Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Backdoor Trojan Bifrost keeps coming back [Closed]

Started by ignorantee , Jan 24 2009 10:13 AM

  • This topic is locked This topic is locked

#1
ignorantee
Posted 24 January 2009 - 10:13 AM

ignorantee

    New Member

  • Member
  • Pip
  • 9 posts
i posted a topic about is it safe to delete a folder or file from the Windows Registry?
(http://www.geekstogo...ry-t226305.html) and Anthony19 instructed me some things... so i followed his instructions...

anyways this is what i posted there:

Is it safe to delete a folder or file from the Windows Registry?

please, please help me with this thing....

im asking this question cuz my antivirus detected two backdoor trojan

Filename: A0046724.exe
Virus Name: Backdoor.Trojan
Original Location: C:\System Volume Information\_restore{F4ED0A51-841D-41B8-B065-638D9AAB47F8}\RP80\

Filename: Mot.exe
Virus Name: Backdoor.Trojan
Original Location: C:\Windows\system32\Bifrost\

and i did a little search on the net about Bifrost...
i found this sites http://www.extermina.../remove-bifrost and http://www.antispywa...ils.php?ID=1308....this sites help you out to remove Bifrost...

so i followed all the instructions on how to remove the files & how to remove it from the Windows Registry...

when i followed the instructions on how to remove it from the Windows Registry, it instructed me to delete the mention files but i did not found those files instead i found a folder that contains Mot, my question is... are these folders (Mot Folders) safe to delete???

here are the two folders:

HKEY_CURRENT_USER\SOFTWARE\Mot
on the right pane they were 3 Names:
1. Default
2. klg
3. plg

HKEY_LOCAL_MACHINE\SOFTWARE\Mot
on the right pane they were 2 Names:
1. Default
2. nck


Are these folders safe to delete from the Windows Registry?
if so please tell me cuz im really afraid that these virus will stole my passwords & any important information...

--------------------------------------------- http://www.geekstogo...ry-t226305.html ---------------------------------------------



i followed the instructions he told me...
and i followed the guidelines on You Must Read This Before Posting A Hijackthis Log, Malware Cleaning Guide...

when i run MBAM it detected two virus again namely:
C:\Windows\system32\Bifrost (Backdoor.Bifrose)
and
C:\Windows\system32\Bifrost\logg.dat (Backdoor.Bifrose)

so im asking again if the folder Mot from the Windows Registry safe to delete? cuz i was guessing that that folder is the virus cuz the first scan i did, the file name was Mot.exe...

can someone please help me... this virus keeps coming back.... and i don't know what else to do.... please help me...

below is my HijackThis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:20 PM, on 1/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\MegaIEMn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Multiply AutoUploader.lnk = D:\Multiply AutoUploader\Multiply AutoUploader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Multiply AutoUploader.lnk = D:\Multiply AutoUploader\Multiply AutoUploader.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Multiply AutoUploader.lnk = D:\Multiply AutoUploader\Multiply AutoUploader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 11337 bytes
  • 0

Advertisements

#2
Fred21543
Posted 24 January 2009 - 08:35 PM

Fred21543

    Member 1K

  • Member
  • PipPipPipPip
  • 1,351 posts
Hello ignorantee,

Welcome to Geeks to Go! My name is Fred21543 and I will be helping you fix your computer problem.

Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, so I ask for your patience.
Please stick with me until we get your computer cleaned up.

I'm currently analyzing your log now, and I'll post back with a fix ASAP. Thanks for your patience.
  • 0

#3
Fred21543
Posted 25 January 2009 - 06:15 PM

Fred21543

    Member 1K

  • Member
  • PipPipPipPip
  • 1,351 posts
Please do an online scan with Kaspersky WebScanner

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

  • 0

#4
ignorantee
Posted 28 January 2009 - 04:03 PM

ignorantee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, January 29, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, January 28, 2009 14:59:53
Records in database: 1720752
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 44955
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 04:22:53


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06CC0000.VBN Infected: Email-Worm.Win32.Brontok.q 1
C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.aj 1

The selected area was scanned.
  • 0

#5
Fred21543
Posted 28 January 2009 - 06:58 PM

Fred21543

    Member 1K

  • Member
  • PipPipPipPip
  • 1,351 posts
Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
:commands
[purity]
[emptytemp]
[start explorer]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#6
ignorantee
Posted 29 January 2009 - 05:12 AM

ignorantee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTMoveIt3 Logfile

========== FILES ==========
C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll unregistered successfully.
C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Kathleen\LOCALS~1\Temp\~DFF16D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Kathleen\LOCALS~1\Temp\etilqs_VrxK7TeTmNcfxtmnzcLU scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_214.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\XUL.mfl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01292009_183050

Files moved on Reboot...
C:\DOCUME~1\Kathleen\LOCALS~1\Temp\~DFF16D.tmp moved successfully.
File C:\DOCUME~1\Kathleen\LOCALS~1\Temp\etilqs_VrxK7TeTmNcfxtmnzcLU not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_214.dat not found!
C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\XUL.mfl moved successfully.
C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\urlclassifier3.sqlite moved successfully.

