Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Internet Explorer Redirect Malware


  • This topic is locked This topic is locked
34 replies to this topic

#1 nickkmet

nickkmet

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 30 October 2008 - 08:25 PM

When i use internet explorer, anytime i type anything into the URL bar, i am redirected to a "fake" google search page. From that page, if i click on any links, it redirects me to advertisements or other "fake" search engines. I have run Malwarebyte numerous times, and it always deletes these two files:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata
HKEY_LOCAL_MACHINE\SOFTWARE\tdss

After those files have been deleted, the browser problem no longer exists. But the next time i restart or turn on my computer, the same files reappear, and have to be deleted again by Malwarebyte. My best guess is that there is some kind of hidden .exe file re-installing them every time i boot up. So, here's my hijackthis log. I greatly appreciate any help you can give me.


***edit***
after doing further research, i think it might be this file/process: O18 - Filter hijack: text/html - {0d27a03f-59e0-4e22-82de-a8873bcc27c1} - C:\WINDOWS\system32\msiebbar.dll

unfortunately, when i actually try to search for the file in the system 32 folder, it's not there. I have no idea how to remove it either. anyways, please check the rest of the log in case i'm wrong.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:13 PM, on 10/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1225170757578
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter hijack: text/html - {0d27a03f-59e0-4e22-82de-a8873bcc27c1} - C:\WINDOWS\system32\msiebbar.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6778 bytes

Edited by nickkmet, 31 October 2008 - 12:30 AM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:49 AM

Posted 31 October 2008 - 07:24 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

First let's get a more detailed log so we can determine the best plan of attack for you.
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 nickkmet

nickkmet
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 31 October 2008 - 06:23 PM

Alright, here's the OTViewIT.txt Log

OTViewIt logfile created on: 10/31/2008 4:19:59 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.79 Mb Total Physical Memory | 328.36 Mb Available Physical Memory | 32.10% Memory free
2.41 Gb Paging File | 1.84 Gb Available in Paging File | 76.33% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 67.13 Gb Free Space | 36.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NANCY-561AA26BC
Current User Name: Nicholas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/08/22 13:14:10 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2008/10/22 19:28:07 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2006/08/07 21:57:13 | 00,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
[2007/11/25 14:43:48 | 00,071,168 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe
[2008/09/08 07:50:32 | 00,198,944 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
[2008/06/21 11:39:08 | 00,792,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/07/18 07:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2008/07/09 13:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2008/06/20 04:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2008/07/09 16:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2008/07/09 13:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
[2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2007/11/01 16:14:12 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
[2008/07/11 17:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2008/10/01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
[2008/06/13 17:27:34 | 02,752,512 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe
[2008/10/29 16:40:48 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2008/09/16 11:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/10/28 01:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe
[2008/06/20 04:01:18 | 00,605,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2008/10/28 01:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/10/28 01:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/10/28 01:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/10/28 01:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/10/28 01:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/07/11 17:49:20 | 00,558,808 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcupdate.exe
[2008/10/31 16:19:17 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\Downloads\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/08/22 13:14:10 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2008/03/09 16:06:26 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])
[2008/10/22 19:28:07 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2006/08/07 21:57:13 | 00,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe -- (LicCtrlService [Auto | Running])
[2007/11/25 14:43:48 | 00,071,168 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe -- (LxrJD31s [Auto | Running])
[2008/09/08 07:50:32 | 00,198,944 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
[2008/06/21 11:39:08 | 00,792,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/07/18 07:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2008/06/20 12:10:22 | 00,361,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2008/07/09 13:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2008/06/20 04:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2008/06/20 04:01:18 | 00,605,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2008/07/09 16:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2008/07/09 13:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe -- (MSK80Service [Auto | Running])
[2007/07/28 08:33:02 | 00,910,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MWL\MwlSvc.exe -- (MWLSvc [On_Demand | Stopped])
[2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/11/01 16:14:12 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Disabled | Stopped])
[2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2003/11/04 22:26:02 | 00,645,392 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
[2003/11/18 18:13:54 | 00,366,160 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
[2003/10/13 19:17:56 | 00,332,800 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
[2003/10/07 18:08:12 | 00,006,096 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
[2003/10/07 18:09:10 | 00,130,288 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2004/08/22 15:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus [Boot | Running])
[2004/08/22 15:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt [Boot | Running])
[2003/10/13 01:42:12 | 00,145,488 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
[2008/04/13 10:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2003/10/21 01:26:08 | 00,904,496 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
[2003/10/21 01:23:44 | 00,148,432 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k [On_Demand | Running])
[2004/08/04 04:00:00 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame [On_Demand | Stopped])
[2001/08/17 13:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir [On_Demand | Running])
[2008/04/13 10:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/11/25 14:43:48 | 00,069,824 | ---- | M] () -- C:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d [Auto | Running])
[2008/06/27 05:08:40 | 00,079,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2008/06/27 05:08:40 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2008/06/27 05:08:40 | 00,207,656 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2008/06/20 04:41:38 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Running])
[2008/06/27 05:08:40 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2008/06/02 13:55:42 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 13:02:40 | 00,035,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame [On_Demand | Stopped])
[2001/08/17 06:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Stopped])
[2007/12/05 01:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2003/10/07 18:06:50 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2003/01/22 04:37:00 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2003/03/05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfDetNT [Auto | Running])
[2003/03/05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT [Auto | Stopped])
[2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/02/22 18:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])
[2001/08/23 11:00:00 | 00,022,400 | ---- | M] () -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid [System | Running])
[2008/04/13 10:40:48 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port [Boot | Running])
[2007/11/13 00:47:45 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/08/10 04:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2005/05/16 05:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005/09/29 09:01:51 | 00,066,048 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
[2004/08/04 04:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2006/05/15 16:24:50 | 00,086,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\WscNetDr.sys -- (WscNetDr [On_Demand | Running])
[2003/12/22 14:32:00 | 00,176,256 | R--- | M] (Marvell Semiconductor Inc.) -- C:\WINDOWS\system32\drivers\yukonx86.sys -- (yukonx86 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.google.com/
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.msn.com/

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://www.google.com/
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com/
"Start Page"=http://www.msn.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com/
"Start Page"=http://www.msn.com/

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (268233 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9285 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" (HKLM) -- c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll File not found

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent (Electronic Arts)
"Google Update"="C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent (Electronic Arts)
"Google Update"="C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========

[2004/07/28 16:30:06 | 00,098,304 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk = C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"AllowLegacyWebView"=1
"AllowUnhashedWebView"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)
Open in new background tab: C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui [2007/10/19 11:18:16 | 00,112,640 | ---- | M] (Microsoft Corporation)
Open in new foreground tab: C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui [2007/10/19 11:18:16 | 00,112,640 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)
Open in new background tab: C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui [2007/10/19 11:18:16 | 00,112,640 | ---- | M] (Microsoft Corporation)
Open in new foreground tab: C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui [2007/10/19 11:18:16 | 00,112,640 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
Open in new background tab: Reg Error: Key does not exist or could not be opened. File not found
Open in new foreground tab: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
Open in new background tab: Reg Error: Key does not exist or could not be opened. File not found
Open in new foreground tab: Reg Error: Key does not exist or could not be opened. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{9455301C-CF6B-11D3-A266-00C04F689C50} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Encarta Researcher\EROPROJ.DLL [Encarta &Researcher] -> [2002/11/27 11:29:56 | 00,344,064 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{9455301C-CF6B-11D3-A266-00C04F689C50} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Encarta Researcher\EROPROJ.DLL [Encarta &Researcher] -> [2002/11/27 11:29:56 | 00,344,064 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{9455301C-CF6B-11D3-A266-00C04F689C50} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Encarta Researcher\EROPROJ.DLL [Encarta &Researcher] -> [2002/11/27 11:29:56 | 00,344,064 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{9455301C-CF6B-11D3-A266-00C04F689C50} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Encarta Researcher\EROPROJ.DLL [Encarta &Researcher] -> [2002/11/27 11:29:56 | 00,344,064 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: -- Reg Error: Key does not exist or could not be opened.
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{233C1507-6A77-46A4-9443-F871F945D258}: http://fpdownload.macromedia.com/pub/shock...director/sw.cab -- Shockwave ActiveX Control
{2917297F-F02B-4B9D-81DF-494B6333150B}: http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab -- Minesweeper Flags Class
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab -- McAfee.com Operating System Class
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1225170757578 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}: http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab -- MessengerStatsClient Class
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab -- MSN Games - Installer
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{153DEBBC-28F3-4EAB-B0E7-A6771B3CB33A} (Servers: | Description: )
{2BA53558-AFDA-4D81-BA58-6A2DA1F32598} (Servers: | Description: 1394 Net Adapter)
{5DB568E6-5E2F-48BC-90C1-DEB0A83F6691} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/09/30 16:32:21 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{188a6cd6-ea65-11dc-8262-00138ff67e60}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{188a6cd6-ea65-11dc-8262-00138ff67e60}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{188a6cd6-ea65-11dc-8262-00138ff67e60}\Shell\AutoRun\command]
""=D:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{861c34c0-6cfb-11da-8357-00112f708bd0}\Shell\AutoRun\command]
""=D:\JDSecure\Windows\JDSecure31.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c91581-33be-11db-9330-00112f708bd0}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c91581-33be-11db-9330-00112f708bd0}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c91581-33be-11db-9330-00112f708bd0}\Shell\AutoRun\command]
""=D:\setup.EXE -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c91581-33be-11db-9330-00112f708bd0}\Shell\dxsetup\command]
""=D:\directx\dxsetup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c91581-33be-11db-9330-00112f708bd0}\Shell\Register\command]
""=extras\runshell http://www.microsoft.com/games/product_registration/cfs3/


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c91581-33be-11db-9330-00112f708bd0}\Shell\setup\command]
""=D:\setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c91581-33be-11db-9330-00112f708bd0}\Shell\Web\command]
""=extras\runshell http://www.microsoft.com/games/cfs3/


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e40dd3b6-ee34-11dc-826b-00138ff67e60}\Shell\AutoRun\command]
""=wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command]
""=D:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[13 C:\WINDOWS\*.tmp files]
[2008/10/30 22:25:41 | 00,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\FileASSASSIN.lnk
[2008/10/30 22:25:41 | 00,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2008/10/29 19:53:42 | 00,000,000 | ---D | C] -- C:\OTScanIt
[2008/10/29 19:14:54 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\From the trailers.doc
[2008/10/29 19:09:49 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Desktop\SpywareBlaster.lnk
[2008/10/29 19:09:48 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2008/10/29 19:09:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Desktop\OTScanIt
[2008/10/29 19:08:44 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Desktop\HijackThis.lnk
[2008/10/29 19:08:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/29 17:54:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\windows_update.exe
[2008/10/29 16:31:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Mozilla
[2008/10/28 19:11:46 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/10/28 19:11:46 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2008/10/28 19:11:46 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2008/10/28 19:11:46 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/10/28 19:11:46 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/10/28 19:11:46 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/10/28 19:11:46 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/10/28 19:11:46 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/10/28 19:11:46 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/10/28 15:05:54 | 00,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2008/10/28 15:05:46 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/28 15:05:45 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/28 15:05:44 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/28 15:05:44 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/28 15:05:43 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/28 15:05:34 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/10/28 15:05:26 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2008/10/28 15:05:25 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/10/28 15:04:39 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/28 14:24:43 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/28 14:21:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/27 22:33:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/10/27 22:28:59 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2008/10/27 22:28:58 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2008/10/27 22:28:58 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2008/10/27 22:28:58 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2008/10/27 22:28:58 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2008/10/27 22:28:57 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2008/10/27 22:28:57 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2008/10/27 22:28:57 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2008/10/27 22:28:57 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2008/10/27 22:28:57 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2008/10/27 22:28:57 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2008/10/27 22:28:57 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2008/10/27 22:28:57 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2008/10/27 22:28:57 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2008/10/27 22:28:57 | 00,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2008/10/27 22:28:57 | 00,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2008/10/27 22:28:57 | 00,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2008/10/27 22:28:56 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2008/10/27 22:28:56 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2008/10/27 22:28:56 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2008/10/27 22:28:56 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2008/10/27 22:28:56 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2008/10/27 22:28:56 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2008/10/27 22:28:56 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2008/10/27 22:28:56 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2008/10/27 22:28:56 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2008/10/27 22:28:56 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2008/10/27 22:28:56 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2008/10/27 22:28:52 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2008/10/27 22:28:52 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2008/10/27 22:28:52 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2008/10/27 22:28:47 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2008/10/27 22:28:47 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2008/10/27 22:28:47 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2008/10/27 22:28:47 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2008/10/27 22:28:47 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2008/10/27 22:28:47 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2008/10/27 22:28:46 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2008/10/27 22:28:46 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2008/10/27 22:28:46 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2008/10/27 22:28:46 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2008/10/27 22:28:41 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2008/10/27 22:28:41 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2008/10/27 22:28:40 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2008/10/27 22:28:35 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2008/10/27 22:28:33 | 00,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2008/10/27 22:28:28 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2008/10/27 22:28:28 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2008/10/27 22:28:28 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2008/10/27 22:28:28 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2008/10/27 22:28:28 | 00,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2008/10/27 22:28:28 | 00,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2008/10/27 22:28:28 | 00,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2008/10/27 22:28:28 | 00,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2008/10/27 22:28:28 | 00,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2008/10/27 22:28:28 | 00,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2008/10/27 22:28:28 | 00,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2008/10/27 22:28:28 | 00,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2008/10/27 22:28:28 | 00,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2008/10/27 22:28:28 | 00,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2008/10/27 22:28:28 | 00,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2008/10/27 22:28:28 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2008/10/27 22:28:22 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2008/10/27 22:28:20 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2008/10/27 22:28:20 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2008/10/27 22:28:15 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/10/27 22:28:15 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/10/27 22:28:05 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2008/10/27 22:28:04 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2008/10/27 22:28:04 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2008/10/27 22:28:04 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2008/10/27 22:28:00 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2008/10/27 22:27:51 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2008/10/27 22:27:41 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2008/10/27 22:27:38 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2008/10/27 22:27:36 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2008/10/27 22:27:36 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2008/10/27 22:27:36 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2008/10/27 22:27:36 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2008/10/27 22:27:35 | 00,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2008/10/27 22:27:35 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2008/10/27 22:27:35 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2008/10/27 22:27:35 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2008/10/27 22:27:35 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2008/10/27 22:27:35 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2008/10/27 22:27:33 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2008/10/27 20:11:19 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2008/10/27 20:11:19 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2008/10/27 20:11:18 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2008/10/27 20:11:18 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2008/10/27 20:11:18 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2008/10/27 20:11:17 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2008/10/27 20:11:16 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2008/10/27 20:11:16 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2008/10/27 20:11:14 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2008/10/27 20:11:13 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2008/10/27 20:11:13 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2008/10/27 20:11:10 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2008/10/27 20:11:10 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2008/10/27 20:11:09 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2008/10/27 20:11:07 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2008/10/27 20:11:07 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2008/10/27 20:11:07 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2008/10/27 20:11:07 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2008/10/27 20:11:07 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2008/10/27 20:11:06 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2008/10/27 20:11:06 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2008/10/27 20:11:06 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2008/10/27 20:11:02 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2008/10/27 20:10:59 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2008/10/27 20:10:59 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2008/10/27 20:10:58 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2008/10/27 20:10:57 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2008/10/27 20:10:57 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2008/10/27 20:10:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2008/10/27 20:10:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2008/10/27 20:10:56 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2008/10/27 20:10:56 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2008/10/27 20:10:56 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2008/10/27 20:10:56 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2008/10/27 20:10:56 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2008/10/27 20:10:56 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2008/10/27 20:10:56 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2008/10/27 20:10:56 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2008/10/27 20:10:56 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2008/10/27 20:10:56 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2008/10/27 20:10:55 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2008/10/27 20:10:55 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2008/10/27 20:10:55 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2008/10/27 20:10:55 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2008/10/27 20:10:50 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2008/10/27 20:10:50 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2008/10/27 20:10:48 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2008/10/27 20:10:48 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2008/10/27 20:10:46 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2008/10/27 20:10:45 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2008/10/27 20:10:45 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2008/10/27 20:10:42 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2008/10/27 20:10:42 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2008/10/27 20:10:42 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2008/10/27 20:10:39 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2008/10/27 20:10:39 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2008/10/27 20:10:39 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2008/10/27 20:10:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2008/10/27 20:10:38 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2008/10/27 20:10:38 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2008/10/27 20:10:38 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2008/10/27 20:10:38 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2008/10/27 20:10:37 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2008/10/27 20:10:37 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2008/10/27 20:10:36 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2008/10/27 20:10:36 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2008/10/27 20:10:36 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2008/10/27 20:10:31 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2008/10/27 20:10:26 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2008/10/27 20:10:20 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2008/10/27 20:10:20 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2008/10/27 20:10:12 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2008/10/27 20:10:12 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2008/10/27 20:10:10 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2008/10/27 20:10:08 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2008/10/27 20:10:08 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2008/10/27 20:10:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2008/10/27 20:10:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2008/10/27 20:10:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2008/10/27 20:10:06 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2008/10/27 20:10:06 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2008/10/27 20:10:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2008/10/27 20:10:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2008/10/27 20:10:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2008/10/27 20:10:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2008/10/27 20:10:05 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2008/10/27 20:10:05 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2008/10/27 20:10:05 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2008/10/27 20:10:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2008/10/27 20:10:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2008/10/27 20:10:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2008/10/27 20:10:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2008/10/27 20:10:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2008/10/27 20:10:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2008/10/27 20:10:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2008/10/27 20:10:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2008/10/27 20:10:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2008/10/27 20:10:04 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2008/10/27 20:10:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2008/10/27 20:10:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2008/10/27 20:10:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2008/10/27 20:10:03 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2008/10/27 20:10:03 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2008/10/27 20:10:02 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2008/10/27 20:10:02 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2008/10/27 20:10:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2008/10/27 20:10:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2008/10/27 20:10:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2008/10/27 20:09:59 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2008/10/27 20:09:59 | 00,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2008/10/27 20:09:59 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2008/10/27 20:09:58 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2008/10/27 20:09:58 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2008/10/27 20:09:58 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2008/10/27 20:09:58 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2008/10/27 20:09:58 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2008/10/27 20:09:58 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2008/10/27 20:09:58 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2008/10/27 20:09:58 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2008/10/27 20:09:57 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2008/10/27 20:09:57 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2008/10/27 20:09:57 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2008/10/27 20:09:57 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2008/10/27 20:09:57 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2008/10/27 20:09:57 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2008/10/27 20:09:57 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2008/10/27 20:09:57 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2008/10/27 20:09:56 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2008/10/27 20:09:56 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2008/10/27 20:09:56 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2008/10/27 20:09:56 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2008/10/27 20:09:56 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2008/10/27 20:09:56 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2008/10/27 20:09:56 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2008/10/27 20:09:52 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2008/10/27 20:09:49 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2008/10/27 20:09:46 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2008/10/27 20:09:44 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2008/10/27 20:09:44 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2008/10/27 20:09:42 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2008/10/27 20:09:42 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2008/10/27 20:09:41 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2008/10/27 20:09:41 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2008/10/27 20:09:40 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2008/10/27 20:09:39 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2008/10/27 20:09:38 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2008/10/27 20:09:37 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2008/10/27 20:09:37 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2008/10/27 20:09:37 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2008/10/27 20:09:37 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2008/10/27 20:09:30 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2008/10/27 20:09:28 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2008/10/27 20:09:28 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2008/10/27 20:09:26 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2008/10/27 20:09:26 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2008/10/27 20:09:26 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2008/10/27 20:09:26 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2008/10/27 20:09:25 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2008/10/27 20:09:25 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2008/10/27 20:09:25 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2008/10/27 20:09:25 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2008/10/27 20:09:24 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2008/10/27 20:09:24 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2008/10/27 20:09:24 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2008/10/27 20:09:24 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2008/10/27 20:09:24 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2008/10/27 20:09:23 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2008/10/27 20:09:23 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2008/10/27 20:09:23 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2008/10/27 20:09:12 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2008/10/27 20:09:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2008/10/27 20:04:10 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2008/10/27 20:04:10 | 00,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irda.sys
[2008/10/27 20:04:10 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll
[2008/10/27 20:04:09 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2008/10/27 20:02:46 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irsir.sys
[2008/10/27 20:00:26 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2008/10/27 20:00:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\NV692388.TMP
[2008/10/27 19:59:06 | 00,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rasirda.sys
[2008/10/27 19:54:35 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2008/10/27 19:54:35 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2008/10/27 19:54:35 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2008/10/27 19:54:35 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2008/10/27 19:54:22 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2008/10/27 19:54:22 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2008/10/27 19:54:22 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2008/10/27 19:54:22 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2008/10/27 19:54:22 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2008/10/27 19:54:22 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2008/10/27 19:12:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2008/10/27 18:57:31 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/10/27 18:43:51 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2008/10/27 18:32:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\NV700500.TMP
[2008/10/27 18:25:46 | 00,389,649 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2008/10/27 17:38:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2008/10/27 17:27:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Application Data\Uniblue
[2008/10/27 16:38:57 | 00,031,056 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2008/10/27 16:38:57 | 00,031,056 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2008/10/27 16:38:57 | 00,030,528 | ---- | C] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2008/10/27 16:38:57 | 00,030,528 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2008/10/27 16:38:57 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/10/27 16:38:57 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2008/10/27 16:38:57 | 00,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
[2008/10/27 16:38:57 | 00,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
[2008/10/27 16:23:05 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2008/10/27 16:20:48 | 00,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/26 20:36:08 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/10/26 20:35:59 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/10/26 20:13:58 | 00,000,208 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/26 19:35:59 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/10/26 19:35:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2008/10/26 16:54:06 | 00,010,240 | ---- | C] () -- C:\WINDOWS\brastk.exe
[2008/10/22 18:57:10 | 00,053,000 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/10/22 16:37:27 | 00,000,961 | ---- | C] () -- C:\WINDOWS\STBC.ini
[2008/10/18 14:27:15 | 00,613,716 | ---- | C] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\recommendationWHITWORTH.pdf
[2008/10/18 14:26:39 | 00,126,046 | ---- | C] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\recommendation UPORTLAND.pdf
[2008/10/18 14:26:26 | 00,500,384 | ---- | C] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\transcript COMINES.pdf
[2008/10/14 17:07:58 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\QUESTIONS 2.doc
[2008/10/12 16:36:06 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\QofS.doc
[2008/10/08 20:32:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/08 20:29:35 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[13 C:\WINDOWS\*.tmp files]
[2008/10/31 15:50:49 | 00,000,615 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\My Sharing Folders.lnk
[2008/10/31 15:49:57 | 00,008,192 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2008/10/31 15:49:23 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/31 15:49:03 | 00,000,769 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2008/10/31 15:48:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/31 15:48:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/30 22:37:19 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2008/10/30 22:37:19 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2008/10/30 22:37:19 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2008/10/30 22:37:19 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2008/10/30 22:37:19 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/10/30 22:37:19 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2008/10/30 22:37:19 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
[2008/10/30 22:37:19 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
[2008/10/30 22:27:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/10/30 22:25:41 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\FileASSASSIN.lnk
[2008/10/29 21:42:12 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\From the trailers.doc
[2008/10/29 19:57:03 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/10/29 19:57:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/10/29 19:36:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\windows_update.exe
[2008/10/29 19:09:49 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Desktop\SpywareBlaster.lnk
[2008/10/29 19:08:44 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Desktop\HijackThis.lnk
[2008/10/29 17:14:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/29 17:08:29 | 00,268,233 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/29 15:52:06 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/28 22:23:12 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/28 19:17:48 | 00,000,079 | -HS- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\desktop.ini
[2008/10/28 19:17:14 | 00,258,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/28 19:15:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/10/28 19:15:46 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/10/28 14:26:13 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/10/28 14:25:49 | 00,469,596 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/28 14:25:49 | 00,400,464 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/28 14:25:49 | 00,060,624 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/27 20:12:55 | 00,032,571 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/10/27 20:08:23 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini
[2008/10/27 20:08:16 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/10/27 20:08:16 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/10/27 20:07:59 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/27 20:06:46 | 00,000,682 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/27 20:06:16 | 00,022,748 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/27 20:04:07 | 00,000,210 | -HS- | M] () -- C:\boot.ini
[2008/10/27 19:54:40 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/27 19:54:24 | 00,000,138 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\desktop.ini
[2008/10/27 19:54:24 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
[2008/10/27 18:57:36 | 00,389,649 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2008/10/27 17:41:14 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2008/10/27 17:31:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/10/27 17:31:16 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/10/27 16:23:20 | 00,013,588 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2008/10/27 16:02:55 | 00,000,208 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/10/26 20:30:21 | 00,268,233 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081029-170829.backup
[2008/10/26 20:30:21 | 00,268,233 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081029-170627.backup
[2008/10/26 16:54:06 | 00,010,240 | ---- | M] () -- C:\WINDOWS\brastk.exe
[2008/10/22 19:26:18 | 00,000,961 | ---- | M] () -- C:\WINDOWS\STBC.ini
[2008/10/22 18:57:10 | 00,053,000 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/10/18 14:27:15 | 00,613,716 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\recommendationWHITWORTH.pdf
[2008/10/18 14:26:39 | 00,126,046 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\recommendation UPORTLAND.pdf
[2008/10/18 14:26:26 | 00,500,384 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\transcript COMINES.pdf
[2008/10/15 08:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 08:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/14 17:07:58 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\QUESTIONS 2.doc
[2008/10/12 16:36:07 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\QofS.doc
[2008/10/07 11:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/03 09:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 09:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
< End of report >


Here's the Extras.Txt log

OTViewIt Extras logfile created on: 10/31/2008 4:19:59 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.79 Mb Total Physical Memory | 328.36 Mb Available Physical Memory | 32.10% Memory free
2.41 Gb Paging File | 1.84 Gb Available in Paging File | 76.33% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 67.13 Gb Free Space | 36.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NANCY-561AA26BC
Current User Name: Nicholas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006/11/02 23:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2006/05/09 16:24:16 | 00,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1134443394\ee\aolsoftware.exe:*:Enabled:AOL Services
[2006/08/28 12:22:24 | 00,050,768 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1134443394\ee\aim6.exe:*:Enabled:AIM
[2006/03/23 17:28:57 | 07,513,533 | ---- | M] () -- C:\Nicholas's Games\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
[2005/10/18 16:35:32 | 11,691,000 | ---- | M] (Firaxis Games) -- C:\Nicholas's Games\Civ4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4
[2008/10/20 20:39:00 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
File not found -- C:\Nicholas's Games\Demos\Battlefield 2142 Demo\BF2142.exe:*:Enabled:Battlefield 2
[2007/07/28 08:33:02 | 00,910,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MWL\MwlSvc.exe:*:Enabled:McAfee Wireless Network Security
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Nicholas's Games\Freelancer\EXE\Freelancer.exe:*:Enabled:Freelancer
[2008/07/18 07:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2002/12/17 20:16:55 | 00,167,936 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\MSERO.DLL (msero:{B0D92A71-886B-453B-A649-1B91F93801E7} (HKLM) [Protocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 01:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/04 10:43:36 | 00,121,632 | ---- | M] () c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (sacore:{5513F07E-936B-4E52-9B00-067394E91CC5} (HKLM) [McAfee SACore Protocol Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00D15456-F679-4AD4-8BD2-56450D4C3F72}"=WarRock
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}"=Battlefield 2™
"{0556F885-2415-4666-B53E-33727E46AEA1}"=The Movies™
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}"=WD Diagnostics
"{0DBF3265-57F1-4D8A-87EA-332B2A669BDE}"=Indiana Jones and the Emperors Tomb
"{102E4D60-5A93-4A3C-8105-FE390427C60D}"=Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}"=iPod for Windows 2006-03-23
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}"=Windows Live Sign-in Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{287A4E96-AC57-4A19-9B51-C5EED2EAB382}"=Star Trek Legacy
"{2F2E3D62-8B8C-448F-8900-451325E50948}"=Oblivion - The Wizard's Tower
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}"=Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}"=Oblivion
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}"=Windows Live Outlook Toolbar (Windows Live Toolbar)
"{369B36BE-3D64-4641-9AEA-808D436FE134}"=Microsoft Digital Image Pro 7.0
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}"=Oblivion - Horse Armor Pack
"{3D047C15-C859-45F7-81CE-F2681778069B}"=iPod for Windows 2006-01-10
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}"=DAEMON Tools
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}"=Tabbed Browsing (Windows Live Toolbar)
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}"=OneCare Advisor (Windows Live Toolbar)
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}"=Form Fill (Windows Live Toolbar)
"{56F3E1FF-54FE-4384-A153-6CCABA097814}"=Creative MediaSource
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}"=LEGO Star Wars II
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{66A7A386-6F35-41A7-A731-101F0C0153C8}"=Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}"=Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{72D037A4-D311-4250-B987-7D854760452C}"=iLike Sidebar
"{783E0AD7-C128-4398-9F74-99D3EFF2875D}"=Deep Space Nine The Fallen
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8C4504A1-9280-11D5-9F7E-00902712427E}"=Sid Meier's SimGolf
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E3395D1-104C-4625-8419-CA6D197179F2}"=AGEIA PhysX v6.11.01
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{95381165-5D16-4CD4-9162-57799A3F3AB5}"=PCLinq2 High-Speed USB Bridge Cable
"{95774351-6087-3A3B-8CA8-70BEE49D2BD5}"=Google Gears
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{98E8A2EF-4EAE-43B8-A172-74842B764777}"=InterVideo WinDVD 4
"{9933F0EE-DFCD-4829-B979-3C56C367CB1A}"=InterVideo WinDVD Creator
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}"=SPORE™
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}"=Sound Blaster Audigy 2 ZS
"{A0595C97-DB17-429D-AB24-8594019B9A6C}"=Star Trek Legacy Patch v1.2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}"=SimCity 4 Deluxe
"{A8589680-35C1-4732-ACCA-09B78921ECE3}"=Sid Meier's Civilization 4
"{A8B94669-8654-4126-BD28-D0D2412CDED6}"=TI Connect 1.6
"{AC76BA86-7AD7-1033-7B44-A70900000002}"=Adobe Reader 7.0.9
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}"=Medieval II Total War
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}"=Blaze Media Pro
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}"=Microsoft Game Studios Common Redistributables Pack 1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}"=Sid Meier's Civilization 4
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2
"{D32D4182-DE6C-457E-838C-8D7B9CE332BA}"=InterVideo WinRip
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E064390A-2F64-4195-9A55-30D4B20B865A}"=WDCSAM Driver
"{E3FEF250-E968-4B4E-ACEB-5DAFAFF0EC30}"=Sid Meier's Gettysburg! 2000/XP Compatibility Update
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}"=Oblivion - Orrery
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}"=Microsoft Plus! for Windows XP
"{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)
"8A1D0449E9CBCC93DCB0CF47934D695423632CA7"=Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (12/05/2006 1.0.0007.0)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"AOL Instant Messenger"=AOL Instant Messenger
"AudioShell_is1"=AudioShell 1.3 beta 3
"BATMAN VENGEANCE"=BATMAN VENGEANCE
"Bridge Commander"=Star Trek Bridge Commander
"Combat Flight Simulator 3.0"=Microsoft Combat Flight Simulator 3.0
"DVD Shrink_is1"=DVD Shrink 3.2
"FileASSASSIN"=FileASSASSIN
"Finale 2006"=Finale 2006
"Freelancer 1.0"=Freelancer
"Google Desktop"=Google Desktop
"Google Updater"=Google Updater
"Guild Wars"=Guild Wars
"GW Team Builder_is1"=GW Team Builder 1.1.3
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}"=The Movies™
"InstallShield_{102E4D60-5A93-4A3C-8105-FE390427C60D}"=Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}"=iPod for Windows 2006-03-23
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}"=iPod for Windows 2006-01-10
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}"=LEGO Star Wars II
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2
"InstallShield_{E3FEF250-E968-4B4E-ACEB-5DAFAFF0EC30}"=Sid Meier's Gettysburg! 2000/XP Compatibility Update
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"InterActual Player"=InterActual Player
"JDSecure"=JD Secure 3.1
"LucasArts' Monkey 4"=LucasArts' Monkey 4
"LucasArts' Star Wars Rebellion"=LucasArts' Star Wars Rebellion
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"mp3-2-wav"=mp3-2-wav converter 1.14
"MSC"=McAfee SecurityCenter
"MSTTS"=Microsoft Text-to-Speech Engine 4.0 (English)
"Nero - Burning Rom!UninstallKey"=Nero OEM
"NeroVision!UninstallKey"=NeroVision Express 2 SE
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NMPUninstallKey"=Nero Media Player
"NVIDIA Drivers"=NVIDIA Drivers
"Picasa2"=Picasa 2
"Ping Plotter Freeware"=Ping Plotter Freeware
"Rails Across America"=Rails Across America
"RealPlayer 6.0"=RealPlayer
"S7FOY07-FPDEMO_is1"=Indiana Jones and the Fountain of Youth Demo
"Shockwave"=Shockwave
"Sid Meier's Alpha Centauri"=Sid Meier's Alpha Centauri
"Sid Meier's Antietam"=Sid Meier's Antietam
"Sid Meier's Gettysburg!"=Sid Meier's Gettysburg!
"SmartMusic 10"=SmartMusic 10
"SpyNoMore"=SpyNoMore 2.67
"SpywareBlaster_is1"=SpywareBlaster 4.1
"SysInfo"=Creative System Information
"Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2
"Viewpoint Manager"=Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer"=Viewpoint Media Player
"VLC media player"=VideoLAN VLC media player 0.8.5
"Winamp"=Winamp (remove only)
"Windows Live Toolbar"=Windows Live Toolbar
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"XviD_is1"=XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/29/2008 11:45:53 PM | Computer Name = NANCY-561AA26BC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/29/2008 11:45:54 PM | Computer Name = NANCY-561AA26BC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 10/29/2008 11:45:54 PM | Computer Name = NANCY-561AA26BC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/29/2008 11:45:54 PM | Computer Name = NANCY-561AA26BC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/29/2008 11:45:55 PM | Computer Name = NANCY-561AA26BC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/29/2008 11:45:55 PM | Computer Name = NANCY-561AA26BC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/29/2008 11:45:55 PM | Computer Name = NANCY-561AA26BC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/29/2008 11:45:55 PM | Computer Name = NANCY-561AA26BC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/31/2008 2:35:41 AM | Computer Name = NANCY-561AA26BC | Source = Application Hang | ID = 1002
Description = Hanging application OTScanIt.exe, version 1.0.19.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/31/2008 2:35:41 AM | Computer Name = NANCY-561AA26BC | Source = Application Hang | ID = 1002
Description = Hanging application OTScanIt.exe, version 1.0.19.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/30/2008 2:16:37 AM | Computer Name = NANCY-561AA26BC | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {B5B7768B-396A-424D-B5FF-9636DDE0BDBC}.
The
error: "%2" Happened while starting this command: C:\Program Files\iLike\1.1.27\ilikesidebar.exe
-Embedding

Error - 10/30/2008 7:04:57 PM | Computer Name = NANCY-561AA26BC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 00138FF67E60 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/30/2008 7:06:02 PM | Computer Name = NANCY-561AA26BC | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2

Error - 10/30/2008 7:29:31 PM | Computer Name = NANCY-561AA26BC | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2

Error - 10/30/2008 7:29:56 PM | Computer Name = NANCY-561AA26BC | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 10/30/2008 7:35:25 PM | Computer Name = NANCY-561AA26BC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/30/2008 7:35:30 PM | Computer Name = NANCY-561AA26BC | Source = Service Control Manager | ID = 7034
Description = The LicCtrl Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/30/2008 9:53:52 PM | Computer Name = NANCY-561AA26BC | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2

Error - 10/31/2008 7:48:52 PM | Computer Name = NANCY-561AA26BC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 00138FF67E60 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/31/2008 7:49:21 PM | Computer Name = NANCY-561AA26BC | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2


< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:49 AM

Posted 31 October 2008 - 07:15 PM

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new OtViewIt log

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 nickkmet

nickkmet
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 31 October 2008 - 09:30 PM

Here's the report.txt log:


SDFix: Version 1.238
Run by Nicholas on Fri 10/31/2008 at 06:59 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Resetting SecurityProviders Value

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\WINDOW~1.EXE - Deleted
C:\WINDOWS\system32\A.tmp - Deleted
C:\WINDOWS\brastk.exe - Deleted
C:\WINDOWS\k.txt - Deleted
C:\WINDOWS\system32\windows_update.exe - Deleted
C:\WINDOWS\wiaservv.log - Deleted


Could Not Remove C:\DOCUME~1\NICHOL~1.000\LOCALS~1\Temp\
Could Not Remove C:\DOCUME~1\NICHOL~1.000\LOCALS~1\Temp\



Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 19:18:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\$winnt32$_test]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
"khjeh"=hex:20,02,00,00,15,7d,15,9c,8d,04,89,ef,ec,d9,f5,b5,df,07,01,da,86,..
"hj34z0"=hex:7a,7e,6f,91,8f,ff,1f,05,d7,a6,3d,f2,74,73,1d,23,4c,b7,3a,f6,ca,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSmqlt.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSmqlt.sys"
"TDSSl"="\systemroot\system32\TDSSoiqh.dll"
"tdssservers"="\systemroot\system32\TDSSosvd.dat"
"tdssmain"="\systemroot\system32\TDSSbrsr.dll"
"tdsslog"="\systemroot\system32\TDSSriqp.dll"
"tdssadw"="\systemroot\system32\TDSSxfum.dll"
"tdssinit"="\systemroot\system32\TDSSlxwp.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSsihc.dll"
"tdssserf"="\systemroot\system32\TDSSrhym.dll"
"tdsserrors"="\systemroot\system32\TDSSmaxt.log"
"TDSSproc"="\systemroot\system32\TDSSoexh.log"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\TDSSserv.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\TDSSserv.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSmqlt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSmqlt.sys"
"TDSSl"="\systemroot\system32\TDSSoiqh.dll"
"tdssservers"="\systemroot\system32\TDSSosvd.dat"
"tdssmain"="\systemroot\system32\TDSSbrsr.dll"
"tdsslog"="\systemroot\system32\TDSSriqp.dll"
"tdssadw"="\systemroot\system32\TDSSxfum.dll"
"tdssinit"="\systemroot\system32\TDSSlxwp.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSsihc.dll"
"tdssserf"="\systemroot\system32\TDSSrhym.dll"
"tdsserrors"="\systemroot\system32\TDSSmaxt.log"
"TDSSproc"="\systemroot\system32\TDSSoexh.log"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\TDSSserv.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\TDSSserv.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSmqlt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSmqlt.sys"
"TDSSl"="\systemroot\system32\TDSSoiqh.dll"
"tdssservers"="\systemroot\system32\TDSSosvd.dat"
"tdssmain"="\systemroot\system32\TDSSbrsr.dll"
"tdsslog"="\systemroot\system32\TDSSriqp.dll"
"tdssadw"="\systemroot\system32\TDSSxfum.dll"
"tdssinit"="\systemroot\system32\TDSSlxwp.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSsihc.dll"
"tdssserf"="\systemroot\system32\TDSSrhym.dll"
"tdsserrors"="\systemroot\system32\TDSSmaxt.log"
"TDSSproc"="\systemroot\system32\TDSSoexh.log"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\SafeBoot\Minimal\TDSSserv.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\SafeBoot\Network\TDSSserv.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSmqlt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSmqlt.sys"
"TDSSl"="\systemroot\system32\TDSSoiqh.dll"
"tdssservers"="\systemroot\system32\TDSSosvd.dat"
"tdssmain"="\systemroot\system32\TDSSbrsr.dll"
"tdsslog"="\systemroot\system32\TDSSriqp.dll"
"tdssadw"="\systemroot\system32\TDSSxfum.dll"
"tdssinit"="\systemroot\system32\TDSSlxwp.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSsihc.dll"
"tdssserf"="\systemroot\system32\TDSSrhym.dll"
"tdsserrors"="\systemroot\system32\TDSSmaxt.log"
"TDSSproc"="\systemroot\system32\TDSSoexh.log"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSmqlt.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSmqlt.sys"
"TDSSl"="\systemroot\system32\TDSSoiqh.dll"
"tdssservers"="\systemroot\system32\TDSSosvd.dat"
"tdssmain"="\systemroot\system32\TDSSbrsr.dll"
"tdsslog"="\systemroot\system32\TDSSriqp.dll"
"tdssadw"="\systemroot\system32\TDSSxfum.dll"
"tdssinit"="\systemroot\system32\TDSSlxwp.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSsihc.dll"
"tdssserf"="\systemroot\system32\TDSSrhym.dll"
"tdsserrors"="\systemroot\system32\TDSSmaxt.log"
"TDSSproc"="\systemroot\system32\TDSSoexh.log"

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\TDSSmqlt.sys 50688 bytes executable
C:\WINDOWS\system32\TDSSbrsr.dll 29696 bytes executable
C:\WINDOWS\system32\TDSSbutv.log 3199 bytes
C:\WINDOWS\system32\TDSSlxwp.dll 3715 bytes
C:\WINDOWS\system32\TDSSmaxt.log 109 bytes
C:\WINDOWS\system32\TDSSnmxh.log 573073 bytes
C:\WINDOWS\system32\TDSSoexh.log 29608 bytes
C:\WINDOWS\system32\TDSSoiqh.dll 26624 bytes executable
C:\WINDOWS\system32\TDSSosvd.dat 164 bytes
C:\WINDOWS\system32\TDSSrhym.dll 30720 bytes executable
C:\WINDOWS\system32\TDSSriqp.dll 31232 bytes executable
C:\WINDOWS\system32\TDSSxfum.dll 73728 bytes executable
C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Temp\TDSS8529.tmp 118784 bytes executable
C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Temp\TDSS8549.tmp 617472 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 14


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1134443394\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1134443394\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1134443394\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1134443394\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Nicholas's Games\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Nicholas's Games\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Nicholas's Games\\Civ4\\Civilization4.exe"="C:\\Nicholas's Games\\Civ4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:ćTorrent"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Nicholas's Games\\Demos\\Battlefield 2142 Demo\\BF2142.exe"="C:\\Nicholas's Games\\Demos\\Battlefield 2142 Demo\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"="C:\\Program Files\\McAfee\\MWL\\MwlSvc.exe:*:Enabled:McAfee Wireless Network Security"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Nicholas's Games\\Freelancer\\EXE\\Freelancer.exe"="C:\\Nicholas's Games\\Freelancer\\EXE\\Freelancer.exe:*:Enabled:Freelancer"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :

C:\DOCUME~1\NICHOL~1.000\LOCALS~1\Temp\ Found
C:\DOCUME~1\NICHOL~1.000\LOCALS~1\Temp\ Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 2 Oct 2008 6,108,728 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 31 Oct 2008 769 A.SH. --- "C:\WINDOWS\system32\mmf.sys"
Mon 5 Jun 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Sun 18 Jun 2006 782 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv10.bak"
Mon 22 Sep 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Mon 22 Sep 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Fri 8 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Michael.NANCY-561AA26BC\Application Data\U3\temp\Launchpad Removal.exe"
Sun 21 Sep 2008 3,986 ...HR --- "C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Application Data\SecuROM\UserData\securom_v7_01.bak"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Application Data\U3\temp\Launchpad Removal.exe"
Mon 5 Jun 2006 4,348 A..H. --- "C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\My Music\License Backup\drmv1key.bak"
Thu 8 Jun 2006 20 A..H. --- "C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\My Music\License Backup\drmv1lic.bak"
Mon 5 Jun 2006 400 A..H. --- "C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\My Music\License Backup\drmv2key.bak"
Thu 8 Jun 2006 1,536 A..H. --- "C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\My Music\License Backup\drmv2lic.bak"
Tue 28 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2ad1413c5dc0d16e6d56d3e6ca94ed48\download\BIT99.tmp"

Finished!


Here's the new OTViewIT.txt Log:

OTViewIt logfile created on: 10/31/2008 7:28:05 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.79 Mb Total Physical Memory | 540.71 Mb Available Physical Memory | 52.87% Memory free
2.41 Gb Paging File | 1.97 Gb Available in Paging File | 81.93% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 66.19 Gb Free Space | 35.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NANCY-561AA26BC
Current User Name: Nicholas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/08/22 13:14:10 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2008/10/22 19:28:07 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2006/08/07 21:57:13 | 00,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
[2007/11/25 14:43:48 | 00,071,168 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe
[2008/09/08 07:50:32 | 00,198,944 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
[2008/06/21 11:39:08 | 00,792,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/07/18 07:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2008/07/09 13:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2008/06/20 04:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2008/07/09 16:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2008/07/09 13:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
[2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2007/11/01 16:14:12 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
[2008/07/11 17:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2008/06/20 04:01:18 | 00,605,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2008/10/29 16:40:48 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2008/04/13 16:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/10/01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
[2008/06/13 17:27:34 | 02,752,512 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe
[2008/09/16 11:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/10/28 01:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/10/28 01:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/10/28 01:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/10/28 01:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/10/31 16:19:17 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\Downloads\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/08/22 13:14:10 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2008/03/09 16:06:26 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])
[2008/10/22 19:28:07 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2006/08/07 21:57:13 | 00,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe -- (LicCtrlService [Auto | Running])
[2007/11/25 14:43:48 | 00,071,168 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe -- (LxrJD31s [Auto | Running])
[2008/09/08 07:50:32 | 00,198,944 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
[2008/06/21 11:39:08 | 00,792,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/07/18 07:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2008/06/20 12:10:22 | 00,361,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2008/07/09 13:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2008/06/20 04:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2008/06/20 04:01:18 | 00,605,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2008/07/09 16:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2008/07/09 13:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe -- (MSK80Service [Auto | Running])
[2007/07/28 08:33:02 | 00,910,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MWL\MwlSvc.exe -- (MWLSvc [On_Demand | Stopped])
[2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/11/01 16:14:12 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Disabled | Stopped])
[2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

File not found -- -- (catchme [On_Demand | Running])
[2003/11/04 22:26:02 | 00,645,392 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
[2003/11/18 18:13:54 | 00,366,160 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
[2003/10/13 19:17:56 | 00,332,800 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
[2003/10/07 18:08:12 | 00,006,096 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
[2003/10/07 18:09:10 | 00,130,288 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2004/08/22 15:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus [Boot | Running])
[2004/08/22 15:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt [Boot | Running])
[2003/10/13 01:42:12 | 00,145,488 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
[2008/04/13 10:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2003/10/21 01:26:08 | 00,904,496 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
[2003/10/21 01:23:44 | 00,148,432 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k [On_Demand | Running])
[2004/08/04 04:00:00 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame [On_Demand | Stopped])
[2001/08/17 13:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir [On_Demand | Running])
[2008/04/13 10:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/11/25 14:43:48 | 00,069,824 | ---- | M] () -- C:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d [Auto | Running])
[2008/06/27 05:08:40 | 00,079,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2008/06/27 05:08:40 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2008/06/27 05:08:40 | 00,207,656 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2008/06/20 04:41:38 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2008/06/27 05:08:40 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2008/06/02 13:55:42 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 13:02:40 | 00,035,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame [On_Demand | Stopped])
[2001/08/17 06:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Stopped])
[2007/12/05 01:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2003/10/07 18:06:50 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2003/01/22 04:37:00 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2003/03/05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfDetNT [Auto | Running])
[2003/03/05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT [Auto | Stopped])
[2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/02/22 18:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])
[2001/08/23 11:00:00 | 00,022,400 | ---- | M] () -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid [System | Running])
[2008/04/13 10:40:48 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port [Boot | Running])
[2007/11/13 00:47:45 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/08/10 04:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2005/05/16 05:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005/09/29 09:01:51 | 00,066,048 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
[2004/08/04 04:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2006/05/15 16:24:50 | 00,086,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\WscNetDr.sys -- (WscNetDr [On_Demand | Running])
[2003/12/22 14:32:00 | 00,176,256 | R--- | M] (Marvell Semiconductor Inc.) -- C:\WINDOWS\system32\drivers\yukonx86.sys -- (yukonx86 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.google.com/
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.msn.com/

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://www.google.com/
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com/
"Start Page"=http://www.msn.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com/
"Start Page"=http://www.msn.com/

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" (HKLM) -- c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll File not found

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent (Electronic Arts)
"Google Update"="C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent (Electronic Arts)
"Google Update"="C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========

[2004/07/28 16:30:06 | 00,098,304 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk = C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"AllowLegacyWebView"=1
"AllowUnhashedWebView"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)
Open in new background tab: C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui [2007/10/19 11:18:16 | 00,112,640 | ---- | M] (Microsoft Corporation)
Open in new foreground tab: C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui [2007/10/19 11:18:16 | 00,112,640 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)
Open in new background tab: C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui [2007/10/19 11:18:16 | 00,112,640 | ---- | M] (Microsoft Corporation)
Open in new foreground tab: C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui [2007/10/19 11:18:16 | 00,112,640 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
Open in new background tab: Reg Error: Key does not exist or could not be opened. File not found
Open in new foreground tab: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
Open in new background tab: Reg Error: Key does not exist or could not be opened. File not found
Open in new foreground tab: Reg Error: Key does not exist or could not be opened. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{9455301C-CF6B-11D3-A266-00C04F689C50} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Encarta Researcher\EROPROJ.DLL [Encarta &Researcher] -> [2002/11/27 11:29:56 | 00,344,064 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{9455301C-CF6B-11D3-A266-00C04F689C50} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Encarta Researcher\EROPROJ.DLL [Encarta &Researcher] -> [2002/11/27 11:29:56 | 00,344,064 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{9455301C-CF6B-11D3-A266-00C04F689C50} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Encarta Researcher\EROPROJ.DLL [Encarta &Researcher] -> [2002/11/27 11:29:56 | 00,344,064 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{9455301C-CF6B-11D3-A266-00C04F689C50} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Encarta Researcher\EROPROJ.DLL [Encarta &Researcher] -> [2002/11/27 11:29:56 | 00,344,064 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: -- Reg Error: Key does not exist or could not be opened.
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{233C1507-6A77-46A4-9443-F871F945D258}: http://fpdownload.macromedia.com/pub/shock...director/sw.cab -- Shockwave ActiveX Control
{2917297F-F02B-4B9D-81DF-494B6333150B}: http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab -- Minesweeper Flags Class
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab -- McAfee.com Operating System Class
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1225170757578 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}: http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab -- MessengerStatsClient Class
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab -- MSN Games - Installer
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{153DEBBC-28F3-4EAB-B0E7-A6771B3CB33A} (Servers: | Description: )
{2BA53558-AFDA-4D81-BA58-6A2DA1F32598} (Servers: | Description: 1394 Net Adapter)
{5DB568E6-5E2F-48BC-90C1-DEB0A83F6691} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/09/30 16:32:21 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{188a6cd6-ea65-11dc-8262-00138ff67e60}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{188a6cd6-ea65-11dc-8262-00138ff67e60}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{188a6cd6-ea65-11dc-8262-00138ff67e60}\Shell\AutoRun\command]
""=D:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{861c34c0-6cfb-11da-8357-00112f708bd0}\Shell\AutoRun\command]
""=D:\JDSecure\Windows\JDSecure31.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c91581-33be-11db-9330-00112f708bd0}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c91581-33be-11db-9330-00112f708bd0}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c91581-33be-11db-9330-00112f708bd0}\Shell\AutoRun\command]
""=D:\setup.EXE -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c91581-33be-11db-9330-00112f708bd0}\Shell\dxsetup\command]
""=D:\directx\dxsetup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c91581-33be-11db-9330-00112f708bd0}\Shell\Register\command]
""=extras\runshell http://www.microsoft.com/games/product_registration/cfs3/


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c91581-33be-11db-9330-00112f708bd0}\Shell\setup\command]
""=D:\setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c91581-33be-11db-9330-00112f708bd0}\Shell\Web\command]
""=extras\runshell http://www.microsoft.com/games/cfs3/


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e40dd3b6-ee34-11dc-826b-00138ff67e60}\Shell\AutoRun\command]
""=wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command]
""=D:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[13 C:\WINDOWS\*.tmp files]
[2008/10/31 19:16:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Application Data\WinRAR
[2008/10/31 18:58:21 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/10/31 18:54:24 | 00,000,000 | ---D | C] -- C:\temp
[2008/10/31 18:53:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/10/31 18:48:24 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/10/31 18:47:23 | 01,556,227 | ---- | C] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Desktop\SDFix.exe
[2008/10/30 22:25:41 | 00,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\FileASSASSIN.lnk
[2008/10/30 22:25:41 | 00,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2008/10/29 19:53:42 | 00,000,000 | ---D | C] -- C:\OTScanIt
[2008/10/29 19:14:54 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\From the trailers.doc
[2008/10/29 19:09:49 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Desktop\SpywareBlaster.lnk
[2008/10/29 19:09:48 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2008/10/29 19:09:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Desktop\OTScanIt
[2008/10/29 19:08:44 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Desktop\HijackThis.lnk
[2008/10/29 19:08:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/29 16:31:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Mozilla
[2008/10/28 19:11:46 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/10/28 19:11:46 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2008/10/28 19:11:46 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2008/10/28 19:11:46 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/10/28 19:11:46 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/10/28 19:11:46 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/10/28 19:11:46 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/10/28 19:11:46 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/10/28 19:11:46 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/10/28 15:05:54 | 00,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2008/10/28 15:05:46 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/28 15:05:45 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/28 15:05:44 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/28 15:05:44 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/28 15:05:43 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/28 15:05:34 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/10/28 15:05:26 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2008/10/28 15:05:25 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/10/28 15:04:39 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/28 14:24:43 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/28 14:21:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/27 22:33:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/10/27 22:28:59 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2008/10/27 22:28:58 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2008/10/27 22:28:58 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2008/10/27 22:28:58 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2008/10/27 22:28:58 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2008/10/27 22:28:57 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2008/10/27 22:28:57 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2008/10/27 22:28:57 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2008/10/27 22:28:57 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2008/10/27 22:28:57 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2008/10/27 22:28:57 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2008/10/27 22:28:57 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2008/10/27 22:28:57 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2008/10/27 22:28:57 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2008/10/27 22:28:57 | 00,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2008/10/27 22:28:57 | 00,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2008/10/27 22:28:57 | 00,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2008/10/27 22:28:56 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2008/10/27 22:28:56 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2008/10/27 22:28:56 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2008/10/27 22:28:56 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2008/10/27 22:28:56 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2008/10/27 22:28:56 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2008/10/27 22:28:56 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2008/10/27 22:28:56 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2008/10/27 22:28:56 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2008/10/27 22:28:56 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2008/10/27 22:28:56 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2008/10/27 22:28:52 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2008/10/27 22:28:52 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2008/10/27 22:28:52 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2008/10/27 22:28:47 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2008/10/27 22:28:47 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2008/10/27 22:28:47 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2008/10/27 22:28:47 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2008/10/27 22:28:47 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2008/10/27 22:28:47 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2008/10/27 22:28:46 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2008/10/27 22:28:46 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2008/10/27 22:28:46 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2008/10/27 22:28:46 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2008/10/27 22:28:41 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2008/10/27 22:28:41 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2008/10/27 22:28:40 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2008/10/27 22:28:35 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2008/10/27 22:28:33 | 00,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2008/10/27 22:28:28 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2008/10/27 22:28:28 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2008/10/27 22:28:28 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2008/10/27 22:28:28 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2008/10/27 22:28:28 | 00,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2008/10/27 22:28:28 | 00,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2008/10/27 22:28:28 | 00,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2008/10/27 22:28:28 | 00,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2008/10/27 22:28:28 | 00,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2008/10/27 22:28:28 | 00,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2008/10/27 22:28:28 | 00,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2008/10/27 22:28:28 | 00,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2008/10/27 22:28:28 | 00,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2008/10/27 22:28:28 | 00,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2008/10/27 22:28:28 | 00,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2008/10/27 22:28:28 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2008/10/27 22:28:22 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2008/10/27 22:28:20 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2008/10/27 22:28:20 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2008/10/27 22:28:15 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/10/27 22:28:15 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/10/27 22:28:05 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2008/10/27 22:28:04 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2008/10/27 22:28:04 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2008/10/27 22:28:04 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2008/10/27 22:28:00 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2008/10/27 22:27:51 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2008/10/27 22:27:41 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2008/10/27 22:27:38 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2008/10/27 22:27:36 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2008/10/27 22:27:36 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2008/10/27 22:27:36 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2008/10/27 22:27:36 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2008/10/27 22:27:35 | 00,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2008/10/27 22:27:35 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2008/10/27 22:27:35 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2008/10/27 22:27:35 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2008/10/27 22:27:35 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2008/10/27 22:27:35 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2008/10/27 22:27:33 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2008/10/27 20:11:19 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2008/10/27 20:11:19 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2008/10/27 20:11:18 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2008/10/27 20:11:18 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2008/10/27 20:11:18 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2008/10/27 20:11:17 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2008/10/27 20:11:16 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2008/10/27 20:11:16 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2008/10/27 20:11:14 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2008/10/27 20:11:13 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2008/10/27 20:11:13 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2008/10/27 20:11:10 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2008/10/27 20:11:10 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2008/10/27 20:11:09 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2008/10/27 20:11:07 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2008/10/27 20:11:07 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2008/10/27 20:11:07 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2008/10/27 20:11:07 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2008/10/27 20:11:07 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2008/10/27 20:11:06 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2008/10/27 20:11:06 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2008/10/27 20:11:06 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2008/10/27 20:11:02 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2008/10/27 20:10:59 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2008/10/27 20:10:59 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2008/10/27 20:10:58 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2008/10/27 20:10:57 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2008/10/27 20:10:57 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2008/10/27 20:10:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2008/10/27 20:10:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2008/10/27 20:10:56 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2008/10/27 20:10:56 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2008/10/27 20:10:56 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2008/10/27 20:10:56 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2008/10/27 20:10:56 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2008/10/27 20:10:56 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2008/10/27 20:10:56 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2008/10/27 20:10:56 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2008/10/27 20:10:56 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2008/10/27 20:10:56 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2008/10/27 20:10:55 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2008/10/27 20:10:55 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2008/10/27 20:10:55 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2008/10/27 20:10:55 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2008/10/27 20:10:50 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2008/10/27 20:10:50 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2008/10/27 20:10:48 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2008/10/27 20:10:48 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2008/10/27 20:10:46 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2008/10/27 20:10:45 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2008/10/27 20:10:45 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2008/10/27 20:10:42 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2008/10/27 20:10:42 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2008/10/27 20:10:42 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2008/10/27 20:10:39 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2008/10/27 20:10:39 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2008/10/27 20:10:39 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2008/10/27 20:10:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2008/10/27 20:10:38 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2008/10/27 20:10:38 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2008/10/27 20:10:38 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2008/10/27 20:10:38 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2008/10/27 20:10:37 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2008/10/27 20:10:37 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2008/10/27 20:10:36 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2008/10/27 20:10:36 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2008/10/27 20:10:36 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2008/10/27 20:10:31 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2008/10/27 20:10:26 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2008/10/27 20:10:20 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2008/10/27 20:10:20 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2008/10/27 20:10:12 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2008/10/27 20:10:12 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2008/10/27 20:10:10 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2008/10/27 20:10:08 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2008/10/27 20:10:08 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2008/10/27 20:10:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2008/10/27 20:10:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2008/10/27 20:10:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2008/10/27 20:10:06 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2008/10/27 20:10:06 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2008/10/27 20:10:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2008/10/27 20:10:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2008/10/27 20:10:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2008/10/27 20:10:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2008/10/27 20:10:05 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2008/10/27 20:10:05 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2008/10/27 20:10:05 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2008/10/27 20:10:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2008/10/27 20:10:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2008/10/27 20:10:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2008/10/27 20:10:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2008/10/27 20:10:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2008/10/27 20:10:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2008/10/27 20:10:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2008/10/27 20:10:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2008/10/27 20:10:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2008/10/27 20:10:04 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2008/10/27 20:10:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2008/10/27 20:10:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2008/10/27 20:10:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2008/10/27 20:10:03 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2008/10/27 20:10:03 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2008/10/27 20:10:02 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2008/10/27 20:10:02 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2008/10/27 20:10:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2008/10/27 20:10:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2008/10/27 20:10:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2008/10/27 20:09:59 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2008/10/27 20:09:59 | 00,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2008/10/27 20:09:59 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2008/10/27 20:09:58 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2008/10/27 20:09:58 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2008/10/27 20:09:58 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2008/10/27 20:09:58 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2008/10/27 20:09:58 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2008/10/27 20:09:58 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2008/10/27 20:09:58 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2008/10/27 20:09:58 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2008/10/27 20:09:57 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2008/10/27 20:09:57 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2008/10/27 20:09:57 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2008/10/27 20:09:57 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2008/10/27 20:09:57 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2008/10/27 20:09:57 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2008/10/27 20:09:57 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2008/10/27 20:09:57 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2008/10/27 20:09:56 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2008/10/27 20:09:56 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2008/10/27 20:09:56 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2008/10/27 20:09:56 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2008/10/27 20:09:56 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2008/10/27 20:09:56 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2008/10/27 20:09:56 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2008/10/27 20:09:52 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2008/10/27 20:09:49 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2008/10/27 20:09:46 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2008/10/27 20:09:44 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2008/10/27 20:09:44 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2008/10/27 20:09:42 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2008/10/27 20:09:42 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2008/10/27 20:09:41 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2008/10/27 20:09:41 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2008/10/27 20:09:40 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2008/10/27 20:09:39 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2008/10/27 20:09:38 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2008/10/27 20:09:37 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2008/10/27 20:09:37 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2008/10/27 20:09:37 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2008/10/27 20:09:37 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2008/10/27 20:09:30 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2008/10/27 20:09:28 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2008/10/27 20:09:28 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2008/10/27 20:09:26 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2008/10/27 20:09:26 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2008/10/27 20:09:26 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2008/10/27 20:09:26 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2008/10/27 20:09:25 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2008/10/27 20:09:25 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2008/10/27 20:09:25 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2008/10/27 20:09:25 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2008/10/27 20:09:24 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2008/10/27 20:09:24 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2008/10/27 20:09:24 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2008/10/27 20:09:24 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2008/10/27 20:09:24 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2008/10/27 20:09:23 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2008/10/27 20:09:23 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2008/10/27 20:09:23 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2008/10/27 20:09:12 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2008/10/27 20:09:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2008/10/27 20:04:10 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2008/10/27 20:04:10 | 00,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irda.sys
[2008/10/27 20:04:10 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll
[2008/10/27 20:04:09 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2008/10/27 20:02:46 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irsir.sys
[2008/10/27 20:00:26 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2008/10/27 20:00:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\NV692388.TMP
[2008/10/27 19:59:06 | 00,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rasirda.sys
[2008/10/27 19:54:35 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2008/10/27 19:54:35 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2008/10/27 19:54:35 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2008/10/27 19:54:35 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2008/10/27 19:54:22 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2008/10/27 19:54:22 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2008/10/27 19:54:22 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2008/10/27 19:54:22 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2008/10/27 19:54:22 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2008/10/27 19:54:22 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2008/10/27 19:12:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2008/10/27 18:57:31 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/10/27 18:43:51 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2008/10/27 18:32:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\NV700500.TMP
[2008/10/27 18:25:46 | 00,389,649 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2008/10/27 17:38:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2008/10/27 17:27:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Application Data\Uniblue
[2008/10/27 16:38:57 | 00,031,056 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2008/10/27 16:38:57 | 00,031,056 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2008/10/27 16:38:57 | 00,030,528 | ---- | C] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2008/10/27 16:38:57 | 00,030,528 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2008/10/27 16:38:57 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/10/27 16:38:57 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2008/10/27 16:38:57 | 00,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
[2008/10/27 16:38:57 | 00,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
[2008/10/27 16:23:05 | 00,008,502 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2008/10/27 16:20:48 | 00,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/26 20:36:08 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/10/26 20:35:59 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/10/26 20:13:58 | 00,000,208 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/26 19:35:59 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/10/26 19:35:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2008/10/22 18:57:10 | 00,053,000 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/10/22 16:37:27 | 00,000,961 | ---- | C] () -- C:\WINDOWS\STBC.ini
[2008/10/18 14:27:15 | 00,613,716 | ---- | C] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\recommendationWHITWORTH.pdf
[2008/10/18 14:26:39 | 00,126,046 | ---- | C] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\recommendation UPORTLAND.pdf
[2008/10/18 14:26:26 | 00,500,384 | ---- | C] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\transcript COMINES.pdf
[2008/10/14 17:07:58 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\QUESTIONS 2.doc
[2008/10/12 16:36:06 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\QofS.doc
[2008/10/08 20:32:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/08 20:29:35 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[13 C:\WINDOWS\*.tmp files]
[2008/10/31 19:27:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/10/31 19:10:38 | 00,008,502 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2008/10/31 19:10:01 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/31 19:09:40 | 00,000,769 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2008/10/31 19:09:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/31 19:09:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/31 19:00:11 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/10/31 18:58:21 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/10/31 18:50:22 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2008/10/31 18:50:22 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2008/10/31 18:50:22 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2008/10/31 18:50:22 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2008/10/31 18:50:22 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/10/31 18:50:22 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2008/10/31 18:50:22 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
[2008/10/31 18:50:22 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
[2008/10/31 18:47:26 | 01,556,227 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Desktop\SDFix.exe
[2008/10/31 15:50:49 | 00,000,615 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\My Sharing Folders.lnk
[2008/10/30 22:25:41 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\FileASSASSIN.lnk
[2008/10/29 21:42:12 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\From the trailers.doc
[2008/10/29 19:57:03 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/10/29 19:57:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/10/29 19:09:49 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Desktop\SpywareBlaster.lnk
[2008/10/29 19:08:44 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Desktop\HijackThis.lnk
[2008/10/29 17:14:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/29 15:52:06 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/28 22:23:12 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/28 19:17:48 | 00,000,079 | -HS- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\desktop.ini
[2008/10/28 19:17:14 | 00,258,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/28 19:15:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/10/28 19:15:46 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/10/28 14:26:13 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/10/28 14:25:49 | 00,469,596 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/28 14:25:49 | 00,400,464 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/28 14:25:49 | 00,060,624 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/27 20:12:55 | 00,032,571 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/10/27 20:08:23 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini
[2008/10/27 20:08:16 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/10/27 20:08:16 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/10/27 20:07:59 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/27 20:06:46 | 00,000,682 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/27 20:06:16 | 00,022,748 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/27 20:04:07 | 00,000,210 | -HS- | M] () -- C:\boot.ini
[2008/10/27 19:54:40 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/27 19:54:24 | 00,000,138 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\desktop.ini
[2008/10/27 19:54:24 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
[2008/10/27 18:57:36 | 00,389,649 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2008/10/27 17:41:14 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2008/10/27 17:31:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/10/27 17:31:16 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/10/27 16:23:20 | 00,013,588 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2008/10/27 16:02:55 | 00,000,208 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/10/26 20:30:21 | 00,268,233 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081029-170829.backup
[2008/10/26 20:30:21 | 00,268,233 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081029-170627.backup
[2008/10/22 19:26:18 | 00,000,961 | ---- | M] () -- C:\WINDOWS\STBC.ini
[2008/10/22 18:57:10 | 00,053,000 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/10/18 14:27:15 | 00,613,716 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\recommendationWHITWORTH.pdf
[2008/10/18 14:26:39 | 00,126,046 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\recommendation UPORTLAND.pdf
[2008/10/18 14:26:26 | 00,500,384 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\transcript COMINES.pdf
[2008/10/15 08:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 08:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/14 17:07:58 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\QUESTIONS 2.doc
[2008/10/12 16:36:07 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\QofS.doc
[2008/10/07 11:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/03 09:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 09:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
< End of report >


And here's the new Extras.txt log:

OTViewIt Extras logfile created on: 10/31/2008 7:28:05 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.79 Mb Total Physical Memory | 540.71 Mb Available Physical Memory | 52.87% Memory free
2.41 Gb Paging File | 1.97 Gb Available in Paging File | 81.93% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 66.19 Gb Free Space | 35.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NANCY-561AA26BC
Current User Name: Nicholas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006/11/02 23:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2006/05/09 16:24:16 | 00,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1134443394\ee\aolsoftware.exe:*:Enabled:AOL Services
[2006/08/28 12:22:24 | 00,050,768 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1134443394\ee\aim6.exe:*:Enabled:AIM
[2006/03/23 17:28:57 | 07,513,533 | ---- | M] () -- C:\Nicholas's Games\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
[2005/10/18 16:35:32 | 11,691,000 | ---- | M] (Firaxis Games) -- C:\Nicholas's Games\Civ4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4
[2008/10/20 20:39:00 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
File not found -- C:\Nicholas's Games\Demos\Battlefield 2142 Demo\BF2142.exe:*:Enabled:Battlefield 2
[2007/07/28 08:33:02 | 00,910,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MWL\MwlSvc.exe:*:Enabled:McAfee Wireless Network Security
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Nicholas's Games\Freelancer\EXE\Freelancer.exe:*:Enabled:Freelancer
[2008/07/18 07:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2002/12/17 20:16:55 | 00,167,936 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\MSERO.DLL (msero:{B0D92A71-886B-453B-A649-1B91F93801E7} (HKLM) [Protocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 01:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/04 10:43:36 | 00,121,632 | ---- | M] () c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (sacore:{5513F07E-936B-4E52-9B00-067394E91CC5} (HKLM) [McAfee SACore Protocol Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00D15456-F679-4AD4-8BD2-56450D4C3F72}"=WarRock
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}"=Battlefield 2™
"{0556F885-2415-4666-B53E-33727E46AEA1}"=The Movies™
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}"=WD Diagnostics
"{0DBF3265-57F1-4D8A-87EA-332B2A669BDE}"=Indiana Jones and the Emperors Tomb
"{102E4D60-5A93-4A3C-8105-FE390427C60D}"=Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}"=iPod for Windows 2006-03-23
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}"=Windows Live Sign-in Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{287A4E96-AC57-4A19-9B51-C5EED2EAB382}"=Star Trek Legacy
"{2F2E3D62-8B8C-448F-8900-451325E50948}"=Oblivion - The Wizard's Tower
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}"=Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}"=Oblivion
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}"=Windows Live Outlook Toolbar (Windows Live Toolbar)
"{369B36BE-3D64-4641-9AEA-808D436FE134}"=Microsoft Digital Image Pro 7.0
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}"=Oblivion - Horse Armor Pack
"{3D047C15-C859-45F7-81CE-F2681778069B}"=iPod for Windows 2006-01-10
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}"=DAEMON Tools
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}"=Tabbed Browsing (Windows Live Toolbar)
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}"=OneCare Advisor (Windows Live Toolbar)
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}"=Form Fill (Windows Live Toolbar)
"{56F3E1FF-54FE-4384-A153-6CCABA097814}"=Creative MediaSource
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}"=LEGO Star Wars II
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{66A7A386-6F35-41A7-A731-101F0C0153C8}"=Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}"=Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{72D037A4-D311-4250-B987-7D854760452C}"=iLike Sidebar
"{783E0AD7-C128-4398-9F74-99D3EFF2875D}"=Deep Space Nine The Fallen
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8C4504A1-9280-11D5-9F7E-00902712427E}"=Sid Meier's SimGolf
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E3395D1-104C-4625-8419-CA6D197179F2}"=AGEIA PhysX v6.11.01
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{95381165-5D16-4CD4-9162-57799A3F3AB5}"=PCLinq2 High-Speed USB Bridge Cable
"{95774351-6087-3A3B-8CA8-70BEE49D2BD5}"=Google Gears
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{98E8A2EF-4EAE-43B8-A172-74842B764777}"=InterVideo WinDVD 4
"{9933F0EE-DFCD-4829-B979-3C56C367CB1A}"=InterVideo WinDVD Creator
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}"=SPORE™
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}"=Sound Blaster Audigy 2 ZS
"{A0595C97-DB17-429D-AB24-8594019B9A6C}"=Star Trek Legacy Patch v1.2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}"=SimCity 4 Deluxe
"{A8589680-35C1-4732-ACCA-09B78921ECE3}"=Sid Meier's Civilization 4
"{A8B94669-8654-4126-BD28-D0D2412CDED6}"=TI Connect 1.6
"{AC76BA86-7AD7-1033-7B44-A70900000002}"=Adobe Reader 7.0.9
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}"=Medieval II Total War
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}"=Blaze Media Pro
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}"=Microsoft Game Studios Common Redistributables Pack 1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}"=Sid Meier's Civilization 4
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2
"{D32D4182-DE6C-457E-838C-8D7B9CE332BA}"=InterVideo WinRip
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E064390A-2F64-4195-9A55-30D4B20B865A}"=WDCSAM Driver
"{E3FEF250-E968-4B4E-ACEB-5DAFAFF0EC30}"=Sid Meier's Gettysburg! 2000/XP Compatibility Update
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}"=Oblivion - Orrery
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}"=Microsoft Plus! for Windows XP
"{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)
"8A1D0449E9CBCC93DCB0CF47934D695423632CA7"=Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (12/05/2006 1.0.0007.0)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"AOL Instant Messenger"=AOL Instant Messenger
"AudioShell_is1"=AudioShell 1.3 beta 3
"BATMAN VENGEANCE"=BATMAN VENGEANCE
"Bridge Commander"=Star Trek Bridge Commander
"Combat Flight Simulator 3.0"=Microsoft Combat Flight Simulator 3.0
"DVD Shrink_is1"=DVD Shrink 3.2
"FileASSASSIN"=FileASSASSIN
"Finale 2006"=Finale 2006
"Freelancer 1.0"=Freelancer
"Google Desktop"=Google Desktop
"Google Updater"=Google Updater
"Guild Wars"=Guild Wars
"GW Team Builder_is1"=GW Team Builder 1.1.3
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}"=The Movies™
"InstallShield_{102E4D60-5A93-4A3C-8105-FE390427C60D}"=Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}"=iPod for Windows 2006-03-23
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}"=iPod for Windows 2006-01-10
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}"=LEGO Star Wars II
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2
"InstallShield_{E3FEF250-E968-4B4E-ACEB-5DAFAFF0EC30}"=Sid Meier's Gettysburg! 2000/XP Compatibility Update
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"InterActual Player"=InterActual Player
"JDSecure"=JD Secure 3.1
"LucasArts' Monkey 4"=LucasArts' Monkey 4
"LucasArts' Star Wars Rebellion"=LucasArts' Star Wars Rebellion
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"mp3-2-wav"=mp3-2-wav converter 1.14
"MSC"=McAfee SecurityCenter
"MSTTS"=Microsoft Text-to-Speech Engine 4.0 (English)
"Nero - Burning Rom!UninstallKey"=Nero OEM
"NeroVision!UninstallKey"=NeroVision Express 2 SE
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NMPUninstallKey"=Nero Media Player
"NVIDIA Drivers"=NVIDIA Drivers
"Picasa2"=Picasa 2
"Ping Plotter Freeware"=Ping Plotter Freeware
"Rails Across America"=Rails Across America
"RealPlayer 6.0"=RealPlayer
"S7FOY07-FPDEMO_is1"=Indiana Jones and the Fountain of Youth Demo
"Shockwave"=Shockwave
"Sid Meier's Alpha Centauri"=Sid Meier's Alpha Centauri
"Sid Meier's Antietam"=Sid Meier's Antietam
"Sid Meier's Gettysburg!"=Sid Meier's Gettysburg!
"SmartMusic 10"=SmartMusic 10
"SpyNoMore"=SpyNoMore 2.67
"SpywareBlaster_is1"=SpywareBlaster 4.1
"SysInfo"=Creative System Information
"Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2
"Viewpoint Manager"=Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer"=Viewpoint Media Player
"VLC media player"=VideoLAN VLC media player 0.8.5
"Winamp"=Winamp (remove only)
"Windows Live Toolbar"=Windows Live Toolbar
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"XviD_is1"=XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1078081533-573735546-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/29/2008 11:45:54 PM | Computer Name = NANCY-561AA26BC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 10/29/2008 11:45:54 PM | Computer Name = NANCY-561AA26BC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/29/2008 11:45:54 PM | Computer Name = NANCY-561AA26BC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/29/2008 11:45:55 PM | Computer Name = NANCY-561AA26BC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/29/2008 11:45:55 PM | Computer Name = NANCY-561AA26BC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/29/2008 11:45:55 PM | Computer Name = NANCY-561AA26BC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/29/2008 11:45:55 PM | Computer Name = NANCY-561AA26BC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/31/2008 2:35:41 AM | Computer Name = NANCY-561AA26BC | Source = Application Hang | ID = 1002
Description = Hanging application OTScanIt.exe, version 1.0.19.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/31/2008 2:35:41 AM | Computer Name = NANCY-561AA26BC | Source = Application Hang | ID = 1002
Description = Hanging application OTScanIt.exe, version 1.0.19.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/31/2008 9:14:44 PM | Computer Name = NANCY-561AA26BC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 0.3.154.9, fault address 0x002cb0a1.

[ System Events ]
Error - 10/31/2008 10:53:08 PM | Computer Name = NANCY-561AA26BC | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 10/31/2008 10:53:08 PM | Computer Name = NANCY-561AA26BC | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 10/31/2008 10:53:08 PM | Computer Name = NANCY-561AA26BC | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 10/31/2008 10:53:08 PM | Computer Name = NANCY-561AA26BC | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 10/31/2008 10:53:08 PM | Computer Name = NANCY-561AA26BC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss SbcpHid Tcpip
WS2IFSL

Error - 10/31/2008 10:54:30 PM | Computer Name = NANCY-561AA26BC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 10/31/2008 10:54:40 PM | Computer Name = NANCY-561AA26BC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 10/31/2008 10:54:40 PM | Computer Name = NANCY-561AA26BC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 10/31/2008 11:08:43 PM | Computer Name = NANCY-561AA26BC | Source = Cdrom | ID = 262159
Description = The device, \Device\CdRom1, is not ready for access yet.

Error - 10/31/2008 11:10:00 PM | Computer Name = NANCY-561AA26BC | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2


< End of report >

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:49 AM

Posted 01 November 2008 - 12:21 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 nickkmet

nickkmet
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 01 November 2008 - 12:44 AM

here's the MBAM log:

Malwarebytes' Anti-Malware 1.24
Database version: 1035
Windows 5.1.2600 Service Pack 3

10:43:21 PM 10/31/2008
mbam-log-10-31-2008 (22-43-21).txt

Scan type: Quick Scan
Objects scanned: 54741
Time elapsed: 10 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


****Edit****

So immediately after i finished the scan, i realized i had forgotten to update MBAM. So i immediately updated it and ran another scan. here's the log from that scan:

Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 3

10/31/2008 10:52:51 PM
mbam-log-2008-10-31 (22-52-51).txt

Scan type: Quick Scan
Objects scanned: 67300
Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\aspopg.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ffddffdd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smwin32.mdr (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcpscj0eg49 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSbrsr.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSbutv.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSlxwp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSmaxt.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSoexh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSoiqh.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSrhym.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSriqp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSxfum.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSmqlt.sys (Rootkit.Agent) -> Delete on reboot.

Edited by nickkmet, 01 November 2008 - 12:53 AM.


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:49 AM

Posted 01 November 2008 - 01:06 AM

It looks like that second run helped a lot.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 nickkmet

nickkmet
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 01 November 2008 - 02:39 PM

Here's the ComboFix.txt Log:

ComboFix 08-10-31.02 - Nicholas 2008-11-01 12:26:44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.641 [GMT -8:00]
Running from: C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Temporary Internet Files\fbk.sts
C:\WINDOWS\system32\skinboxer43.dll
C:\WINDOWS\system32\TDSSosvd.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-10-01 to 2008-11-01 )))))))))))))))))))))))))))))))
.

2008-10-31 18:58 . 2008-10-31 18:58 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-31 18:54 . 2008-10-31 19:10 <DIR> d-------- C:\temp
2008-10-31 18:53 . 2008-10-31 18:54 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-31 18:48 . 2008-10-31 19:24 <DIR> d-------- C:\SDFix
2008-10-30 22:25 . 2008-10-30 22:25 <DIR> d-------- C:\Program Files\FileASSASSIN
2008-10-29 19:53 . 2008-10-29 19:55 <DIR> d-------- C:\OTScanIt
2008-10-29 19:09 . 2008-10-29 19:09 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-10-29 19:08 . 2008-10-29 19:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-28 19:11 . 2008-10-03 09:41 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-28 19:11 . 2007-04-17 01:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-28 19:11 . 2007-03-07 21:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-28 19:11 . 2008-08-25 23:24 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-28 19:11 . 2008-08-25 23:24 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-28 19:11 . 2008-08-25 23:24 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-28 19:11 . 2008-08-25 23:24 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-28 19:11 . 2008-08-25 23:24 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-28 19:11 . 2008-08-25 00:38 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-28 15:05 . 2008-08-14 02:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-28 15:05 . 2008-08-14 02:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-28 15:05 . 2008-08-14 01:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-28 15:05 . 2008-08-14 01:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-28 15:05 . 2008-09-15 04:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-28 15:05 . 2008-04-11 11:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-28 15:05 . 2008-05-01 06:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-10-28 15:05 . 2008-06-13 03:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-28 15:05 . 2008-05-08 06:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-10-28 15:05 . 2008-08-14 02:04 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-10-28 15:04 . 2008-09-08 02:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-28 14:24 . 2008-10-15 08:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-27 22:27 . 2004-08-04 04:00 381,425 -----c--- C:\WINDOWS\system32\dllcache\copycd.wmv
2008-10-27 20:11 . 2008-04-13 16:11 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-10-27 20:10 . 2004-08-04 04:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-10-27 20:09 . 2008-04-13 16:09 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-10-27 20:07 . 2008-10-27 20:07 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-27 20:06 . 2008-10-27 20:06 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-10-27 20:06 . 2008-10-27 20:06 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-10-27 20:06 . 2008-10-27 20:06 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-10-27 20:06 . 2008-10-27 20:06 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-10-27 20:04 . 2008-04-13 16:12 151,552 --a------ C:\WINDOWS\system32\irftp.exe
2008-10-27 20:04 . 2008-04-13 10:54 88,192 --a------ C:\WINDOWS\system32\drivers\irda.sys
2008-10-27 20:04 . 2008-04-13 16:11 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2008-10-27 20:04 . 2008-04-13 16:12 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-10-27 20:02 . 2001-08-17 13:51 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2008-10-27 20:00 . 2008-10-27 20:13 <DIR> d-------- C:\WINDOWS\NV692388.TMP
2008-10-27 20:00 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-10-27 19:59 . 2001-08-17 13:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2008-10-27 18:43 . 2004-08-04 04:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-10-27 18:32 . 2008-10-27 18:52 <DIR> d-------- C:\WINDOWS\NV700500.TMP
2008-10-27 18:26 . 2004-08-04 04:00 1,086,058 -ra------ C:\WINDOWS\SET92.tmp
2008-10-27 18:26 . 2004-08-04 04:00 1,042,903 -ra------ C:\WINDOWS\SET8F.tmp
2008-10-27 18:26 . 2004-08-04 04:00 13,753 -ra------ C:\WINDOWS\SET9E.tmp
2008-10-27 18:25 . 2008-10-27 18:25 <DIR> d---s---- C:\WINDOWS\system32\config\systemprofile\History
2008-10-27 18:25 . 2008-10-27 18:57 389,649 --a------ C:\WINDOWS\setupapi.old
2008-10-27 17:27 . 2008-10-27 17:27 <DIR> d-------- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Application Data\Uniblue
2008-10-27 16:38 . 2008-11-01 12:10 31,056 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
2008-10-27 16:38 . 2008-11-01 12:10 31,056 --a------ C:\WINDOWS\system32\BMXState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
2008-10-27 16:38 . 2008-11-01 12:10 30,528 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
2008-10-27 16:38 . 2008-11-01 12:10 30,528 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
2008-10-27 16:38 . 2008-11-01 12:10 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-10-27 16:38 . 2008-11-01 12:10 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-10-27 16:38 . 2008-11-01 12:10 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
2008-10-27 16:38 . 2008-11-01 12:10 384 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
2008-10-27 16:23 . 2008-11-01 12:12 8,768 --a------ C:\WINDOWS\system32\Config.MPF
2008-10-27 16:20 . 2008-11-01 12:12 13,646 --a------ C:\WINDOWS\system32\wpa.dbl
2008-10-26 20:36 . 2008-06-19 16:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-26 20:35 . 2008-10-26 20:35 <DIR> d-------- C:\Program Files\Panda Security
2008-10-26 20:13 . 2008-10-27 16:02 208 --a------ C:\WINDOWS\wininit.ini
2008-10-26 19:35 . 2008-10-27 14:14 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-26 19:35 . 2008-10-27 14:15 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-22 18:57 . 2008-10-22 18:57 53,000 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-10-22 16:37 . 2008-10-22 19:26 961 --a------ C:\WINDOWS\STBC.ini
2008-10-08 20:32 . 2008-10-08 20:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-08 20:29 . 2008-10-30 15:26 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 06:44 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-11-01 05:02 --------- d-----w C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Application Data\uTorrent
2008-11-01 03:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-10-31 06:35 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-10-30 23:41 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-10-28 22:26 --------- d-----w C:\Program Files\MSN Messenger
2008-10-28 01:39 --------- d-----w C:\Program Files\Microsoft Works
2008-10-28 01:38 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-10-28 01:38 --------- d-----w C:\Program Files\Common Files\L&H
2008-10-23 03:20 --------- d-----w C:\Program Files\Picasa2
2008-10-23 00:10 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-23 00:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-10-21 16:41 --------- d-----w C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\SACore
2008-10-20 04:12 --------- d-----w C:\Program Files\Finale 2006
2008-10-09 04:33 --------- d-----w C:\Program Files\iTunes
2008-10-09 04:32 --------- d-----w C:\Program Files\iPod
2008-10-09 04:29 --------- d-----w C:\Program Files\Common Files\Apple
2008-10-09 04:27 --------- d-----w C:\Program Files\Apple Software Update
2008-10-01 05:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor
2008-10-01 05:17 --------- d-----w C:\Program Files\McAfee
2008-09-30 21:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-09-17 03:56 --------- d-----w C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Application Data\U3
2008-09-15 22:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 04:24 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-15 04:24 --------- d-----w C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Application Data\SPORE
2008-09-13 01:04 --------- d-----w C:\Program Files\SpyNoMore
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2003-11-06 03:39 424,960 ----a-w C:\Documents and Settings\Do not use this folder\namespace.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--a------ 2003-06-18 01:00 45056 C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 16:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2003-09-17 10:43 57344 C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 16:24 50760 C:\Program Files\Common Files\AOL\1134443394\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-03-20 16:34 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2008-07-11 17:48 641208 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
--a------ 2008-06-13 01:59 1176808 C:\PROGRA~1\McAfee\MHN\McENUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2002-07-09 18:45 28672 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MWLExe]
--a------ 2007-07-28 08:32 1279336 C:\Program Files\McAfee\MWL\MwlGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
--a------ 2002-12-03 18:06 45056 C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-19 20:44 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2003-10-05 22:57 24576 C:\WINDOWS\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Facegame"="C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Application Data\Facegame\Facegame.exe" 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent
"Google Update"="C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"WD Button Manager"=WDBtnMgr.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1134443394\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1134443394\\ee\\aim6.exe"=
"C:\\Nicholas's Games\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Nicholas's Games\\Civ4\\Civilization4.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2006-08-07 2560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 PfDetNT;PfDetNT;C:\WINDOWS\system32\drivers\PfModNT.sys [2003-03-05 15840]
S3 krdpdre;krdpdre;C:\DOCUME~1\NICHOL~1.000\LOCALS~1\Temp\krdpdre.sys [ ]
S3 RkPavproc1;RkPavproc1;C:\WINDOWS\system32\drivers\RkPavproc1.sys [ ]
S3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\yukonx86.sys [2003-12-22 176256]
S4 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{188a6cd6-ea65-11dc-8262-00138ff67e60}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{861c34c0-6cfb-11da-8357-00112f708bd0}]
\Shell\AutoRun\command - D:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5c91581-33be-11db-9330-00112f708bd0}]
\Shell\AutoRun\command - D:\setup.EXE /autorun
\Shell\dxsetup\command - D:\directx\dxsetup.exe
\Shell\Register\command - extras\runshell http://www.microsoft.com/games/product_registration/cfs3/
\Shell\setup\command - D:\setup.exe
\Shell\Web\command - extras\runshell http://www.microsoft.com/games/cfs3/

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e40dd3b6-ee34-11dc-826b-00138ff67e60}]
\Shell\AutoRun\command - wd_windows_tools\WDEULA.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-11-01 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-29 16:40]

2006-11-20 C:\WINDOWS\Tasks\McDefragTask.job
- C:\WINDOWS\system32\defrag.exe [2008-04-13 16:12]

2008-01-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-iLike - C:\Program Files\iLike\1.1.26\ilikesidebar.exe
MSConfigStartUp-PlaxoUpdate - C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\qttask.exe
MSConfigStartUp-SiteAdvisor - C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
MSConfigStartUp-WhenUSave - C:\Program Files\Save\Save.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 12:28:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
.
Completion time: 2008-11-01 12:32:28
ComboFix-quarantined-files.txt 2008-11-01 20:31:24

Pre-Run: 71,343,259,648 bytes free
Post-Run: 71,327,547,392 bytes free

287 --- E O F --- 2008-10-30 03:17:06

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:49 AM

Posted 01 November 2008 - 04:32 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Driver::
krdpdre

File::
C:\DOCUME~1\NICHOL~1.000\LOCALS~1\Temp\krdpdre.sys
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


=================


Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please click OTMoveIt3 and then click >> run.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Commands
    [EmptyTemp]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



How is your computer working now? Are you still being redirected?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 nickkmet

nickkmet
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 01 November 2008 - 09:22 PM

Here's the ComboFix Log:

ComboFix 08-11-01.01 - Nicholas 2008-11-01 18:36:21.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.615 [GMT -8:00]
Running from: C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\DOCUME~1\NICHOL~1.000\LOCALS~1\Temp\krdpdre.sys
.

((((((((((((((((((((((((( Files Created from 2008-10-02 to 2008-11-02 )))))))))))))))))))))))))))))))
.

2008-11-01 17:10 . 2008-11-01 17:46 <DIR> d-------- C:\SDFix
2008-10-31 18:58 . 2008-10-31 18:58 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-31 18:53 . 2008-10-31 18:54 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-30 22:25 . 2008-10-30 22:25 <DIR> d-------- C:\Program Files\FileASSASSIN
2008-10-29 19:09 . 2008-10-29 19:09 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-10-29 19:08 . 2008-10-29 19:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-28 19:11 . 2008-10-03 09:41 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-28 19:11 . 2007-04-17 01:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-28 19:11 . 2007-03-07 21:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-28 19:11 . 2008-08-25 23:24 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-28 19:11 . 2008-08-25 23:24 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-28 19:11 . 2008-08-25 23:24 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-28 19:11 . 2008-08-25 23:24 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-28 19:11 . 2008-08-25 23:24 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-28 19:11 . 2008-08-25 00:38 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-28 15:05 . 2008-08-14 02:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-28 15:05 . 2008-08-14 02:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-28 15:05 . 2008-08-14 01:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-28 15:05 . 2008-08-14 01:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-28 15:05 . 2008-09-15 04:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-28 15:05 . 2008-04-11 11:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-28 15:05 . 2008-05-01 06:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-10-28 15:05 . 2008-06-13 03:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-28 15:05 . 2008-05-08 06:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-10-28 15:05 . 2008-08-14 02:04 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-10-28 15:04 . 2008-09-08 02:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-28 14:24 . 2008-10-15 08:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-27 22:27 . 2004-08-04 04:00 381,425 -----c--- C:\WINDOWS\system32\dllcache\copycd.wmv
2008-10-27 20:11 . 2008-04-13 16:11 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-10-27 20:10 . 2004-08-04 04:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-10-27 20:09 . 2008-04-13 16:09 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-10-27 20:07 . 2008-10-27 20:07 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-27 20:06 . 2008-10-27 20:06 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-10-27 20:06 . 2008-10-27 20:06 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-10-27 20:06 . 2008-10-27 20:06 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-10-27 20:06 . 2008-10-27 20:06 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-10-27 20:04 . 2008-04-13 16:12 151,552 --a------ C:\WINDOWS\system32\irftp.exe
2008-10-27 20:04 . 2008-04-13 10:54 88,192 --a------ C:\WINDOWS\system32\drivers\irda.sys
2008-10-27 20:04 . 2008-04-13 16:11 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2008-10-27 20:04 . 2008-04-13 16:12 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-10-27 20:02 . 2001-08-17 13:51 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2008-10-27 20:00 . 2008-10-27 20:13 <DIR> d-------- C:\WINDOWS\NV692388.TMP
2008-10-27 20:00 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-10-27 19:59 . 2001-08-17 13:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2008-10-27 18:43 . 2004-08-04 04:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-10-27 18:32 . 2008-10-27 18:52 <DIR> d-------- C:\WINDOWS\NV700500.TMP
2008-10-27 18:26 . 2004-08-04 04:00 1,086,058 -ra------ C:\WINDOWS\SET92.tmp
2008-10-27 18:26 . 2004-08-04 04:00 1,042,903 -ra------ C:\WINDOWS\SET8F.tmp
2008-10-27 18:26 . 2004-08-04 04:00 13,753 -ra------ C:\WINDOWS\SET9E.tmp
2008-10-27 18:25 . 2008-10-27 18:25 <DIR> d---s---- C:\WINDOWS\system32\config\systemprofile\History
2008-10-27 18:25 . 2008-10-27 18:57 389,649 --a------ C:\WINDOWS\setupapi.old
2008-10-27 17:27 . 2008-10-27 17:27 <DIR> d-------- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Application Data\Uniblue
2008-10-27 16:38 . 2008-11-01 17:12 31,056 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
2008-10-27 16:38 . 2008-11-01 17:12 31,056 --a------ C:\WINDOWS\system32\BMXState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
2008-10-27 16:38 . 2008-11-01 17:12 30,528 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
2008-10-27 16:38 . 2008-11-01 17:12 30,528 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
2008-10-27 16:38 . 2008-11-01 17:12 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-10-27 16:38 . 2008-11-01 17:12 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-10-27 16:38 . 2008-11-01 17:12 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
2008-10-27 16:38 . 2008-11-01 17:12 384 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
2008-10-27 16:23 . 2008-11-01 17:29 8,768 --a------ C:\WINDOWS\system32\Config.MPF
2008-10-27 16:20 . 2008-11-01 17:29 13,646 --a------ C:\WINDOWS\system32\wpa.dbl
2008-10-26 20:36 . 2008-06-19 16:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-26 20:35 . 2008-10-26 20:35 <DIR> d-------- C:\Program Files\Panda Security
2008-10-26 20:13 . 2008-10-27 16:02 208 --a------ C:\WINDOWS\wininit.ini
2008-10-26 19:35 . 2008-10-27 14:14 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-26 19:35 . 2008-10-27 14:15 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-22 18:57 . 2008-10-22 18:57 53,000 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-10-22 16:37 . 2008-10-22 19:26 961 --a------ C:\WINDOWS\STBC.ini
2008-10-08 20:32 . 2008-10-08 20:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-08 20:29 . 2008-10-30 15:26 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 22:12 --------- d-----w C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Application Data\uTorrent
2008-11-01 06:44 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-11-01 03:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-10-31 06:35 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-10-30 23:41 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-10-28 22:26 --------- d-----w C:\Program Files\MSN Messenger
2008-10-28 01:39 --------- d-----w C:\Program Files\Microsoft Works
2008-10-28 01:38 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-10-28 01:38 --------- d-----w C:\Program Files\Common Files\L&H
2008-10-23 03:20 --------- d-----w C:\Program Files\Picasa2
2008-10-23 00:10 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-23 00:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-10-21 16:41 --------- d-----w C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\SACore
2008-10-20 04:12 --------- d-----w C:\Program Files\Finale 2006
2008-10-09 04:33 --------- d-----w C:\Program Files\iTunes
2008-10-09 04:32 --------- d-----w C:\Program Files\iPod
2008-10-09 04:29 --------- d-----w C:\Program Files\Common Files\Apple
2008-10-09 04:27 --------- d-----w C:\Program Files\Apple Software Update
2008-10-01 05:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor
2008-10-01 05:17 --------- d-----w C:\Program Files\McAfee
2008-09-30 21:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-09-17 03:56 --------- d-----w C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Application Data\U3
2008-09-15 22:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 04:24 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-15 04:24 --------- d-----w C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Application Data\SPORE
2008-09-13 01:04 --------- d-----w C:\Program Files\SpyNoMore
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2003-11-06 03:39 424,960 ----a-w C:\Documents and Settings\Do not use this folder\namespace.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512]
"Google Update"="C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-29 133104]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-09 1862144]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--a------ 2003-06-18 01:00 45056 C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 16:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2003-09-17 10:43 57344 C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 16:24 50760 C:\Program Files\Common Files\AOL\1134443394\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-03-20 16:34 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2008-07-11 17:48 641208 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
--a------ 2008-06-13 01:59 1176808 C:\PROGRA~1\McAfee\MHN\McENUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2002-07-09 18:45 28672 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MWLExe]
--a------ 2007-07-28 08:32 1279336 C:\Program Files\McAfee\MWL\MwlGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
--a------ 2002-12-03 18:06 45056 C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-19 20:44 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2003-10-05 22:57 24576 C:\WINDOWS\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Facegame"="C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Application Data\Facegame\Facegame.exe" 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"WD Button Manager"=WDBtnMgr.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1134443394\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1134443394\\ee\\aim6.exe"=
"C:\\Nicholas's Games\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Nicholas's Games\\Civ4\\Civilization4.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2006-08-07 2560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 PfDetNT;PfDetNT;C:\WINDOWS\system32\drivers\PfModNT.sys [2003-03-05 15840]
S3 RkPavproc1;RkPavproc1;C:\WINDOWS\system32\drivers\RkPavproc1.sys [ ]
S3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\yukonx86.sys [2003-12-22 176256]
S4 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{188a6cd6-ea65-11dc-8262-00138ff67e60}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{861c34c0-6cfb-11da-8357-00112f708bd0}]
\Shell\AutoRun\command - D:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5c91581-33be-11db-9330-00112f708bd0}]
\Shell\AutoRun\command - D:\setup.EXE /autorun
\Shell\dxsetup\command - D:\directx\dxsetup.exe
\Shell\Register\command - extras\runshell http://www.microsoft.com/games/product_registration/cfs3/
\Shell\setup\command - D:\setup.exe
\Shell\Web\command - extras\runshell http://www.microsoft.com/games/cfs3/

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e40dd3b6-ee34-11dc-826b-00138ff67e60}]
\Shell\AutoRun\command - wd_windows_tools\WDEULA.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-11-02 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\Nicholas.NANCY-561AA26BC.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-29 16:40]

2006-11-20 C:\WINDOWS\Tasks\McDefragTask.job
- C:\WINDOWS\system32\defrag.exe [2008-04-13 16:12]

2008-01-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 18:38:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
.
Completion time: 2008-11-01 18:42:42
ComboFix-quarantined-files.txt 2008-11-02 02:41:46
ComboFix2.txt 2008-11-02 02:33:35

Pre-Run: 73,739,063,296 bytes free
Post-Run: 73,723,985,920 bytes free

275 --- E O F --- 2008-10-30 03:17:06



Here's the OTMoveIt3 Log:

========== COMMANDS ==========
File delete failed. C:\DOCUME~1\NICHOL~1.000\LOCALS~1\Temp\etilqs_ooRr6XAV0uPTP4Y scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_DpkLN2kcSvcnwR1 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_yVUtd0yyObfE3Gi scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_637RZhhSTegMJxE scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_anK0bR7TjBlgQZo scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_Auo6EkwX1HSbbd4 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_cIKXexGsgZeOefU scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_j9XD4FzkK6xod2r scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_lwY1T9X1nqpxcnr scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_Zjt4xkTEApdBk5l scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV23.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11012008_190916

Files moved on Reboot...
File C:\DOCUME~1\NICHOL~1.000\LOCALS~1\Temp\etilqs_ooRr6XAV0uPTP4Y not found!
File C:\WINDOWS\temp\mcmsc_DpkLN2kcSvcnwR1 not found!
File C:\WINDOWS\temp\mcmsc_yVUtd0yyObfE3Gi not found!
C:\WINDOWS\temp\sqlite_637RZhhSTegMJxE moved successfully.
C:\WINDOWS\temp\sqlite_anK0bR7TjBlgQZo moved successfully.
C:\WINDOWS\temp\sqlite_Auo6EkwX1HSbbd4 moved successfully.
C:\WINDOWS\temp\sqlite_cIKXexGsgZeOefU moved successfully.
C:\WINDOWS\temp\sqlite_j9XD4FzkK6xod2r moved successfully.
C:\WINDOWS\temp\sqlite_lwY1T9X1nqpxcnr moved successfully.
C:\WINDOWS\temp\sqlite_Zjt4xkTEApdBk5l moved successfully.
File C:\WINDOWS\temp\WFV23.tmp not found!


Here's the Moved Files Log:

========== COMMANDS ==========
File delete failed. C:\DOCUME~1\NICHOL~1.000\LOCALS~1\Temp\etilqs_ooRr6XAV0uPTP4Y scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_DpkLN2kcSvcnwR1 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_yVUtd0yyObfE3Gi scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_637RZhhSTegMJxE scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_anK0bR7TjBlgQZo scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_Auo6EkwX1HSbbd4 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_cIKXexGsgZeOefU scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_j9XD4FzkK6xod2r scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_lwY1T9X1nqpxcnr scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_Zjt4xkTEApdBk5l scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV23.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11012008_190916

Files moved on Reboot...
File C:\DOCUME~1\NICHOL~1.000\LOCALS~1\Temp\etilqs_ooRr6XAV0uPTP4Y not found!
File C:\WINDOWS\temp\mcmsc_DpkLN2kcSvcnwR1 not found!
File C:\WINDOWS\temp\mcmsc_yVUtd0yyObfE3Gi not found!
C:\WINDOWS\temp\sqlite_637RZhhSTegMJxE moved successfully.
C:\WINDOWS\temp\sqlite_anK0bR7TjBlgQZo moved successfully.
C:\WINDOWS\temp\sqlite_Auo6EkwX1HSbbd4 moved successfully.
C:\WINDOWS\temp\sqlite_cIKXexGsgZeOefU moved successfully.
C:\WINDOWS\temp\sqlite_j9XD4FzkK6xod2r moved successfully.
C:\WINDOWS\temp\sqlite_lwY1T9X1nqpxcnr moved successfully.
C:\WINDOWS\temp\sqlite_Zjt4xkTEApdBk5l moved successfully.
File C:\WINDOWS\temp\WFV23.tmp not found!



I am no longer being redirected, but an internet explorer icon keeps popping up on my desktop everytime i reboot if i delete it before hand.

Also, SpyBotSD tells me occasionally that something is trying to change my default search to either a go.google.com search, or a ie.windowslive.com search, so there still has to be something going on.

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:49 AM

Posted 02 November 2008 - 11:07 AM

That sounds like Google update to me. Malware wouldn't try to change your default search to either of those sites. That's a legitimate program change.

Do you mean you are getting the original IE icon on your desktop, or additional ones each time you reboot?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 nickkmet

nickkmet
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 02 November 2008 - 02:58 PM

i'm getting an original IE icon on my desktop. I suppose it could just be from Windows. It didn't show up when i logged on today. maybe we got all the crap that was on my computer. I also haven't gotten any warnings from SpyBot either yet.

Also, i'm pretty sure it's not a google update. Just by typing in "go.google redirect" into google, there are plenty of people with the same problem. It almost always appears to be in relation to the TDSS trojan/rootkit as well. But i think the problem is gone now. Before, i would always detect a TDSS file whenever i ran MBAM, no matter how many times i had MBAM delete it. I ran a scan today, and it didn't find it, so i'm probably clean.

If anything, i'd like to run a rootkit check, but i thought that's what combofix does?

Otherwise, i think we've got it all, and i'm very grateful for your help.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:49 AM

Posted 02 November 2008 - 03:11 PM

Let's do it.

Download gmer.zip and save to your desktop.
alternate download site 1
alternate download site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    *System Protection and Tracing
    *Processes
    *Save created processes to the log
    *Drivers
    *Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 nickkmet

nickkmet
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 02 November 2008 - 06:17 PM

Here's the gmer.txt file. and TDSS is there.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-03 03:12:53
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF75BB818]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xF75BB7D0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF75AFA20]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF75B02A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF75BB910]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF75BB794]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF75B02C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF75BB866]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF75BB0B0]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF3AE89D2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF3AE897D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF3AE8996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF3AE8A7E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF3AE8AAA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF3AE8A12]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF3AE8B41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF3AE8950]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF3AE8964]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF3AE89E6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF3AE8AEC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF3AE8A94]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF3AE8B69]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF3AE8B55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF3AE89BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF3AE89AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF3AE8AC0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF3AE8A41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF3AE8B2B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF3AE8A28]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF3AE89FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

PAGE ntoskrnl.exe!ZwSetValueKey + 3 8058228F 4 Bytes [ 56, 73, 90, 90 ]

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F4D
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F5E
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070F79
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070FA5
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070070
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0007005F
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700B0
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F17
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00070EFC
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00070F94
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00070F28
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00070FC0
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00070011
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 0007008B
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00060062
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00060FCA
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00060051
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00060FA5
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 26, 88 ]
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0006002C
.text C:\WINDOWS\system32\services.exe[792] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01010FEF
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01010043
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01010F4E
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01010F5F
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01010F7C
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01010014
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01010F1F
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01010065
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01010EE2
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01010EF3
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01010ED1
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01010F8D
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01010FDE
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01010054
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01010FA8
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01010FCD
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01010F04
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00FF0040
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00FF0FB6
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00FF002F
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00FF0014
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00FF0073
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00FF0062
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00FF0051
.text C:\WINDOWS\system32\lsass.exe[804] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02460000
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02460FA3
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02460098
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0246007D
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02460FCA
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02460051
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02460F75
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02460F86
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 024600F0
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 024600DF
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02460F46
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02460062
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02460011
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 024600BD
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02460FDB
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02460022
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 024600CE
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02450FDB
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02450F9B
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02450036
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0245001B
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02450062
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 0245000A
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02450FCA
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 65, 8A ]
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02450051
.text C:\WINDOWS\system32\svchost.exe[980] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CB000A
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CB00C6
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CB00AB
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CB008E
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CB007D
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CB0051
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CB00E3
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CB0F9B
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CB010F
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CB0F76
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CB0120
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CB0062
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CB0025
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CB0FAC
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CB0FE5
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CB0036
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CB00F4
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CA0FC3
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CA0F86
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CA0014
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CA0FDE
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CA0F97
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00CA0039
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CA0FB2
.text C:\WINDOWS\system32\svchost.exe[1028] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C80000
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03A50000
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [ E9 ]
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!VirtualProtectEx + 2 7C801A63 3 Bytes [ E5, 24, 87 ]
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03A50F70
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03A50F8B
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03A50054
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03A50FB9
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03A500B1
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03A5008A
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03A50F18
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03A50F33
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 03A500CC
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 03A50FA8
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 03A50011
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 03A50F5F
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 03A50FCA
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 03A50FDB
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 03A50F44
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 03A30036
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 03A30FB2
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 03A30025
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 03A30FEF
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 03A30FC3
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 03A30000
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 03A30065
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 03A30FD4
.text C:\WINDOWS\System32\svchost.exe[1124] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03A10000
.text C:\WINDOWS\System32\svchost.exe[1124] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 03A40FEF
.text C:\WINDOWS\System32\svchost.exe[1124] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 03A40FDE
.text C:\WINDOWS\System32\svchost.exe[1124] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 03A40FB9
.text C:\WINDOWS\System32\svchost.exe[1124] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 03A40F9E
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009C009A
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C0FA5
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C0089
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C0062
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C0FDB
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009C00BC
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009C0F80
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C0F59
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C00F2
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 009C010D
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 009C0FC0
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 009C0011
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 009C00AB
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 009C0047
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 009C002C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 009C00D7
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 009B002C
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 009B0FAF
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 009B001B
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 009B0FE5
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 009B0FC0
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 009B0062
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 009B0047
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00990000
.text C:\WINDOWS\system32\wuauclt.exe[1284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\wuauclt.exe[1284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0098
.text C:\WINDOWS\system32\wuauclt.exe[1284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0087
.text C:\WINDOWS\system32\wuauclt.exe[1284] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0FB9
.text C:\WINDOWS\system32\wuauclt.exe[1284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0FCA
.text C:\WINDOWS\system32\wuauclt.exe[1284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FDB
.text C:\WINDOWS\system32\wuauclt.exe[1284] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F88
.text C:\WINDOWS\system32\wuauclt.exe[1284] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B00D0
.text C:\WINDOWS\system32\wuauclt.exe[1284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0110
.text C:\WINDOWS\system32\wuauclt.exe[1284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00F5
.text C:\WINDOWS\system32\wuauclt.exe[1284] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001B012B
.text C:\WINDOWS\system32\wuauclt.exe[1284] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001B0062
.text C:\WINDOWS\system32\wuauclt.exe[1284] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\wuauclt.exe[1284] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001B00A9
.text C:\WINDOWS\system32\wuauclt.exe[1284] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001B003D
.text C:\WINDOWS\system32\wuauclt.exe[1284] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001B002C
.text C:\WINDOWS\system32\wuauclt.exe[1284] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001B0F77
.text C:\WINDOWS\system32\wuauclt.exe[1284] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002B0F94
.text C:\WINDOWS\system32\wuauclt.exe[1284] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002B0F68
.text C:\WINDOWS\system32\wuauclt.exe[1284] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002B0FB9
.text C:\WINDOWS\system32\wuauclt.exe[1284] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002B0FCA
.text C:\WINDOWS\system32\wuauclt.exe[1284] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002B0025
.text C:\WINDOWS\system32\wuauclt.exe[1284] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002B0FE5
.text C:\WINDOWS\system32\wuauclt.exe[1284] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 002B0F83
.text C:\WINDOWS\system32\wuauclt.exe[1284] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 4B, 88 ]
.text C:\WINDOWS\system32\wuauclt.exe[1284] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\wuauclt.exe[1284] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003C0000
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EF0FEF
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EF006F
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EF0054
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EF0043
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EF0032
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EF0FAB
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EF00AE
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EF0091
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EF00E4
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EF0F4B
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00EF00FF
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00EF0F9A
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00EF0FDE
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00EF0080
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00EF0FBC
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00EF0FCD
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00EF00C9
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00ED0014
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00ED0051
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00ED0FC3
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00ED0FD4
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00ED0F9E
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00ED0FE5
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00ED0040
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00ED0025
.text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\svchost.exe[1316] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00EE0000
.text C:\WINDOWS\system32\svchost.exe[1316] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00EE001B
.text C:\WINDOWS\system32\svchost.exe[1316] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00EE002C
.text C:\WINDOWS\system32\svchost.exe[1316] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00EE0047
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01840FEF
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01840F7A
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0184006F
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0184005E
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01840FA1
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01840043
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 018400A5
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01840094
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01840F31
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01840F42
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 018400E5
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01840FB2
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01840FDE
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01840F69
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01840028
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01840FCD
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 018400C0
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D1002C
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D10FA5
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D10FE5
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D1001B
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D10FB6
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D10000
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00D1004E
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D1003D
.text C:\WINDOWS\Explorer.EXE[1596] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\Explorer.EXE[1596] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00D20FDE
.text C:\WINDOWS\Explorer.EXE[1596] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00D20FC3
.text C:\WINDOWS\Explorer.EXE[1596] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00D20FA8
.text C:\WINDOWS\Explorer.EXE[1596] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CF0000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1700] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1700] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 86F0FFB0

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Cdrom \Device\CdRom0 86C61BD0
Device \FileSystem\Rdbss \Device\FsWrap 86DD59C8
Device \Driver\Cdrom \Device\CdRom1 86C61BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86B793E8
Device \Driver\atapi \Device\Ide\IdePort0 86B793E8
Device \Driver\atapi \Device\Ide\IdePort1 86B793E8
Device \Driver\atapi \Device\Ide\IdePort2 86B793E8
Device \Driver\atapi \Device\Ide\IdePort3 86B793E8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 86B793E8
Device \FileSystem\Srv \Device\LanmanServer 86C16FB0

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86DF36C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86DF36C8
Device \FileSystem\Npfs \Device\NamedPipe 86E629F0
Device \FileSystem\Msfs \Device\Mailslot 86BC13D0
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 86B768F0
Device \Driver\d347prt \Device\Scsi\d347prt1 86B768F0
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 86E1D090
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 86E1D090
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 86E1D090
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 86E1D090
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 86E1D090
Device \FileSystem\Cdfs \Cdfs 86B81D98

---- Modules - GMER 1.0.14 ----

Module _________ F7566000-F757E000 (98304 bytes)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\$winnt32$_test
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41@hj34z0 0x7A 0x7E 0x6F 0x91 ...
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssserf \systemroot\system32\TDSSrhym.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSmaxt.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSoexh.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssserf \systemroot\system32\TDSSrhym.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSmaxt.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSoexh.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssserf \systemroot\system32\TDSSrhym.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSmaxt.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSoexh.log
Reg HKLM\SOFTWARE\Classes\CLSID\{5E0963E7-CF46-1B5D-310DACB8805375B2}\{86E3B77C-EAE1-9D87-4C70ABEC16202E62}\{393DA271-51DF-0FF7-C96F576EB71CB867}
Reg HKLM\SOFTWARE\Classes\CLSID\{5E0963E7-CF46-1B5D-310DACB8805375B2}\{86E3B77C-EAE1-9D87-4C70ABEC16202E62}\{393DA271-51DF-0FF7-C96F576EB71CB867}@L5OTYL4OSK54QTZWOGJWMONWTG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{A754038D-5461-C6FF-89A37522C498DE93}\{1089EA54-87DF-A583-56CE37BECDECB43B}\{5F10775F-480B-9EA7-99D54B1CB86EF9A3}
Reg HKLM\SOFTWARE\Classes\CLSID\{A754038D-5461-C6FF-89A37522C498DE93}\{1089EA54-87DF-A583-56CE37BECDECB43B}\{5F10775F-480B-9EA7-99D54B1CB86EF9A3}@2EQJ2Z3RJDTDB2HBN4IWIN4ITC1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{B3A3A58F-967E-A40A-C7DDFB524B0CDFB3}\{B28E8422-363F-1C4B-CC056478281B7FCE}\{569EFB20-10B3-C9F5-895B6A19B8852344}
Reg HKLM\SOFTWARE\Classes\CLSID\{B3A3A58F-967E-A40A-C7DDFB524B0CDFB3}\{B28E8422-363F-1C4B-CC056478281B7FCE}\{569EFB20-10B3-C9F5-895B6A19B8852344}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EF6C66C5-6F12-D03C-CBD6A967D3458FDE}\{1BFBC393-D5EA-0E65-643DBB56CFD38894}\{E801FD1E-2051-63AF-31DD653F6F47DAA3}
Reg HKLM\SOFTWARE\Classes\CLSID\{EF6C66C5-6F12-D03C-CBD6A967D3458FDE}\{1BFBC393-D5EA-0E65-643DBB56CFD38894}\{E801FD1E-2051-63AF-31DD653F6F47DAA3}@TU4WOU1J6ARI5KX1FANSH3C1OF1 0x01 0x00 0x01 0x00 ...

---- EOF - GMER 1.0.14 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users