ---- | M] ()
    MCPR.exe -> C:\Documents and Settings\john\Desktop\MCPR.exe -> [2010/11/10 15:31:30 | 001,373,616 | ---- | M] ()
    Logfile.pdf -> C:\Documents and Settings\john\Desktop\Logfile.pdf -> [2010/11/09 13:57:52 | 000,044,548 | ---- | M] ()
    Logfile.doc -> C:\Documents and Settings\john\Desktop\Logfile.doc -> [2010/11/09 13:57:41 | 000,098,816 | ---- | M] ()
    info.pdf -> C:\Documents and Settings\john\Desktop\info.pdf -> [2010/11/09 13:56:31 | 000,036,434 | ---- | M] ()
    info.doc -> C:\Documents and Settings\john\Desktop\info.doc -> [2010/11/09 13:55:43 | 000,092,672 | ---- | M] ()
    RSIT.exe -> C:\Documents and Settings\john\Desktop\RSIT.exe -> [2010/11/09 13:50:19 | 000,339,991 | ---- | M] ()
    Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/11/08 13:53:13 | 000,000,736 | ---- | M] ()
    mbam-setup-1.46.exe -> C:\Documents and Settings\john\Desktop\mbam-setup-1.46.exe -> [2010/11/08 13:50:31 | 006,153,352 | ---- | M] (Malwarebytes Corporation )
    scan.com -> C:\Documents and Settings\john\Desktop\scan.com -> [2010/11/08 13:36:18 | 000,630,272 | ---- | M] ()
    dds.scr -> C:\Documents and Settings\john\Desktop\dds.scr -> [2010/11/08 13:28:58 | 000,630,272 | ---- | M] ()
    TDSSKiller.exe -> C:\Documents and Settings\john\Desktop\TDSSKiller.exe -> [2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO)
    gmer.exe -> C:\Documents and Settings\john\Desktop\gmer.exe -> [2010/11/08 10:32:38 | 000,296,448 | ---- | M] ()
    perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/11/08 07:46:02 | 000,495,580 | ---- | M] ()
    perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/11/08 07:46:02 | 000,090,626 | ---- | M] ()
    MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/11/08 01:20:24 | 000,089,088 | ---- | M] ()
    Microsoft Office Excel 2003.lnk -> C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk -> [2010/11/02 08:02:23 | 000,002,513 | ---- | M] ()
    bug2.pdf -> C:\Documents and Settings\john\Desktop\bug2.pdf -> [2010/11/01 09:17:09 | 000,051,045 | ---- | M] ()
    bug1.pdf -> C:\Documents and Settings\john\Desktop\bug1.pdf -> [2010/11/01 09:16:42 | 000,098,865 | ---- | M] ()
    pool.bin -> C:\WINDOWS\System32\pool.bin -> [2010/11/01 07:43:41 | 000,000,256 | ---- | M] ()
    2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
    18 C:\Documents and Settings\john\Local Settings\temp\*.tmp files -> C:\Documents and Settings\john\Local Settings\temp\*.tmp ->
    1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