Edited by ignorantee, 29 January 2009 - 05:15 AM.

  • 0

#7
ignorantee
Posted 29 January 2009 - 05:17 AM

ignorantee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTListIt Logfile

OTListIt logfile created on: 1/29/2009 6:51:35 PM - Run
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\Kathleen\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.48 Mb Total Physical Memory | 106.47 Mb Available Physical Memory | 47.64% Memory free
546.13 Mb Paging File | 178.06 Mb Available in Paging File | 32.60% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 9.32 Gb Free Space | 50.03% Space Free | Partition Type: FAT32
Drive D: | 18.63 Gb Total Space | 4.93 Gb Free Space | 26.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PERSONAL-ECE16E
Current User Name: Kathleen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe (Symantec Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe (Symantec Corporation)
D:\iTunesHelper.exe (Apple Inc.)
C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
C:\Program Files\Vista Drive Icon\DrvIcon.exe (artArmin)
C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
C:\Program Files\VisualTooltip\VisualToolTip.exe (Christian Salmon)
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe (Symantec Corporation)
C:\Program Files\DAP\DAP.EXE (Speedbit Ltd.)
C:\Program Files\ViOrb\ViOrb.exe (Lee-Soft.com)
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
C:\Program Files\Vista Start Menu\VistaStartMenu.exe (OrdinarySoft)
C:\Program Files\ViStart\ViStart.exe (Lee Matthew Chantrey & Windows X)
C:\Program Files\VisualTooltip\VisualToolTip.exe (Christian Salmon)
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.)
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe (Speedbit Ltd.)
C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
D:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe (Yahoo! Inc.)
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (Speedbit Ltd.)
C:\Documents and Settings\Kathleen\Desktop\OTListIt2.exe (OldTimer Tools)

========== (O23) Win32 Services (SafeList) ==========

(Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
(aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
(Autodesk Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
(Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
(BthServ [Auto | Running]) -- C:\WINDOWS\System32\bthserv.dll (Microsoft Corporation)
(CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
(clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
(DefWatch [Auto | Running]) -- C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe (Symantec Corporation)
(getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
(helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
(iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
(JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
(Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
(NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
(NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
(Norton AntiVirus Server [Auto | Running]) -- C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe (Symantec Corporation)
(odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
(ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
(Pctspk [Auto | Running]) -- C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.)
(usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
(VideoAcceleratorService [Auto | Running]) -- C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe (Speedbit Ltd.)
(WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
(WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
(WudfSvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\WUDFSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

(ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
(BthEnum [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\BthEnum.sys (Microsoft Corporation)
(BTHMODEM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\bthmodem.sys (Microsoft Corporation)
(BthPan [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\bthpan.sys (Microsoft Corporation)
(BTHPORT [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BTHport.sys (Microsoft Corporation)
(BTHUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BTHUSB.sys (Microsoft Corporation)
(FETNDIS [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )
(gameenum [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys (Microsoft Corporation)
(GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
(NAVAP [On_Demand | Running]) -- C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys (Symantec Corporation)
(NAVAPEL [Auto | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS (Symantec Corporation)
(NAVENG [On_Demand | Running]) -- C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090122.020\NAVENG.sys (Symantec Corporation)
(NAVEX15 [On_Demand | Running]) -- C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090122.020\NAVEX15.sys (Symantec Corporation)
(Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
(Ptserlp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptserlp.sys (PCTEL, INC.)
(RFCOMM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rfcomm.sys (Microsoft Corporation)
(S3SavageNB [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\s3gnbm.sys (S3 Graphics, Inc.)
(sbbotdi [Auto | Running]) -- C:\PROGRA~1\SPEEDB~1\sbbotdi.sys (SpeedBit Ltd.)
(Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()
(SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
(usbvideo [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\usbvideo.sys (Microsoft Corporation)
(Vmodem [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\vmodem.sys (PCTEL, INC.)
(Vpctcom [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys (PCtel, Inc.)
(Vvoice [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\vvoice.sys (PCtel, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....Terms}&fr=yie7c
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/intl/en/
URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (801 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKCU\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe (artArmin)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "D:\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" (Speedbit Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe (Christian Salmon)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe (Symantec Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP (Speedbit Ltd.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe (Lee-Soft.com)
O4 - HKCU..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe (Lee Matthew Chantrey & Windows X)
O4 - HKCU..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe" (OrdinarySoft)
O4 - HKCU..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe (Christian Salmon)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\Kathleen\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Kathleen\Start Menu\Programs\Startup\Multiply AutoUploader.lnk = D:\Multiply AutoUploader\Multiply AutoUploader.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler: - about - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - cdl - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - dvd - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - file - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ftp - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - gopher - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - grooveLocalGWS - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - http - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http\0x00000001 - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - http\oledb - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - https\0x00000001 - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https\oledb - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - javascript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - livecall - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - local - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mailto - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mhtml - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mk - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-help - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ms-its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - res - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - skype4com - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler: - sysimage - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - tv - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - vbscript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - wia - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler: - wlmailhtml - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9}C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9}C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153}C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5}C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Browseui preloader) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Component Categories cache daemon) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = Explorer.exe
>C:\WINDOWS\Explorer.exe (Microsoft Corporation)

"UserInit" = C:\WINDOWS\system32\userinit.exe,
>C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

"UIHost" = vistaui.exe
>C:\WINDOWS\system32\vistaui.exe (Microsoft Corporation)

"VMApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl"
>C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
>C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)


========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
crypt32chain: "DllName" = crypt32.dll -- C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
cryptnet: "DllName" = cryptnet.dll -- C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
cscdll: "DllName" = cscdll.dll -- C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll ()
ScCertProp: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Schedule: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
sclgntfy: "DllName" = sclgntfy.dll -- C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
SensLogn: "DllName" = WlNotify.dll -- C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
termsrv: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
wlballoon: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders" = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
>C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
>C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
>C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,
>C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages" = kerberos,msv1_0,schannel,wdigest,
>C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
>C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
>C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
>C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
C:\AUTOEXEC.BAT () -- [ FAT32 ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eee55d0-a941-11dd-95bc-003018072533}\Shell\AutoRun\command]
"" = rsbrj.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eee55d0-a941-11dd-95bc-003018072533}\Shell\explore\Command]
"" = rsbrj.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eee55d0-a941-11dd-95bc-003018072533}\Shell\open\Command]
"" = rsbrj.exe

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/01/29 18:49:12 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kathleen\Desktop\OTListIt2.exe
[2009/01/29 18:35:03 | 00,393,112 | ---- | C] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2009/01/29 18:30:50 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/01/29 18:26:11 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kathleen\Desktop\OTMoveIt3.exe
[2009/01/28 17:36:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathleen\Application Data\Help
[2009/01/28 17:35:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathleen\Local Settings\Application Data\Help
[2009/01/24 22:49:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathleen\Application Data\Malwarebytes
[2009/01/24 22:48:59 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/24 22:48:58 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/24 22:48:54 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/24 22:48:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/24 22:48:50 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/24 22:43:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/01/24 22:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/24 22:40:38 | 00,000,515 | ---- | C] () -- C:\Documents and Settings\Kathleen\Desktop\NTREGOPT.lnk
[2009/01/24 22:40:38 | 00,000,496 | ---- | C] () -- C:\Documents and Settings\Kathleen\Desktop\ERUNT.lnk
[2009/01/24 22:40:32 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/01/24 22:37:48 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Kathleen\Desktop\erunt_setup.exe
[2009/01/23 16:38:03 | 00,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2009/01/23 16:37:52 | 00,000,373 | ---- | C] () -- C:\Documents and Settings\Kathleen\Desktop\Media Subtitler.lnk
[2009/01/23 16:16:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathleen\Desktop\plugins
[2009/01/23 15:17:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathleen\My Documents\Nero Home
[2009/01/21 19:11:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/01/21 18:54:44 | 00,076,214 | ---- | C] () -- C:\WINDOWS\Icon_3.ico
[2009/01/21 18:42:07 | 00,000,000 | ---D | C] -- C:\Program Files\TrueTransparency
[2009/01/21 18:42:04 | 00,000,000 | ---D | C] -- C:\Program Files\WinFlip
[2009/01/21 18:42:03 | 00,000,000 | ---D | C] -- C:\Program Files\ViStart
[2009/01/21 18:42:03 | 00,000,000 | ---D | C] -- C:\Program Files\ViOrb
[2009/01/21 18:42:02 | 00,000,000 | ---D | C] -- C:\Program Files\VisualTooltip
[2009/01/21 18:41:56 | 00,000,000 | ---D | C] -- C:\Program Files\Styler
[2009/01/21 18:41:54 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\LClock.cpl
[2009/01/21 18:41:54 | 00,000,000 | ---D | C] -- C:\Program Files\Vista Rainbar
[2009/01/21 18:41:53 | 00,000,000 | ---D | C] -- C:\Program Files\LClock
[2009/01/21 18:41:52 | 06,181,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vistaui.exe
[2009/01/21 18:41:52 | 00,049,208 | ---- | C] () -- C:\WINDOWS\System32\vistartup.bmp
[2009/01/21 18:41:52 | 00,000,000 | ---D | C] -- C:\Program Files\Vista Drive Icon
[2009/01/21 18:36:13 | 00,076,214 | ---- | C] () -- C:\WINDOWS\Icon_2.ico
[2009/01/21 18:35:50 | 00,000,610 | ---- | C] () -- C:\Documents and Settings\Kathleen\Desktop\vtp.sif
[2009/01/21 18:29:56 | 00,020,480 | ---- | C] (WindowsX Corporation) -- C:\WINDOWS\System32\scrnrdr.exe
[2009/01/21 18:04:18 | 00,001,253 | ---- | C] () -- C:\Documents and Settings\Kathleen\Desktop\My Completed Downloads.lnk
[2009/01/21 18:04:18 | 00,000,514 | ---- | C] () -- C:\Documents and Settings\Kathleen\Desktop\Download Accelerator Plus (DAP).lnk
[2009/01/21 17:44:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/01/21 17:34:50 | 00,000,000 | -HSD | C] -- C:\FOUND.001
[2009/01/19 21:23:18 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/19 21:22:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathleen\Application Data\skypePM
[2009/01/19 21:13:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathleen\Application Data\Skype
[2009/01/19 21:09:37 | 00,002,257 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/01/19 21:08:02 | 00,000,000 | ---D | C] -- C:\Program Files\Skype
[2009/01/19 21:07:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/01/19 21:03:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/01/18 13:34:54 | 00,000,524 | ---- | C] () -- C:\Documents and Settings\Kathleen\Start Menu\Programs\Startup\Multiply AutoUploader.lnk
[2009/01/18 13:34:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathleen\Application Data\com.Multiply.AutoUploader.C7DF09F73C2059D294831784007C5F0856677385.1
[2009/01/17 20:16:31 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/01/17 08:11:06 | 00,000,000 | -HSD | C] -- C:\FOUND.000
[2009/01/14 17:04:03 | 00,000,636 | ---- | C] () -- C:\Documents and Settings\Kathleen\Desktop\Free Mp3 Wma Converter.lnk
[2009/01/14 17:03:57 | 00,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMCT232.OCX
[2009/01/14 17:03:45 | 00,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2009/01/14 17:03:44 | 00,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll
[2009/01/14 17:03:44 | 00,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll
[2009/01/14 17:03:44 | 00,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll
[2009/01/14 17:03:43 | 01,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll
[2009/01/14 17:03:43 | 01,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll
[2009/01/14 17:03:43 | 00,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll
[2009/01/14 17:03:42 | 02,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll
[2009/01/14 17:03:42 | 00,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2009/01/14 17:03:42 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2009/01/14 17:03:42 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL
[2009/01/14 17:03:41 | 00,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTL32.OCX
[2009/01/14 17:03:41 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTFR.DLL
[2009/01/14 17:03:40 | 00,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2009/01/14 17:03:40 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2009/01/14 17:03:39 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscc2fr.dll
[2009/01/14 17:03:39 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2009/01/14 17:03:38 | 00,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/01/14 17:03:37 | 00,307,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2009/01/13 23:45:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathleen\Application Data\Megaupload
[2009/01/13 23:44:49 | 00,000,420 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mega Manager.lnk
[2009/01/13 23:43:31 | 00,000,000 | ---D | C] -- C:\downloads
[2009/01/13 23:43:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathleen\Application Data\EmailNotifier
[2009/01/13 23:43:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Megaupload
[2009/01/13 23:43:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2009/01/13 23:43:10 | 00,000,000 | ---D | C] -- C:\Program Files\MegauploadToolbar
[2009/01/13 23:43:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathleen\Application Data\MegauploadToolbar
[2009/01/13 23:41:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathleen\Application Data\InstallShield
[2009/01/04 17:27:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathleen\My Documents\Any Video Converter
[2009/01/04 17:26:48 | 00,000,497 | ---- | C] () -- C:\Documents and Settings\Kathleen\Desktop\Any Video Converter.lnk
[2009/01/04 17:26:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathleen\Application Data\Any Video Converter
[2009/01/04 15:05:45 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2009/01/04 15:05:45 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2009/01/04 14:58:44 | 00,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2009/01/04 14:57:10 | 00,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[2009/01/04 14:57:10 | 00,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2009/01/04 14:56:53 | 00,059,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2009/01/04 14:56:53 | 00,059,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rfcomm.sys
[2009/01/04 14:56:53 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BthEnum.sys
[2009/01/04 14:56:53 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2009/01/04 14:56:52 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll
[2009/01/04 14:56:52 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2009/01/04 14:56:51 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2009/01/04 14:56:51 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2009/01/04 14:56:51 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2009/01/04 14:56:51 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2009/01/04 14:56:30 | 00,274,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthport.sys
[2009/01/04 14:56:30 | 00,274,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/01/04 14:56:29 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BTHUSB.SYS
[2009/01/04 14:56:29 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2009/01/03 02:47:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathleen\My Documents\Icons and Cursors
[2009/01/03 02:47:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathleen\Local Settings\Application Data\Microangelo Toolset 6
[2009/01/01 06:08:31 | 00,359,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.sys.original.orbit
[2009/01/01 06:08:31 | 00,359,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys.original.orbit
[2009/01/01 06:02:07 | 00,000,502 | ---- | C] () -- C:\Documents and Settings\Kathleen\Desktop\Orbit.lnk
[2009/01/01 05:53:09 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/01/01 05:43:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathleen\Desktop\Cablenut
[2009/01/01 05:09:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kathleen\Application Data\Vista Start Menu
[2009/01/01 05:09:25 | 00,000,000 | ---D | C] -- C:\Program Files\Vista Start Menu
[2008/12/31 14:45:18 | 02,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe.zottel
[2008/12/31 14:45:17 | 02,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe.zottel
[2008/12/31 14:19:57 | 00,000,000 | ---D | C] -- C:\Program Files\ViSplore
[2008/12/31 13:36:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2008/12/31 13:36:16 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2008/12/31 13:34:14 | 00,000,000 | ---D | C] -- C:\alcvista
[2008/12/31 11:30:29 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/12/31 10:42:55 | 00,053,732 | ---- | C] () -- C:\WaxCrash.dmp
[2008/12/31 10:29:53 | 00,000,000 | ---D | C] -- C:\Program Files\DebugMode

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/01/29 18:49:44 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kathleen\Desktop\OTListIt2.exe
[2009/01/29 18:38:56 | 00,393,112 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2009/01/29 18:35:56 | 00,008,224 | ---- | M] () -- C:\Documents and Settings\Kathleen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/29 18:33:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/29 18:33:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/29 18:33:08 | 23,440,9984 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/29 18:32:20 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2009/01/29 18:27:22 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kathleen\Desktop\OTMoveIt3.exe
[2009/01/28 18:03:24 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\Kathleen\Desktop\Microsoft Office Word 2007.lnk
[2009/01/28 18:00:08 | 00,000,414 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Kathleen.job
[2009/01/28 17:03:14 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/26 09:55:50 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Kathleen\Desktop\Microsoft Office Excel 2007.lnk
[2009/01/25 03:01:40 | 00,359,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.sys
[2009/01/25 03:01:38 | 00,359,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2009/01/24 22:49:00 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/24 22:40:40 | 00,000,515 | ---- | M] () -- C:\Documents and Settings\Kathleen\Desktop\NTREGOPT.lnk
[2009/01/24 22:40:40 | 00,000,496 | ---- | M] () -- C:\Documents and Settings\Kathleen\Desktop\ERUNT.lnk
[2009/01/24 22:38:46 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Kathleen\Desktop\erunt_setup.exe
[2009/01/24 20:58:44 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/24 18:15:12 | 00,094,720 | ---- | M] () -- C:\Documents and Settings\Kathleen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/23 16:37:54 | 00,000,373 | ---- | M] () -- C:\Documents and Settings\Kathleen\Desktop\Media Subtitler.lnk
[2009/01/23 00:42:22 | 00,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI
[2009/01/21 21:40:56 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/01/21 18:54:46 | 00,076,214 | ---- | M] () -- C:\WINDOWS\Icon_3.ico
[2009/01/21 18:42:12 | 00,001,324 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vista Transformation Pack - Welcome Center.lnk
[2009/01/21 18:36:14 | 00,076,214 | ---- | M] () -- C:\WINDOWS\Icon_2.ico
[2009/01/21 18:35:52 | 00,000,610 | ---- | M] () -- C:\Documents and Settings\Kathleen\Desktop\vtp.sif
[2009/01/21 18:04:20 | 00,001,253 | ---- | M] () -- C:\Documents and Settings\Kathleen\Desktop\My Completed Downloads.lnk
[2009/01/21 18:04:20 | 00,000,514 | ---- | M] () -- C:\Documents and Settings\Kathleen\Desktop\Download Accelerator Plus (DAP).lnk
[2009/01/21 17:52:12 | 00,000,464 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VDownloader.lnk
[2009/01/21 17:46:14 | 00,000,524 | ---- | M] () -- C:\Documents and Settings\Kathleen\Start Menu\Programs\Startup\Multiply AutoUploader.lnk
[2009/01/19 21:23:20 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/14 17:04:04 | 00,000,636 | ---- | M] () -- C:\Documents and Settings\Kathleen\Desktop\Free Mp3 Wma Converter.lnk
[2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/13 23:44:50 | 00,000,420 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mega Manager.lnk
[2009/01/10 13:36:36 | 00,001,506 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/01/10 13:01:44 | 00,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/10 13:01:44 | 00,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/10 13:01:42 | 00,462,344 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/04 17:26:50 | 00,000,497 | ---- | M] () -- C:\Documents and Settings\Kathleen\Desktop\Any Video Converter.lnk
[2009/01/01 06:02:08 | 00,000,502 | ---- | M] () -- C:\Documents and Settings\Kathleen\Desktop\Orbit.lnk
[2008/12/31 14:49:56 | 01,161,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/31 14:46:10 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uxtheme.dll
[2008/12/31 11:29:10 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/12/31 11:29:10 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/12/31 10:43:12 | 00,053,732 | ---- | M] () -- C:\WaxCrash.dmp

========== LOP Check ==========

[2008/10/28 21:38:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/11/09 18:01:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/30 20:45:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/10/28 22:23:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2008/11/09 17:58:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/11/09 17:59:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/10/28 23:13:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/01/13 23:43:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2008/12/15 02:50:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/01/24 22:48:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/13 23:43:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Megaupload
[2008/10/28 21:38:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/10/28 22:40:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/10/28 22:21:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2008/10/30 20:01:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/11/16 01:14:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\scar5
[2009/01/19 21:03:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2008/10/30 21:28:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2008/10/28 22:36:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2008/10/30 21:28:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/28 23:42:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/11/08 18:26:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/11/05 20:44:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2008/11/22 22:46:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2008/12/15 02:55:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2008/11/17 09:03:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2008/10/28 21:38:34 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Kathleen\Application Data
[2008/10/30 19:38:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\Adobe
[2008/10/28 22:23:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\Ahead
[2009/01/04 17:26:22 | 00,000,000 | ---D | M] -- C:\Documents and
  • 0

#8
ignorantee
Posted 29 January 2009 - 05:24 AM

ignorantee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Continuation of OTListIt Logfile

[2009/01/04 17:26:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\Any Video Converter
[2008/11/09 18:02:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\Apple Computer
[2008/10/28 23:13:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\Autodesk
[2008/10/30 20:57:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/01/18 13:34:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\com.Multiply.AutoUploader.C7DF09F73C2059D294831784007C5F0856677385.1
[2009/01/13 23:43:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\EmailNotifier
[2008/10/30 22:24:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\FrostWire
[2008/12/15 02:51:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\Google
[2008/11/08 17:31:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\GrabPro
[2009/01/28 17:36:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\Help
[2008/10/28 21:58:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\Identities
[2009/01/13 23:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\InstallShield
[2008/11/09 20:26:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\InterVideo
[2008/10/28 22:31:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\Macromedia
[2009/01/24 22:49:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\Malwarebytes
[2009/01/13 23:45:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\Megaupload
[2009/01/13 23:43:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\MegauploadToolbar
[2008/10/28 21:38:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Kathleen\Application Data\Microsoft
[2008/10/30 18:26:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\Mozilla
[2008/11/08 17:31:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\Orbit
[2008/11/16 01:12:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\scar5
[2009/01/19 21:13:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\Skype
[2009/01/19 21:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\skypePM
[2008/10/31 10:25:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\Styler
[2008/10/30 22:17:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\Sun
[2008/10/31 00:14:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\uTorrent
[2009/01/01 05:09:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\Vista Start Menu
[2008/10/31 10:31:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\ViStart
[2008/11/17 09:14:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\ZoomBrowser EX
[2001/08/23 20:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/01/29 18:33:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/01/28 18:00:08 | 00,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Security Scan for Kathleen.job

========== Purity Check ==========

< End of report >
  • 0

#9
ignorantee
Posted 29 January 2009 - 05:26 AM

ignorantee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTListIt Extras Logfile

OTListIt Extras logfile created on: 1/29/2009 6:51:35 PM - Run
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\Kathleen\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.48 Mb Total Physical Memory | 106.47 Mb Available Physical Memory | 47.64% Memory free
546.13 Mb Paging File | 178.06 Mb Available in Paging File | 32.60% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 9.32 Gb Free Space | 50.03% Space Free | Partition Type: FAT32
Drive D: | 18.63 Gb Total Space | 4.93 Gb Free Space | 26.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PERSONAL-ECE16E
Current User Name: Kathleen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\DAP\DAP.EXE:*:Disabled:Download Accelerator Plus (DAP) (Speedbit Ltd.)
D:\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour (Apple Inc.)
D:\iTunes.exe:*:Disabled:iTunes (Apple Inc.)
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Disabled:VideoAccelerator (Speedbit Ltd.)
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger (Yahoo! Inc.)
D:\FrostWire\FrostWire.exe:*:Enabled:FrostWire (FrostWire Group)
C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE:*:Disabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger (Microsoft Corporation)
D:\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit (Orbitdownloader.com)
D:\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit (Orbitdownloader.com)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{257E440F-781F-459B-9A68-A0872B80C1D6}" = Windows Live Photo Gallery
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A6DCB18-3ECB-46DC-894B-5EFE08C0BD9B}" = Mega Manager
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7 Ultra Edition
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 0.77
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Any Video Converter_is1" = Any Video Converter 2.6.7
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CamStudio" = CamStudio
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Chikka (3.0.50) " = Chikka (3.0.50)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CSCLIB" = Canon Camera Support Core Library
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"DivXLand Media Subtitler" = DivXLand Media Subtitler
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"FrostWire" = FrostWire 4.17.2
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton PC Checkup" = Norton PC Checkup
"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)
"Orbit_is1" = Orbit Downloader
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"ShockwaveFlash" = Macromedia Flash Player 8
"Simple File Shredder" = Simple File Shredder 3.2
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"Thoosje Vista Sidebar" = Thoosje Vista Sidebar
"Vista Start Menu_is1" = Vista Start Menu 3.02
"Vista Transformation Pack" = Vista Transformation Pack 8.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/23/2009 4:17:30 AM | Computer Name = PERSONAL-ECE16E | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00bd1312.

Error - 1/23/2009 6:13:51 AM | Computer Name = PERSONAL-ECE16E | Source = Application Error | ID = 1000
Description = Faulting application visualtooltip.exe, version 2.2.0.0, faulting
module unknown, version 0.0.0.0, fault address 0x4c494146.

Error - 1/23/2009 8:48:42 AM | Computer Name = PERSONAL-ECE16E | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module explorer.exe, version 6.0.2900.2180, fault address 0x0000907e.

Error - 1/23/2009 9:35:58 AM | Computer Name = PERSONAL-ECE16E | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Backdoor.Trojan in File: C:\WINDOWS\system32\Bifrost\Mot.exe
by: Manual scan. Action: Quarantine succeeded : Virus Found!Virus name: Backdoor.Trojan
in File: C:\System Volume Information\_restore{F4ED0A51-841D-41B8-B065-638D9AAB47F8}\RP80\A0046724.exe
by: Manual scan. Action: Quarantine succeeded :

Error - 1/24/2009 2:42:59 AM | Computer Name = PERSONAL-ECE16E | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00cc1312.

Error - 1/24/2009 11:13:35 AM | Computer Name = PERSONAL-ECE16E | Source = Application Error | ID = 1000
Description = Faulting application visualtooltip.exe, version 2.2.0.0, faulting
module unknown, version 0.0.0.0, fault address 0x4c494146.

Error - 1/24/2009 11:13:35 AM | Computer Name = PERSONAL-ECE16E | Source = Application Error | ID = 1000
Description = Faulting application visualtooltip.exe, version 2.2.0.0, faulting
module unknown, version 0.0.0.0, fault address 0x4c494146.

Error - 1/24/2009 1:55:59 PM | Computer Name = PERSONAL-ECE16E | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00d01312.

Error - 1/28/2009 2:43:33 PM | Computer Name = PERSONAL-ECE16E | Source = Application Error | ID = 1000
Description = Faulting application visualtooltip.exe, version 2.2.0.0, faulting
module unknown, version 0.0.0.0, fault address 0x4c494146.

Error - 1/28/2009 5:55:55 PM | Computer Name = PERSONAL-ECE16E | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x018b1312.

[ System Events ]
Error - 1/9/2009 5:06:28 AM | Computer Name = PERSONAL-ECE16E | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the DNS Client service to
connect.

Error - 1/9/2009 5:06:39 AM | Computer Name = PERSONAL-ECE16E | Source = Service Control Manager | ID = 7000
Description = The DNS Client service failed to start due to the following error:
%%1053

Error - 1/10/2009 7:33:05 AM | Computer Name = PERSONAL-ECE16E | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 fa909944, parameter2 00000002, parameter3
00000000, parameter4 f7179a80.

Error - 1/21/2009 5:36:32 AM | Computer Name = PERSONAL-ECE16E | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 fbda81c4, parameter2 00000002, parameter3
00000000, parameter4 f7179a80.

Error - 1/28/2009 5:04:55 AM | Computer Name = PERSONAL-ECE16E | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 1/28/2009 5:04:55 AM | Computer Name = PERSONAL-ECE16E | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 1/28/2009 7:07:26 PM | Computer Name = PERSONAL-ECE16E | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 ff680f34, parameter2 00000002, parameter3
00000000, parameter4 f7345a80.

Error - 1/29/2009 6:34:25 AM | Computer Name = PERSONAL-ECE16E | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 1/29/2009 6:35:08 AM | Computer Name = PERSONAL-ECE16E | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the NMIndexingService service
to connect.

Error - 1/29/2009 6:35:08 AM | Computer Name = PERSONAL-ECE16E | Source = Service Control Manager | ID = 7000
Description = The NMIndexingService service failed to start due to the following
error: %%1053


< End of report >
  • 0

#10
Fred21543
Posted 29 January 2009 - 05:41 PM

Fred21543

    Member 1K

  • Member
  • PipPipPipPip
  • 1,351 posts
  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Please download FileLook by jpshortstuff from one of these mirrors:
Link 1
Link 2
  • Double-click FileLook.exe to run it.
  • Ensure that the BBCode Ouput checkbox is checked.
  • Copy the content of the following codebox into the main textfield:

    C:\WINDOWS\unvise32.exe
C:\WINDOWS\System32\scrnrdr.exe
C:\WINDOWS\MegaManager.INI
C:\WaxCrash.dmp
  • Click the FileLook button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at C:\fl_log.txt


Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :processes
explorer.exe
:reg
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eee55d0-a941-11dd-95bc-003018072533}\Shell\AutoRun\command]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eee55d0-a941-11dd-95bc-003018072533}\Shell\explore\Command]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eee55d0-a941-11dd-95bc-003018072533}\Shell\open\Command]
:files
:commands
[purity]
[emptytemp]
[start explorer]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


FrostWire and µTorrent are P2P Programs. P2P Programs are not recommended as the uses of them can vary legally from area to area, and they are a great way of acquiring all kinds of malicious software! Therefore I recommend you go to Start > Settings > Control Panel > Add/Remove Programs and remove these programs.
  • 0

Advertisements

#11
Rorschach112
Posted 04 February 2009 - 06:38 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#12
Fred21543
Posted 08 February 2009 - 02:01 PM

Fred21543

    Member 1K

  • Member
  • PipPipPipPip
  • 1,351 posts
Welcome back

Can I get the logs from my previous post here?
  • 0

#13
ignorantee
Posted 09 February 2009 - 09:53 AM

ignorantee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
FileLook Logfile

FileLook.exe v2.0 by jpshortstuff
Log created at 13:54 on 08/02/2009
==================================
FileLook - "unvise32.exe"

Filename: unvise32.exe
Path: C:\WINDOWS\
MD5: 84B4F61F59A421BD85D97B35D194B42B
Created: 08:38:03 on 23/01/2009
Modified: 02:13:04 on 17/12/1999
Size: 86016 bytes
Attributes: Archive
-------------------------
FileDescription: Uninstall application file
FileVersion: 3.1.1
ProductVersion: 3.1.1
OriginalFilename: UNINSTAL.EXE
InternalName: Installer VISE
ProductName: Installer VISE
CompanyName: MindVision Software
LegalCopyright: Copyright © MindVision Software 1995-2000
Comments:
==================================
FileLook - "scrnrdr.exe"

Filename: scrnrdr.exe
Path: C:\WINDOWS\System32\
MD5: DB365B93EC9816503298BDE342C4F8AE
Created: 10:29:56 on 21/01/2009
Modified: 15:22:54 on 11/11/2008
Size: 20480 bytes
Attributes: Archive
-------------------------
FileDescription: ResWriter
FileVersion: 1.00
ProductVersion: 1.00
OriginalFilename: ResWriter.exe
InternalName: ResWriter.exe
ProductName: ResWriter
CompanyName: WindowsX Corporation
LegalCopyright: Copyright © WindowsX Corporation. All rights reserved.
==================================
FileLook - "MegaManager.INI"

Filename: MegaManager.INI
Path: C:\WINDOWS\
MD5: 59F1080EF324BDD5A63975AB721247B3
Created: 12:16:31 on 17/01/2009
Modified: 16:42:22 on 22/01/2009
Size: 50 bytes
Attributes: Archive
-------------------------
==================================
FileLook - "WaxCrash.dmp"

Filename: WaxCrash.dmp
Path: C:\
MD5: 9CD0C4A1A57833838307E3D9F551FF98
Created: 02:42:55 on 31/12/2008
Modified: 02:43:12 on 31/12/2008
Size: 53732 bytes
Attributes: Archive
-------------------------

==============================

=EOF=





OTMoveIt3 Logfile

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eee55d0-a941-11dd-95bc-003018072533}\Shell\AutoRun\command\\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eee55d0-a941-11dd-95bc-003018072533}\Shell\explore\Command\\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eee55d0-a941-11dd-95bc-003018072533}\Shell\open\Command\\ not found.
========== FILES ==========
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Kathleen\LOCALS~1\Temp\~DF6639.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Kathleen\LOCALS~1\Temp\etilqs_bNJ0dTJKMSBKfpLFL5tz scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_ac.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\XUL.mfl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02092009_232646

Files moved on Reboot...
C:\DOCUME~1\Kathleen\LOCALS~1\Temp\~DF6639.tmp moved successfully.
File C:\DOCUME~1\Kathleen\LOCALS~1\Temp\etilqs_bNJ0dTJKMSBKfpLFL5tz not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_ac.dat not found!
C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\XUL.mfl moved successfully.
C:\Documents and Settings\Kathleen\Local Settings\Application Data\Mozilla\Firefox\Profiles\m6oqai0x.default\urlclassifier3.sqlite moved successfully.
  • 0

#14
Fred21543
Posted 10 February 2009 - 03:01 PM

Fred21543

    Member 1K

  • Member
  • PipPipPipPip
  • 1,351 posts
Can I get a fresh HijackThis log and ask what problems you are having with this computer?
  • 0

#15
ignorantee
Posted 10 February 2009 - 08:02 PM

ignorantee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
HijackThis Logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:35 AM, on 2/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
D:\iTunesHelper.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\PROGRA~1\SPEEDB~1\vaproxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\MegaIEMn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Orbitdownloader\GrabPro.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Multiply AutoUploader.lnk = D:\Multiply AutoUploader\Multiply AutoUploader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Multiply AutoUploader.lnk = D:\Multiply AutoUploader\Multiply AutoUploader.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Multiply AutoUploader.lnk = D:\Multiply AutoUploader\Multiply AutoUploader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 11328 bytes


my other computer problems:

1. always having this error every time i open windows explorer or my computer:
http://www.photohost...6yhunj6lr6n.jpg

2. DrWatson Postmortem Debugger pops out every now and then:
DrWatson Postmortem Debugger has encountered a problem and needs to close... etc....

3. my dad's pen drive has 2 virus which cannot be deleted even if i reformat it:
Virus Name: W32.Gammima.AG and W32.SillyDC

4. another 5 virus was detected by kaspersky online scanner:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, February 11, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, February 11, 2009 03:40:18
Records in database: 1780598
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 49628
Threat name: 4
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 02:16:21


File name / Threat name / Threats count
C:\WINDOWS\system32\scrnrdr.exe Infected: Trojan.Win32.Agent2.cdb 1
C:\WINDOWS\system32\viwc.exe Infected: Trojan.Win32.Agent2.cdb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06CC0000.VBN Infected: Email-Worm.Win32.Brontok.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A600001.VBN Infected: Trojan-GameThief.Win32.Magania.aayk 1
C:\_OTMoveIt\MovedFiles\01292009_183050\Program Files\MegauploadToolbar\megauploadtoolbar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.aj 1

The selected area was scanned.

Edited by ignorantee, 11 February 2009 - 03:43 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP