No internet - Self inflected wound

nenotgmb · May 4, 2009

Peku006

So far so good. I have not restarted the computer yet, but I do now have intenet access with IE and mozilla.

A small clitch thou....safer-networking.org is blocked when I use Mozilla's browser.
IE however,goes to safer-networking with no problem.

Here's the logs:

Scanning Report
Monday, May 04, 2009 11:14:31 - 12:08:37

Computer name: YOUR-5EE06FCAA0
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 4 malware found
TrackingCookie.2o7 (spyware)

* System

TrackingCookie.Questionmarket (spyware)

* System

Trojan.Win32.Genome.ite (virus)

* C:\DOCUMENTS AND SETTINGS\ART\MY DOCUMENTS\MY DOCUMENTS\DSS\WINEXP50\WINEXPLORER.EXE (Renamed & Submitted)
* C:\DOCUMENTS AND SETTINGS\ART\MY DOCUMENTS\DSS\WINEXP50\WINEXPLORER.EXE (Renamed & Submitted)

Statistics
Scanned:

* Files: 19504
* System: 3097
* Not scanned: 8

Actions:

* Disinfected: 0
* Renamed: 2
* Deleted: 0
* None: 2
* Submitted: 2

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\ART\LOCAL SETTINGS\TEMP\ETILQS_PPRMYVIMDTHBTGAABT4J
* C:\DOCUMENTS AND SETTINGS\ART\APPLICATION DATA\THUNDERBIRD\PROFILES\Y24S0YSE.DEFAULT\MAIL\MAIL.COMCAST.NET\INBOX

Options
Scanning engines:

* F-Secure USS: 3.0.0
* F-Secure Hydra: 3.8.9080, 2009-05-04
* F-Secure AVP: 7.0.171, 2009-05-04
* F-Secure Pegasus: 1.20.0, 1969-11-31
* F-Secure Blacklight: 0.0.0

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:16 PM, on 5/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Art\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1209407146265
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Roxio File Backup Service (CEEBC40A-FDED-4C59-B354-939132350B01) - Unknown owner - c:\Program Files\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 4323 bytes

Thanks,
nenotgmb

peku006 · May 4, 2009

Hi nenotgmb

I have not restarted the computer yet

you should try to restart the computer

:

safer-networking.org is blocked when I use Mozilla's browser.

strange that only firefox will do it, is it updated
Let us take a deeper look..........

Please download OTScanIt2 from Geeks to Go by OldTimer. Alternate download site.
Save it to your desktop.

Double click on OTScanIt2.exe to run it.
Click on Extract. Once done, when prompted. Click OK and click Close.
This is a self-extracting file...It will create a folder named OTScanIt2 on your desktop.
Double click on the OTScanIt2 folder to open... then double click on OTScanIt2.exe to run it.
Under Rookit Search, select Yes.
Click on Run Scan at the top left hand corner. It may take a few minutes...be patient, let it run.
When done, Notepad will open with the log file "OTScanIt.Txt" contents.

Please post the contents of the OTScanIt.Txt Notepad file in your next reply.

Thanks peku006

nenotgmb · May 4, 2009

Peku006

I restarted and message " You have changed configuration utility to make changes to the way windows starts. Choose normal startup mode to sart windows normally." I choose normal mode and computer restarted again.

Started Mozzila again and got same message as before the restart " firefox is not currently your default browser. Would you like to make your default browser?" This time I clicked "NO".
Firefox message:
"firefox can't find the file at http:\\www.safer-networking. org/en/home/index.html.".

I clicked on firefox start page help tab and "Downloading firefox 3.0.10...." is shown, but nothing is downloading.

The OTScanIt2 scan was run BEFORE I restarted the compter.

Code:

OTScanIt2 logfile created on: 5/4/2009 1:06:08 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.14.0     Folder = C:\Documents and Settings\Art\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.76 Mb Total Physical Memory | 657.32 Mb Available Physical Memory | 64.84% Memory free
2.38 Gb Paging File | 2.17 Gb Available in Paging File | 91.17% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 109.43 Gb Free Space | 73.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: YOUR-5EE06FCAA0
Current User Name: Art
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
explorer.exe -> %SystemRoot%\explorer.exe -> [2008/04/14 08:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation)
filebackupsvc.exe -> %ProgramFiles%\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe -> [2008/02/12 22:12:16 | 00,076,272 | ---- | M] ()
iexplore.exe -> %ProgramFiles%\internet explorer\iexplore.exe -> [2008/04/14 08:00:00 | 00,093,184 | -HS- | M] (Microsoft Corporation)
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2006/04/24 15:25:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
nvpdsvc.exe -> %ProgramFiles%\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -> [2008/12/11 08:08:52 | 03,575,808 | ---- | M] ()
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2009/01/15 09:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/04/11 16:32:52 | 00,494,080 | ---- | M] (OldTimer Tools)
syncservices.exe -> %ProgramFiles%\Maxtor\Sync\SyncServices.exe -> [2007/09/28 12:24:36 | 00,156,976 | ---- | M] (Seagate Technology LLC)
wscntfy.exe -> %SystemRoot%\system32\wscntfy.exe -> [2008/04/14 08:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(6to4) IPv6 Helper Service [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\6to4svc.dll -> [2008/04/14 08:00:00 | 00,100,352 | ---- | M] (Microsoft Corporation)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(CEEBC40A-FDED-4C59-B354-939132350B01) Roxio File Backup Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe -> [2008/02/12 22:12:16 | 00,076,272 | ---- | M] ()
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/14 08:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation)
(hpqcxs08) hpqcxs08 [Win32_Shared | On_Demand | Running] -> %ProgramFiles%\HP\Digital Imaging\bin\hpqcxs08.dll -> [2008/03/25 21:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.)
(hpqddsvc) HP CUE DeviceDiscovery Service [Win32_Shared | Auto | Running] -> %ProgramFiles%\HP\Digital Imaging\bin\hpqddsvc.dll -> [2008/03/25 22:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.)
(HPSLPSVC) HP Network Devices Support [Win32_Shared | Auto | Running] -> %ProgramFiles%\HP\Digital Imaging\bin\HPSLPSVC32.DLL -> [2008/03/25 22:25:50 | 00,630,784 | ---- | M] (Hewlett-Packard Co.)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2006/04/24 15:25:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
(Maxtor Sync Service) Maxtor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Maxtor\Sync\SyncServices.exe -> [2007/09/28 12:24:36 | 00,156,976 | ---- | M] (Seagate Technology LLC)
(Net Driver HPZ12) Net Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZinw12.dll -> [2008/07/18 14:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard)
(NVIDIA Performance Driver Service) NVIDIA Performance Driver Service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -> [2008/12/11 08:08:52 | 03,575,808 | ---- | M] ()
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2009/01/15 09:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.dll -> [2008/07/18 14:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard)
(RoxLiveShare10) LiveShare P2P Server 10 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -> [2008/07/18 08:43:38 | 00,309,744 | ---- | M] (Sonic Solutions)
(RoxMediaDB10) RoxMediaDB10 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -> [2008/07/18 08:43:02 | 01,120,752 | ---- | M] (Sonic Solutions)
(RoxWatch10) Roxio Hard Drive Watcher 10 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -> [2008/07/18 08:43:32 | 00,166,384 | ---- | M] (Sonic Solutions)
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> [2008/03/24 07:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/18 23:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(ahcix86) ahcix86 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ahcix86.sys -> [2006/10/27 08:12:32 | 00,120,832 | ---- | M] (ATI Technologies Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\aliide.sys -> [2001/08/17 16:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\amdagp.sys -> [2008/04/14 03:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(AN983) ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\AN983.sys -> [2008/04/14 01:05:30 | 00,036,224 | ---- | M] (ADMtek Incorporated.)
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc.sys -> [2001/08/17 16:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc3550.sys -> [2001/08/17 16:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(CDAVFS) CDAVFS [File_System | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\CDAVFS.sys -> [2009/04/22 21:14:50 | 00,067,424 | ---- | M] (CyberDefender Corp.)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\cmdide.sys -> [2001/08/17 16:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 16:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HDAudBus.sys -> [2008/04/14 08:00:00 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(ialm) ialm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\igxpmp32.sys -> [2008/02/15 13:12:06 | 05,854,752 | ---- | M] (Intel Corporation)
(iaStor) Intel RAID Controller [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\iaStor.sys -> [2007/09/30 03:03:12 | 00,308,248 | ---- | M] (Intel Corporation)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> [2008/09/18 18:48:58 | 04,816,896 | ---- | M] (Realtek Semiconductor Corp.)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\mraid35x.sys -> [2001/08/17 16:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(MXOPSWD) Maxtor OneTouch Security Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\mxopswd.sys -> [2007/05/03 13:37:08 | 00,022,152 | ---- | M] (Maxtor Corp.)
(nm) Network Monitor Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\NMnt.sys -> [2008/04/14 08:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\nv4_mini.sys -> [2009/01/15 09:19:00 | 06,301,248 | ---- | M] (NVIDIA Corporation)
(nvgts) nvgts [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\nvgts.sys -> [2008/01/17 14:51:30 | 00,102,400 | ---- | M] (NVIDIA Corporation)
(nvrd32) NVIDIA nForce RAID Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\nvrd32.sys -> [2008/01/17 14:51:24 | 00,128,000 | ---- | M] (NVIDIA Corporation)
(NwlnkIpx) NWLink IPX/SPX/NetBIOS Compatible Transport Protocol [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\nwlnkipx.sys -> [2008/04/14 08:00:00 | 00,088,320 | ---- | M] (Microsoft Corporation)
(NwlnkNb) NWLink NetBIOS [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\nwlnknb.sys -> [2008/04/14 08:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation)
(NwlnkSpx) NWLink SPX/SPXII Protocol [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\nwlnkspx.sys -> [2008/04/14 08:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> [2008/04/14 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2008/06/16 03:00:00 | 00,044,944 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1080.sys -> [2001/08/17 16:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql12160.sys -> [2001/08/17 16:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1280.sys -> [2001/08/17 16:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(RTLE8023xp) Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\Rtenicxp.sys -> [2008/07/01 10:27:44 | 00,108,800 | ---- | M] (Realtek Semiconductor Corporation                           )
(RxFilter) RxFilter [File_System | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\RxFilter.sys -> [2008/07/18 10:11:40 | 00,057,328 | ---- | M] (Sonic Solutions)
(S3SavageNB) S3SavageNB [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\s3gnbm.sys -> [2008/04/14 01:04:34 | 00,166,912 | ---- | M] (S3 Graphics, Inc.)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> [2008/04/14 08:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sisagp.sys -> [2008/04/14 03:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sparrow.sys -> [2001/08/17 17:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(StillCam) Still Serial Digital Camera Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\serscan.sys -> [2001/08/17 14:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation)
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc810.sys -> [2001/08/17 17:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc8xx.sys -> [2001/08/17 17:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_hi.sys -> [2001/08/17 17:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_u3.sys -> [2001/08/17 17:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(Tcpip6) Microsoft IPv6 Protocol Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\tcpip6.sys -> [2008/06/20 06:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation)
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ultra.sys -> [2001/08/17 16:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: SearchURL\\"provider" ->  -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Art\Application Data\Mozilla\FireFox\Profiles\1vpys44u.default\prefs.js -> 
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/04/22 18:37:22 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/04/25 12:10:52 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions ->  -> 
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components -> %ProgramFiles%\MOZILLA THUNDERBIRD\COMPONENTS [C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS] -> [2009/03/21 23:55:18 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS -> 
< FireFox Extensions [User Folders] > -> 
 -> C:\Documents and Settings\Art\Application Data\mozilla\Extensions -> [2009/01/09 21:58:32 | 00,000,335 | ---- | M] ()
 -> C:\Documents and Settings\Art\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/01/09 21:58:32 | 00,000,335 | ---- | M] ()
 -> C:\Documents and Settings\Art\Application Data\mozilla\Firefox\Profiles\1vpys44u.default\extensions -> [2009/03/29 14:15:30 | 00,096,148 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/03/29 02:03:13 | 09,732,600 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/03/29 02:03:13 | 09,732,600 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/04/22 18:37:22 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/03/29 02:03:09 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/03/29 02:03:09 | 00,134,648 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/04/25 12:10:52 | 00,000,000 | ---D | M]
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/03/29 02:03:11 | 00,065,528 | ---- | M] (mozilla.org)
NPOFFICE.DLL -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPOFFICE.DLL -> [2003/07/14 23:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation)
< FireFox SearchPlugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/01/07 23:12:46 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2008/12/02 03:04:40 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2008/12/02 03:04:40 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2008/12/02 03:04:40 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2008/12/02 03:04:40 | 00,002,343 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2008/12/02 03:04:40 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2008/12/02 03:04:40 | 00,001,178 | ---- | M] ()
yahoo.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2008/12/02 03:04:40 | 00,000,792 | ---- | M] ()
< HOSTS File > (292253 bytes and 10113 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	www.1001namen.com
127.0.0.1	1001namen.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.1-2005-search.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/23 02:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"MSConfig" -> %SystemRoot%\pchealth\helpctr\Binaries\MSCONFIG.EXE [C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto] -> [2008/04/14 08:00:00 | 00,169,984 | ---- | M] (Microsoft Corporation)
"NvCplDaemon" -> %SystemRoot%\system32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2009/01/15 09:19:00 | 13,680,640 | ---- | M] (NVIDIA Corporation)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Art Startup Folder > -> C:\Documents and Settings\Art\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"DisableRegistryTools" ->  [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2003/08/13 03:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/14 08:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/14 08:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/14 08:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 08:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5259 domain(s) found. -> 
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5260 domain(s) found. -> 
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209407146265 [WUWebControl Class] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [HKLM] -> http://support.f-secure.com/ols/fscax.cab [F-Secure Online Scanner 3.3] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{29A0C18A-E16C-43FF-9C52-BF3018730BFF} ->    (Realtek RTL8102E Family PCI-E Fast Ethernet NIC) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/14 08:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> [2008/02/15 11:45:40 | 00,208,896 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/14 08:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 08:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" -> C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> [2008/03/20 10:36:30 | 00,550,312 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2008/03/16 13:14:04 | 01,556,480 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2008/05/28 02:36:20 | 00,075,096 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2008/05/28 02:36:20 | 00,107,864 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2008/03/16 13:14:00 | 00,167,936 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe] -> [2008/03/20 10:36:38 | 03,782,048 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe [C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe] -> [2008/03/13 10:34:26 | 00,087,456 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2008/03/25 21:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe [C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe] -> [2008/03/20 10:36:40 | 00,135,168 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2008/03/25 21:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.)
"D:\setup\HPZnui01.exe" -> D:\setup\HPZnui01.exe [D:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/14 08:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 08:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" -> C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> [2008/03/20 10:36:30 | 00,550,312 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2008/03/16 13:14:04 | 01,556,480 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2008/05/28 02:36:20 | 00,075,096 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2008/05/28 02:36:20 | 00,107,864 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2008/03/16 13:14:00 | 00,167,936 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe] -> [2008/03/20 10:36:38 | 03,782,048 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe [C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe] -> [2008/03/13 10:34:26 | 00,087,456 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2008/03/25 21:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe [C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe] -> [2008/03/20 10:36:40 | 00,135,168 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2008/03/25 21:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/14 08:00:00 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2008/04/28 16:59:16 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{a8c8529d-b4a9-11dd-a5d6-001cc08f36a6}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8c8529d-b4a9-11dd-a5d6-001cc08f36a6}\Shell\AutoRun\command
\{a8c8529d-b4a9-11dd-a5d6-001cc08f36a6}\Shell\AutoRun\command\\"" -> E:\Programs\nu2menu\nu2menu.exe [E:\Programs\nu2menu\nu2menu.exe] -> File not found
 
 
[Files/Folders - Created Within 30 Days]
1 C:\*.tmp files -> C:\*.tmp -> 
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/05/04 13:02:25 | 00,000,000 | ---D | C]
fsaua.data -> %SystemDrive%\fsaua.data -> [2009/05/04 11:09:41 | 00,000,000 | ---D | C]
F Secure online scan logs -> %UserProfile%\My Documents\F Secure online scan logs -> [2009/05/04 11:01:05 | 00,000,000 | ---D | C]
Combofix logs -> %UserProfile%\My Documents\Combofix logs -> [2009/05/04 10:21:35 | 00,000,000 | ---D | C]
Boot.bak -> %SystemDrive%\Boot.bak -> [2009/05/04 10:12:10 | 00,000,211 | ---- | C] ()
cmldr -> %SystemDrive%\cmldr -> [2009/05/04 10:12:08 | 00,260,272 | ---- | C] ()
cmdcons -> %SystemDrive%\cmdcons -> [2009/05/04 10:12:04 | 00,000,000 | RHSD | C]
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe -> %UserProfile%\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe -> [2009/05/03 21:27:53 | 04,614,888 | ---- | C] (Microsoft Corporation)
Hijackthis logs -> %UserProfile%\My Documents\Hijackthis logs -> [2009/05/03 13:30:42 | 00,000,000 | ---D | C]
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> [2009/05/03 13:27:50 | 00,401,720 | ---- | C] (Trend Micro Inc.)
SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe -> [2009/05/03 12:19:08 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> %SystemRoot%\SWREG.exe -> [2009/05/03 12:19:08 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> %SystemRoot%\SWSC.exe -> [2009/05/03 12:19:08 | 00,136,704 | ---- | C] (SteelWerX)
vFind.exe -> %SystemRoot%\vFind.exe -> [2009/05/03 12:19:08 | 00,117,248 | ---- | C] ()
sed.exe -> %SystemRoot%\sed.exe -> [2009/05/03 12:19:08 | 00,098,816 | ---- | C] ()
grep.exe -> %SystemRoot%\grep.exe -> [2009/05/03 12:19:08 | 00,080,412 | ---- | C] ()
zip.exe -> %SystemRoot%\zip.exe -> [2009/05/03 12:19:08 | 00,068,096 | ---- | C] ()
NIRCMD.exe -> %SystemRoot%\NIRCMD.exe -> [2009/05/03 12:19:08 | 00,029,696 | ---- | C] (NirSoft)
pss -> %SystemRoot%\pss -> [2009/05/03 11:49:23 | 00,000,000 | ---D | C]
Qoobox -> %SystemDrive%\Qoobox -> [2009/05/03 10:46:20 | 00,000,000 | ---D | C]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2009/05/03 10:12:40 | 03,012,596 | R--- | C] ()
trend micro -> %ProgramFiles%\trend micro -> [2009/04/29 16:32:46 | 00,000,000 | ---D | C]
rsit -> %SystemDrive%\rsit -> [2009/04/29 16:32:45 | 00,000,000 | ---D | C]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/04/29 16:31:11 | 00,781,909 | ---- | C] ()
Mbam logs -> %UserProfile%\My Documents\Mbam logs -> [2009/04/29 11:04:38 | 00,000,000 | ---D | C]
Malwarebytes -> %AppData%\Malwarebytes -> [2009/04/28 16:55:01 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/04/28 10:57:52 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/04/28 10:57:52 | 00,000,797 | ---- | C] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/04/28 10:57:49 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/04/28 10:57:48 | 00,000,000 | ---D | C]
123 Malb -> %ProgramFiles%\123 Malb -> [2009/04/28 10:47:45 | 00,000,000 | ---D | C]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/04/26 11:38:30 | 10,630,75840 | -HS- | C] ()
ERDNT -> %SystemRoot%\ERDNT -> [2009/04/25 21:30:03 | 00,000,000 | ---D | C]
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/04/25 21:26:34 | 00,000,602 | ---- | C] ()
ERUNT -> %ProgramFiles%\ERUNT -> [2009/04/25 21:26:33 | 00,000,000 | ---D | C]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [2009/04/25 01:12:47 | 00,000,664 | ---- | C] ()
mySafer Networking -> %ProgramFiles%\mySafer Networking -> [2009/04/24 13:21:08 | 00,000,000 | ---D | C]
VSRevoGroup -> %AppData%\VSRevoGroup -> [2009/04/23 00:42:32 | 00,000,000 | ---D | C]
Revo Uninstaller.lnk -> %UserProfile%\Desktop\Revo Uninstaller.lnk -> [2009/04/23 00:33:58 | 00,000,927 | ---- | C] ()
VS Revo Group -> %ProgramFiles%\VS Revo Group -> [2009/04/23 00:33:58 | 00,000,000 | ---D | C]
av_affiliate.ini -> %SystemRoot%\av_affiliate.ini -> [2009/04/22 21:18:05 | 00,000,043 | ---- | C] ()
as_affiliate.ini -> %SystemRoot%\as_affiliate.ini -> [2009/04/22 21:18:04 | 00,000,043 | ---- | C] ()
CDAVFS.sys -> %SystemRoot%\System32\drivers\CDAVFS.sys -> [2009/04/22 21:15:35 | 00,067,424 | ---- | C] (CyberDefender Corp.)
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [2009/04/22 16:27:51 | 00,000,993 | ---- | C] ()
Recent -> %UserProfile%\Recent -> [2009/04/22 00:31:48 | 00,000,000 | RH-D | C]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2009/04/05 00:38:42 | 00,000,069 | ---- | C] ()
Smokes -> %UserProfile%\My Documents\Smokes -> [2009/04/05 00:34:43 | 00,000,000 | ---D | C]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [2009/02/14 02:39:36 | 00,000,376 | ---- | C] ()
nvwdmcpl.dll -> %SystemRoot%\System32\nvwdmcpl.dll -> [2009/01/15 09:19:00 | 01,724,416 | ---- | C] ()
nview.dll -> %SystemRoot%\System32\nview.dll -> [2009/01/15 09:19:00 | 01,507,328 | ---- | C] ()
nvwimg.dll -> %SystemRoot%\System32\nvwimg.dll -> [2009/01/15 09:19:00 | 01,101,824 | ---- | C] ()
nvshell.dll -> %SystemRoot%\System32\nvshell.dll -> [2009/01/15 09:19:00 | 00,466,944 | ---- | C] ()
smscfg.ini -> %SystemRoot%\smscfg.ini -> [2008/11/17 14:00:12 | 00,000,061 | ---- | C] ()
igfxCoIn_v4926.dll -> %SystemRoot%\System32\igfxCoIn_v4926.dll -> [2008/11/17 11:39:58 | 00,147,456 | ---- | C] ()
physxcudart_20.dll -> %SystemRoot%\System32\physxcudart_20.dll -> [2008/10/07 10:13:30 | 00,197,912 | ---- | C] ()
AgCPanelTraditionalChinese.dll -> %SystemRoot%\System32\AgCPanelTraditionalChinese.dll -> [2008/10/07 10:13:22 | 00,058,648 | ---- | C] ()
AgCPanelSwedish.dll -> %SystemRoot%\System32\AgCPanelSwedish.dll -> [2008/10/07 10:13:20 | 00,058,648 | ---- | C] ()
AgCPanelSpanish.dll -> %SystemRoot%\System32\AgCPanelSpanish.dll -> [2008/10/07 10:13:20 | 00,058,648 | ---- | C] ()
AgCPanelSimplifiedChinese.dll -> %SystemRoot%\System32\AgCPanelSimplifiedChinese.dll -> [2008/10/07 10:13:20 | 00,058,648 | ---- | C] ()
AgCPanelPortugese.dll -> %SystemRoot%\System32\AgCPanelPortugese.dll -> [2008/10/07 10:13:20 | 00,058,648 | ---- | C] ()
AgCPanelKorean.dll -> %SystemRoot%\System32\AgCPanelKorean.dll -> [2008/10/07 10:13:20 | 00,058,648 | ---- | C] ()
AgCPanelJapanese.dll -> %SystemRoot%\System32\AgCPanelJapanese.dll -> [2008/10/07 10:13:20 | 00,058,648 | ---- | C] ()
AgCPanelGerman.dll -> %SystemRoot%\System32\AgCPanelGerman.dll -> [2008/10/07 10:13:20 | 00,058,648 | ---- | C] ()
AgCPanelFrench.dll -> %SystemRoot%\System32\AgCPanelFrench.dll -> [2008/10/07 10:13:20 | 00,058,648 | ---- | C] ()
px.ini -> %SystemRoot%\System32\px.ini -> [2008/07/17 09:17:30 | 00,000,000 | ---- | C] ()
oeminfo.ini -> %SystemRoot%\System32\oeminfo.ini -> [2008/04/28 16:23:33 | 00,000,507 | ---- | C] ()
win.ini -> %SystemRoot%\win.ini -> [2008/04/28 16:23:12 | 00,000,603 | ---- | C] ()
system.ini -> %SystemRoot%\system.ini -> [2008/04/28 16:23:09 | 00,000,227 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
1 C:\*.tmp files -> C:\*.tmp -> 
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
perf.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\perf.dat -> [2009/05/04 12:14:10 | 00,000,128 | ---- | M] ()
fssm32.exe -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> [2009/05/04 11:14:16 | 00,561,280 | ---- | M] (F-Secure Corp.)
fssm32.exe -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fssm32.exe -> [2009/05/04 11:14:16 | 00,561,280 | ---- | M] (F-Secure Corp.)
fm4av.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fm4av.dll -> [2009/05/04 11:14:16 | 00,482,448 | ---- | M] ()
fm4av.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fm4av.dll -> [2009/05/04 11:14:16 | 00,482,448 | ---- | M] ()
fsgk32.exe -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> [2009/05/04 11:14:16 | 00,440,960 | ---- | M] (F-Secure Corp.)
fsgk32.exe -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsgk32.exe -> [2009/05/04 11:14:16 | 00,440,960 | ---- | M] (F-Secure Corp.)
AVPFPI0.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> [2009/05/04 11:14:16 | 00,154,304 | ---- | M] (Kaspersky Lab)
AVPFPI0.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> [2009/05/04 11:14:16 | 00,154,304 | ---- | M] (Kaspersky Lab)
fsepx32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsepx32.dll -> [2009/05/04 11:14:16 | 00,150,144 | ---- | M] (F-Secure Corporation)
fsepx32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsepx32.dll -> [2009/05/04 11:14:16 | 00,150,144 | ---- | M] (F-Secure Corporation)
fpinor.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> [2009/05/04 11:14:16 | 00,120,456 | ---- | M] (F-Secure Corporation)
fpinor.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fpinor.dll -> [2009/05/04 11:14:16 | 00,120,456 | ---- | M] (F-Secure Corporation)
fsuss.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsuss.dll -> [2009/05/04 11:14:16 | 00,113,288 | ---- | M] (F-Secure Corporation)
fsuss.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsuss.dll -> [2009/05/04 11:14:16 | 00,113,288 | ---- | M] (F-Secure Corporation)
fsgkiapi.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> [2009/05/04 11:14:16 | 00,100,456 | ---- | M] (F-Secure Corp.)
fsgkiapi.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> [2009/05/04 11:14:16 | 00,100,456 | ---- | M] (F-Secure Corp.)
avpproxy.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> [2009/05/04 11:14:16 | 00,084,672 | ---- | M] (F-Secure Corporation)
avpproxy.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\avpproxy.dll -> [2009/05/04 11:14:16 | 00,084,672 | ---- | M] (F-Secure Corporation)
fsbl.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> [2009/05/04 11:14:16 | 00,068,224 | ---- | M] (F-Secure Corporation)
fsbl.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsbl.dll -> [2009/05/04 11:14:16 | 00,068,224 | ---- | M] (F-Secure Corporation)
fsusscr.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> [2009/05/04 11:14:11 | 01,026,696 | ---- | M] (F-Secure Corporation)
fsusscr.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsusscr.dll -> [2009/05/04 11:14:11 | 01,026,696 | ---- | M] (F-Secure Corporation)
fsedb.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsedb.dat -> [2009/05/04 11:14:08 | 02,358,402 | ---- | M] ()
fsedb.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsedb.dat -> [2009/05/04 11:14:08 | 02,358,402 | ---- | M] ()
fsecr32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> [2009/05/04 11:14:08 | 01,747,592 | ---- | M] (F-Secure Corporation)
fsecr32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsecr32.dll -> [2009/05/04 11:14:08 | 01,747,592 | ---- | M] (F-Secure Corporation)
fsupdllb.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsupdllb.dat -> [2009/05/04 11:14:08 | 00,422,594 | ---- | M] ()
fsupdllb.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsupdllb.dat -> [2009/05/04 11:14:08 | 00,422,594 | ---- | M] ()
fsblu.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\ols_bl\fsblu.dll -> [2009/05/04 11:13:59 | 00,731,784 | ---- | M] (F-Secure Corporation)
fsbld.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsbld.dll -> [2009/05/04 11:13:59 | 00,731,784 | ---- | M] (F-Secure Corporation)
fssubmit.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> [2009/05/04 11:13:57 | 00,651,264 | ---- | M] (F-Secure Corporation)
fssubmit.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fssubmit.dll -> [2009/05/04 11:13:57 | 00,651,264 | ---- | M] (F-Secure Corporation)
Nse_w32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> [2009/05/04 11:13:55 | 00,588,856 | ---- | M] (Norman ASA)
Nse_w32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> [2009/05/04 11:13:55 | 00,588,856 | ---- | M] (Norman ASA)
sai.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\avmisc\sai.dat -> [2009/05/04 11:13:50 | 00,001,348 | ---- | M] ()
sai.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\sai.dat -> [2009/05/04 11:13:50 | 00,001,348 | ---- | M] ()
ext.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\avmisc\ext.dat -> [2009/05/04 11:13:50 | 00,000,449 | ---- | M] ()
ext.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\ext.dat -> [2009/05/04 11:13:50 | 00,000,449 | ---- | M] ()
sae.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\avmisc\sae.dat -> [2009/05/04 11:13:50 | 00,000,243 | ---- | M] ()
sae.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\sae.dat -> [2009/05/04 11:13:50 | 00,000,243 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/05/04 10:16:52 | 00,000,006 | -H-- | M] ()
system.ini -> %SystemRoot%\system.ini -> [2009/05/04 10:15:14 | 00,000,227 | ---- | M] ()
boot.ini -> %SystemDrive%\boot.ini -> [2009/05/04 10:12:10 | 00,000,281 | RHS- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2009/05/04 10:09:49 | 00,000,603 | ---- | M] ()
Boot.bak -> %SystemDrive%\Boot.bak -> [2009/05/04 10:09:49 | 00,000,211 | ---- | M] ()
nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [2009/05/04 10:09:22 | 00,206,530 | ---- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/05/04 10:09:10 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/05/04 10:09:04 | 10,630,75840 | -HS- | M] ()
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/05/04 02:14:43 | 06,291,456 | -H-- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/05/04 00:28:46 | 00,000,178 | -HS- | M] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2009/05/04 00:25:28 | 06,945,196 | -H-- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/05/03 23:43:54 | 00,476,636 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2009/05/03 23:43:54 | 00,406,328 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2009/05/03 23:43:54 | 00,063,528 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/05/03 23:32:00 | 00,001,158 | ---- | M] ()
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe -> %UserProfile%\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe -> [2009/05/03 21:28:33 | 04,614,888 | ---- | M] (Microsoft Corporation)
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> [2009/05/03 13:27:50 | 00,401,720 | ---- | M] (Trend Micro Inc.)
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/05/03 11:09:05 | 00,001,891 | ---- | M] ()
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2009/05/03 10:09:02 | 03,012,596 | R--- | M] ()
vFind.exe -> %SystemRoot%\vFind.exe -> [2009/05/01 15:36:46 | 00,117,248 | ---- | M] ()
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/04/29 16:29:12 | 00,781,909 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/04/28 10:57:52 | 00,000,797 | ---- | M] ()
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/04/25 21:26:34 | 00,000,602 | ---- | M] ()
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [2009/04/25 01:12:47 | 00,000,664 | ---- | M] ()
tcpip.sys -> %SystemRoot%\System32\drivers\tcpip.sys -> [2009/04/24 16:52:17 | 00,361,600 | ---- | M] (Microsoft Corporation)
tcpip.sys -> %SystemRoot%\System32\dllcache\tcpip.sys -> [2009/04/24 16:52:17 | 00,361,600 | ---- | M] (Microsoft Corporation)
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [2009/04/24 10:55:11 | 00,000,993 | ---- | M] ()
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2009/04/23 22:39:08 | 00,001,649 | ---- | M] ()
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2009/04/23 21:42:53 | 00,292,253 | R--- | M] ()
Revo Uninstaller.lnk -> %UserProfile%\Desktop\Revo Uninstaller.lnk -> [2009/04/23 00:33:58 | 00,000,927 | ---- | M] ()
av_affiliate.ini -> %SystemRoot%\av_affiliate.ini -> [2009/04/22 21:18:05 | 00,000,043 | ---- | M] ()
as_affiliate.ini -> %SystemRoot%\as_affiliate.ini -> [2009/04/22 21:18:04 | 00,000,043 | ---- | M] ()
CDAVFS.sys -> %SystemRoot%\System32\drivers\CDAVFS.sys -> [2009/04/22 21:14:50 | 00,067,424 | ---- | M] (CyberDefender Corp.)
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2009/04/13 23:22:34 | 00,000,069 | ---- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/04/05 00:38:41 | 00,005,632 | ---- | M] ()
opa11.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2009/02/14 02:52:34 | 00,008,206 | ---- | M] ()
opa12.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [2009/01/15 00:24:59 | 00,008,206 | ---- | M] ()
daas_s.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\daas_s.dll -> [2008/02/27 15:59:28 | 00,495,616 | ---- | M] (F-Secure Corporation)
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\UACdkpamtusrnvspma.sys"
"group"="file system"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys\modules]
"UACd"="\\?\globalroot\systemroot\system32\drivers\UACdkpamtusrnvspma.sys"
"UACc"="\\?\globalroot\systemroot\system32\UACspaulqeexubrflo.dll"
"uacsr"="\\?\globalroot\systemroot\system32\UACyqxjgyfrqoqipay.dat"
"uaclog"="\\?\globalroot\systemroot\system32\UACnbpcbxiquxwbwfm.dll"
"uacmask"="\\?\globalroot\systemroot\system32\UACjotxxvhosrmmbpf.dll"
"uacserf"="\\?\globalroot\systemroot\system32\UACmlixttsesivsonm.dll"
"uacbbr"="\\?\globalroot\systemroot\system32\UACpinevsaksecfetc.dll"
"UACproc"="\\?\globalroot\systemroot\system32\UACnkievnfovpexart.log"
"uacurls"="\\?\globalroot\systemroot\system32\UACdkfcmwelruyvalt.log"
"uacerrors"="\\?\globalroot\systemroot\system32\UACdudqxekxmybyuwe.log"
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\system32\drivers\tcpip.sys:SummaryInformation 88 bytes
C:\WINDOWS\system32\drivers\tcpip.sys:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\WINDOWS\DirectX.log:SummaryInformation 88 bytes
C:\WINDOWS\DirectX.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 5
< Document and Settings folder & sub folders >
scanning hidden files ...
scan completed successfully
hidden files: 60
 
 
[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\DirectX.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> %SystemRoot%\system32\DRIVERS\tcpip.sys:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 88 bytes -> %SystemRoot%\DirectX.log:SummaryInformation
@Alternate Data Stream - 88 bytes -> %SystemRoot%\system32\DRIVERS\tcpip.sys:SummaryInformation
< End of report >

I known we're getting very close to clean.
Thanks,
nenotgmb

peku006 · May 4, 2009

Hi nenotgmb

I'm afraid I have some bad news for you. Your computer is infected with BACKDOOR TROJAN. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

Disconnect the computer from the Internet and from any networked computers until it is cleaned.
Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all youraccount numbers.
From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so. As long as you remember this: I can offer no assurances that the system will be secure afterwards.

To help you understand more, please take some time to read the following articles:

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

Should you have any questions please feel free to ask.

Please let me know what you have decided to do in your next post.

nenotgmb · May 7, 2009

Lobotomy

Peku006,

Yes, I will reformat and reinstall the OS. There's really no other option.

Does this trojan have a name?

Thanks so very much for your help and guidance.

Been busy changing accounts and passwords.

I'll let you know how the reformat went.

Best Regards,

nenothmb

peku006 · May 13, 2009

This thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.

No internet - Self inflected wound

nenotgmb

New member

peku006

Emeritus- Security Expert

nenotgmb

New member

peku006

Emeritus- Security Expert

nenotgmb

New member

peku006

Emeritus- Security Expert