    [Files - No Company Name]
    conremoval.exe -> C:\Documents and Settings\john\Desktop\conremoval.exe -> [2010/11/19 14:13:23 | 003,911,939 | R--- | C] ()
    PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/11/19 14:04:48 | 000,256,512 | ---- | C] ()
    sed.exe -> C:\WINDOWS\sed.exe -> [2010/11/19 14:04:48 | 000,098,816 | ---- | C] ()
    MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/11/19 14:04:48 | 000,089,088 | ---- | C] ()
    grep.exe -> C:\WINDOWS\grep.exe -> [2010/11/19 14:04:48 | 000,080,412 | ---- | C] ()
    zip.exe -> C:\WINDOWS\zip.exe -> [2010/11/19 14:04:48 | 000,068,096 | ---- | C] ()
    fixdownadup.exe -> C:\Documents and Settings\john\Desktop\fixdownadup.exe -> [2010/11/19 08:15:29 | 002,348,928 | ---- | C] ()
    SystemLook.exe -> C:\Documents and Settings\john\Desktop\SystemLook.exe -> [2010/11/18 11:45:15 | 000,075,264 | ---- | C] ()
    complaint form.pdf -> C:\Documents and Settings\john\Desktop\complaint form.pdf -> [2010/11/17 16:18:51 | 000,118,747 | ---- | C] ()
    avenger.exe -> C:\Documents and Settings\john\Desktop\avenger.exe -> [2010/11/16 14:44:16 | 000,731,136 | ---- | C] ()
    MBRCheck.exe -> C:\Documents and Settings\john\Desktop\MBRCheck.exe -> [2010/11/16 13:10:09 | 000,080,384 | ---- | C] ()
    gmer.exe -> C:\Documents and Settings\john\Desktop\gmer.exe -> [2010/11/11 09:12:34 | 000,296,448 | ---- | C] ()
    MCPR.exe -> C:\Documents and Settings\john\Desktop\MCPR.exe -> [2010/11/10 15:31:30 | 001,373,616 | ---- | C] ()
    Logfile.pdf -> C:\Documents and Settings\john\Desktop\Logfile.pdf -> [2010/11/09 13:57:47 | 000,044,548 | ---- | C] ()
    Logfile.doc -> C:\Documents and Settings\john\Desktop\Logfile.doc -> [2010/11/09 13:57:41 | 000,098,816 | ---- | C] ()
    info.pdf -> C:\Documents and Settings\john\Desktop\info.pdf -> [2010/11/09 13:56:31 | 000,036,434 | ---- | C] ()
    info.doc -> C:\Documents and Settings\john\Desktop\info.doc -> [2010/11/09 13:55:43 | 000,092,672 | ---- | C] ()
    RSIT.exe -> C:\Documents and Settings\john\Desktop\RSIT.exe -> [2010/11/09 13:50:16 | 000,339,991 | ---- | C] ()
    Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/11/08 13:53:13 | 000,000,736 | ---- | C] ()
    scan.com -> C:\Documents and Settings\john\Desktop\scan.com -> [2010/11/08 13:35:59 | 000,630,272 | ---- | C] ()
    dds.scr -> C:\Documents and Settings\john\Desktop\dds.scr -> [2010/11/08 13:23:50 | 000,630,272 | ---- | C] ()
    bug2.pdf -> C:\Documents and Settings\john\Desktop\bug2.pdf -> [2010/11/01 09:17:01 | 000,051,045 | ---- | C] ()
    bug1.pdf -> C:\Documents and Settings\john\Desktop\bug1.pdf -> [2010/11/01 09:16:42 | 000,098,865 | ---- | C] ()
    housecall.guid.cache -> C:\Documents and Settings\john\Local Settings\Application Data\housecall.guid.cache -> [2010/07/12 14:05:11 | 000,000,036 | ---- | C] ()
    hitmanpro35.sys -> C:\WINDOWS\System32\drivers\hitmanpro35.sys -> [2010/07/08 10:45:32 | 000,016,968 | ---- | C] ()
    TPTray.INI -> C:\WINDOWS\TPTray.INI -> [2010/02/26 13:16:22 | 000,000,000 | ---- | C] ()
    BBMS_EXCEPTION.txt -> C:\Documents and Settings\john\Application Data\BBMS_EXCEPTION.txt -> [2010/01/22 10:50:32 | 000,000,364 | ---- | C] ()
    eDrawingOfficeAutomator.INI -> C:\WINDOWS\eDrawingOfficeAutomator.INI -> [2009/10/20 09:40:22 | 000,000,000 | ---- | C] ()
    $_hpcst$.hpc -> C:\Documents and Settings\john\Application Data\$_hpcst$.hpc -> [2009/08/28 12:13:40 | 000,002,528 | ---- | C] ()
    WirelessFTP.INI -> C:\WINDOWS\WirelessFTP.INI -> [2009/08/27 15:11:33 | 000,000,098 | ---- | C] ()
    ccolwiz.ini -> C:\WINDOWS\ccolwiz.ini -> [2009/08/27 12:37:22 | 000,000,152 | ---- | C] ()
    DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\john\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/08/27 11:48:07 | 000,007,168 | ---- | C] ()
    fontlst2.opf -> C:\Documents and Settings\john\Application Data\fontlst2.opf -> [2009/08/26 19:03:14 | 000,594,638 | ---- | C] ()
    _isusr32.dll -> C:\WINDOWS\_isusr32.dll -> [2009/08/26 18:32:46 | 000,159,744 | ---- | C] ()
    _isusr2k.dll -> C:\WINDOWS\System32\_isusr2k.dll -> [2009/08/26 18:32:39 | 000,045,056 | ---- | C] ()
    ush2.dll -> C:\WINDOWS\System32\ush2.dll -> [2009/08/26 18:32:38 | 000,122,880 | ---- | C] ()
    OGACheckControl.dll -> C:\WINDOWS\System32\OGACheckControl.dll -> [2009/08/03 14:07:42 | 000,403,816 | ---- | C] ()
    hpzinstall.log -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log -> [2009/05/18 11:18:15 | 000,009,731 | ---- | C] ()
    smtpctrs.ini -> C:\WINDOWS\System32\smtpctrs.ini -> [2008/02/05 08:54:40 | 000,021,791 | ---- | C] ()
    ntfsdrct.ini -> C:\WINDOWS\System32\ntfsdrct.ini -> [2008/02/05 08:54:40 | 000,001,037 | ---- | C] ()
    w3ctrs.ini -> C:\WINDOWS\System32\w3ctrs.ini -> [2008/02/05 08:54:02 | 000,038,576 | ---- | C] ()
    axperf.ini -> C:\WINDOWS\System32\axperf.ini -> [2008/02/05 08:54:02 | 000,010,225 | ---- | C] ()
    infoctrs.ini -> C:\WINDOWS\System32\infoctrs.ini -> [2008/02/05 08:54:01 | 000,011,435 | ---- | C] ()
    dirsaver.ini -> C:\WINDOWS\dirsaver.ini -> [2008/01/28 15:19:37 | 000,000,012 | ---- | C] ()
    msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2008/01/28 15:07:27 | 000,000,002 | ---- | C] ()
    smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2008/01/28 14:52:29 | 000,000,061 | ---- | C] ()
    IVIresizeW7.dll -> C:\WINDOWS\System32\IVIresizeW7.dll -> [2008/01/28 14:50:06 | 000,204,800 | ---- | C] ()
    IVIresizeA6.dll -> C:\WINDOWS\System32\IVIresizeA6.dll -> [2008/01/28 14:50:06 | 000,200,704 | ---- | C] ()
    IVIresizeP6.dll -> C:\WINDOWS\System32\IVIresizeP6.dll -> [2008/01/28 14:50:06 | 000,192,512 | ---- | C] ()
    IVIresizeM6.dll -> C:\WINDOWS\System32\IVIresizeM6.dll -> [2008/01/28 14:50:06 | 000,192,512 | ---- | C] ()
    IVIresizePX.dll -> C:\WINDOWS\System32\IVIresizePX.dll -> [2008/01/28 14:50:06 | 000,188,416 | ---- | C] ()
    IVIresize.dll -> C:\WINDOWS\System32\IVIresize.dll -> [2008/01/28 14:50:06 | 000,020,480 | ---- | C] ()
    pthreadVC.dll -> C:\WINDOWS\System32\pthreadVC.dll -> [2007/11/06 14:19:28 | 000,053,299 | ---- | C] ()
    mxpcivny.dll -> C:\WINDOWS\System32\mxpcivny.dll -> [2007/04/18 10:25:36 | 000,167,071 | RHS- | C] ()
    TDispVol.dll -> C:\WINDOWS\System32\TDispVol.dll -> [2006/01/03 01:08:12 | 000,045,056 | ---- | C] ()
    wininit.ini -> C:\WINDOWS\wininit.ini -> [2005/12/29 13:48:11 | 000,000,222 | ---- | C] ()
    QUICKEN.INI -> C:\WINDOWS\QUICKEN.INI -> [2005/12/29 13:45:52 | 000,000,031 | ---- | C] ()
    CSIIDecoder_kern_i386.sys -> C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys -> [2005/12/29 13:09:56 | 000,036,736 | ---- | C] ()
    TSXT_kern_i386.sys -> C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys -> [2005/12/29 13:09:56 | 000,029,184 | ---- | C] ()
    NDSTray.INI -> C:\WINDOWS\NDSTray.INI -> [2005/12/29 13:01:39 | 000,000,000 | ---- | C] ()
    EBLib.DLL -> C:\WINDOWS\System32\EBLib.DLL -> [2005/12/29 13:01:29 | 000,032,768 | ---- | C] ()
    tbiosdrv.sys -> C:\WINDOWS\System32\drivers\tbiosdrv.sys -> [2005/12/29 12:54:17 | 000,006,867 | ---- | C] ()
    csellang.ini -> C:\WINDOWS\System32\csellang.ini -> [2005/12/29 12:44:17 | 000,128,113 | ---- | C] ()
    csellang.dll -> C:\WINDOWS\System32\csellang.dll -> [2005/12/29 12:44:17 | 000,045,056 | ---- | C] ()
    tosmreg.ini -> C:\WINDOWS\System32\tosmreg.ini -> [2005/12/29 12:44:17 | 000,010,165 | ---- | C] ()
    cseltbl.ini -> C:\WINDOWS\System32\cseltbl.ini -> [2005/12/29 12:44:17 | 000,007,671 | ---- | C] ()
    RtlCPAPI.dll -> C:\WINDOWS\System32\RtlCPAPI.dll -> [2005/12/29 12:35:08 | 000,135,168 | ---- | C] ()
    ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2005/12/29 11:28:28 | 000,000,473 | ---- | C] ()
    fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2005/12/29 11:19:47 | 000,001,793 | ---- | C] ()
    ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2005/12/29 03:15:37 | 000,004,161 | ---- | C] ()
    OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2005/12/29 00:33:37 | 000,000,341 | ---- | C] ()
    TPeculiarity.dll -> C:\WINDOWS\System32\TPeculiarity.dll -> [2005/12/09 16:36:30 | 000,028,672 | ---- | C] ()
    px.ini -> C:\WINDOWS\System32\px.ini -> [2005/11/28 22:33:56 | 000,000,000 | ---- | C] ()
    SPCtl.dll -> C:\WINDOWS\System32\SPCtl.dll -> [2005/11/23 15:55:42 | 000,024,576 | ---- | C] ()
    HWS_Ctrl.dll -> C:\WINDOWS\System32\HWS_Ctrl.dll -> [2005/11/23 15:41:28 | 000,036,864 | ---- | C] ()
    TCtrlIO.dll -> C:\WINDOWS\System32\TCtrlIO.dll -> [2005/11/23 13:42:16 | 000,028,672 | ---- | C] ()
    Dart.PowerTCP.Aes.dll -> C:\WINDOWS\System32\Dart.PowerTCP.Aes.dll -> [2005/10/09 10:59:40 | 000,065,536 | ---- | C] ()
    EKECioCtl.dll -> C:\WINDOWS\System32\EKECioCtl.dll -> [2005/09/15 16:04:06 | 000,024,576 | ---- | C] ()
    tifmicon.dll -> C:\WINDOWS\System32\tifmicon.dll -> [2004/01/13 19:46:34 | 000,172,032 | ---- | C] ()
    OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 17:05:08 | 000,002,695 | ---- | C] ()
    < End of report >
    [/code]
  5. 2010-11-23, 23:18 #5
    dallak
    dallak is offline
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default MBAM most recent log

    peku006,

    check out all of the instances now of conficker from Malwarebytes:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5177

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/23/2010 4:20:06 PM
    mbam-log-2010-11-23 (16-20-06).txt

    Scan type: Quick scan
    Objects scanned: 189585
    Time elapsed: 8 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 7
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\brdsd (Worm.Conficker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dalgz (Worm.Conficker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gfqjfcun (Worm.Conficker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\njznx (Worm.Conficker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcpqzrt (Worm.Conficker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vhareut (Worm.Conficker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ykxkeb (Worm.Conficker) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\mxpcivny.dll (Worm.Conficker) -> Quarantined and deleted successfully.
  6. 2010-11-24, 10:20 #6
    peku006
    peku006 is offline
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi John

    "tricky worm".........we must try these tools

    Follow the instructions here:
    How to remove the Downadup and Conficker worm

    When done post the contents of the C:\Win32.Worm.Downladup.Gen.log file as a reply to this topic

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.
  7. 2010-11-24, 19:46 #7
    dallak
    dallak is offline
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default downladup.gen.log

    here it is, probably got these results because I had run MBAM not too long ago. I feel like it will return though. Shall I continue with anything else?



    Ok Loading BitDefender Engines
    State 0
    Sleeping 3 seconds...
    Found so far : 0x0 files/regs
    Searching for Downadup file ....
    - System folder
    - Temporary folder
    - Program Files
    - Application Data
    Found so far : 0x0 files/regs
    No Traces of Downadup Worm were found
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules