Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo / Virtumonde Infection


  • This topic is locked This topic is locked
9 replies to this topic

#1 ktb2008

ktb2008

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 02 October 2008 - 08:48 PM

My computer was infect with a Vundo / Virtumonde trojan this past week. To resolve it, I ran scans using my McAfee antivirus program, then I used SpyBot Search and Destroy, followed by SuperAntiSpyWare, followed by a Symantec Vundo Removal Tool, and finished with VundoFix.exe from www.atribune.org. These products appeared to remove the infection - I stopped having pop-ups appear randomly, and my computer would allow me to reenable the Automatic Update Service, which had been disabled by this attack and then would not allow me to reenable it. However, now I am having problems with various websites not loading properly. Specifically my Yahoo! Mail (the newest version) will not load messages quickly and the calendar bar will not load. Other pages are not loading properly either. Thank you for your help! My HiJackThis log follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:38 PM, on 10/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;*.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {3DE10355-6D7D-4976-8694-628222638092} - C:\WINDOWS\system32\hgGyxWqq.dll
O2 - BHO: (no name) - {453F51E8-FEF5-4C54-B136-944BF434360C} - C:\WINDOWS\system32\ssqOGXno.dll
O2 - BHO: (no name) - {64972CC7-F4DE-43BD-AF9E-6DEA7DFA5C84} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {D696FA15-A067-4097-B11B-FAA945F9A2E5} - (no file)
O2 - BHO: (no name) - {F340B343-D246-4FC9-AD24-79A29D96244B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BMf3f82aab] Rundll32.exe "C:\WINDOWS\system32\kcigfooa.dll",s
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files\VnrBlock\VnrBlock21.exe"
O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe"
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\system32\PPPATC~1\rundll32.exe" -vt yazb
O4 - HKCU\..\Run: [Haveofr] C:\WINDOWS\SYSTEM32\??crosoft.NET\t?skmgr.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O15 - Trusted Zone: http://vs2005stage.iamaw.org
O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...84/mcinsctl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = iamaw.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = iamaw.org
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = iamaw.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = iamaw.org
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: tawgdo.dll
O20 - Winlogon Notify: ssqOGXno - C:\WINDOWS\SYSTEM32\ssqOGXno.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10604 bytes

BC AdBot (Login to Remove)

 


m

#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:17 AM

Posted 02 October 2008 - 09:01 PM

Hello, ktb2008.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
You appear to have Weather Bug installed
The free version of Weather Bug is generally considered to be adware. As such, it is up to you whether you wish to remove it or leave it installed. The information here and here may help you decide. If you wish to uninstall this: First, right click the WeatherBug icon in the systray and disable it, then go to Add/Remove Programs and uninstall from there.

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\WINDOWS\system32\hgGyxWqq.dll
    C:\WINDOWS\system32\ssqOGXno.dll
    C:\WINDOWS\system32\kcigfooa.dll
    C:\Program Files\VnrBlock
    C:\Program Files\GetPack
    C:\WINDOWS\SYSTEM32\??crosoft.NET\t?skmgr.exe /u
    C:\WINDOWS\system32\PPPATC~1\rundll32.exe
    C:\WINDOWS\SYSTEM32\ssqOGXno.dll
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3DE10355-6D7D-4976-8694-628222638092}]
    [-HKEY_CLASSES_ROOT\CLSID\{3DE10355-6D7D-4976-8694-628222638092}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{453F51E8-FEF5-4C54-B136-944BF434360C}]
    [-HKEY_CLASSES_ROOT\CLSID\{453F51E8-FEF5-4C54-B136-944BF434360C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64972CC7-F4DE-43BD-AF9E-6DEA7DFA5C84}]
    [-HKEY_CLASSES_ROOT\CLSID\{64972CC7-F4DE-43BD-AF9E-6DEA7DFA5C84}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D696FA15-A067-4097-B11B-FAA945F9A2E5}]
    [-HKEY_CLASSES_ROOT\CLSID\{D696FA15-A067-4097-B11B-FAA945F9A2E5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F340B343-D246-4FC9-AD24-79A29D96244B}]
    [-HKEY_CLASSES_ROOT\CLSID\{F340B343-D246-4FC9-AD24-79A29D96244B}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BMf3f82aab"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VnrBlock21"=-
    "GetPack21"=-
    "Aida"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}]
    [-HKEY_CLASSES_ROOT\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}]
    [HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters]
    "SearchList"=""
    [HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters]
    "SearchList"=""
    [HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters]
    "SearchList"=""
    [HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters]
    "SearchList"=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqOGXno]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "bestreak"=-
    [-HKEY_CLASSES_ROOT\CLSID\{874443fe-aa33-4ebf-a6ac-73208787e62d}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{874443fe-aa33-4ebf-a6ac-73208787e62d}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{874443fe-aa33-4ebf-a6ac-73208787e62d}]
    
    :commands
    [Purity]
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTMoveIt3's Log
  • OTViewIt.txt
  • Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 ktb2008

ktb2008
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 03 October 2008 - 08:37 PM

Hi Billy,

Thank you for your prompt reply, and for your help. I'm sorry that it took me so long to respond, but I had to go to work today in order to pay the bills. :thumbsup: Before I post my logs, I do have two confessions to make. First, I removed Weatherbug. Second, because it was giving me error messages whenever I ran a program, I moved the file tawgdo.dll from the C:/windows/system32/ directory to a folder on my desktop. It was giving me messages saying that it was not a valid windows image, and was annoying me. I know you said not to change anything, so all I can do is beg forgiveness! :) Nevertheless, here are my logs:

OTMoveIt3

========== FILES ==========
LoadLibrary failed for C:\WINDOWS\system32\hgGyxWqq.dll
C:\WINDOWS\system32\hgGyxWqq.dll NOT unregistered.
C:\WINDOWS\system32\hgGyxWqq.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ssqOGXno.dll
C:\WINDOWS\system32\ssqOGXno.dll NOT unregistered.
C:\WINDOWS\system32\ssqOGXno.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\kcigfooa.dll
C:\WINDOWS\system32\kcigfooa.dll NOT unregistered.
C:\WINDOWS\system32\kcigfooa.dll moved successfully.
File/Folder C:\Program Files\VnrBlock not found.
File/Folder C:\Program Files\GetPack not found.
File/Folder C:\WINDOWS\SYSTEM32\??crosoft.NET\t?skmgr.exe not found.
File/Folder C:\WINDOWS\system32\PPPATC~1\rundll32.exe not found.
File/Folder C:\WINDOWS\SYSTEM32\ssqOGXno.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3DE10355-6D7D-4976-8694-628222638092}\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{3DE10355-6D7D-4976-8694-628222638092}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{453F51E8-FEF5-4C54-B136-944BF434360C}\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{453F51E8-FEF5-4C54-B136-944BF434360C}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64972CC7-F4DE-43BD-AF9E-6DEA7DFA5C84}\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{64972CC7-F4DE-43BD-AF9E-6DEA7DFA5C84}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D696FA15-A067-4097-B11B-FAA945F9A2E5}\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{D696FA15-A067-4097-B11B-FAA945F9A2E5}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F340B343-D246-4FC9-AD24-79A29D96244B}\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{F340B343-D246-4FC9-AD24-79A29D96244B}\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BMf3f82aab deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VnrBlock21 deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GetPack21 deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Aida deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\\ not found.
Unable to set value : HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\\"SearchList"|"" /E!
Unable to set value : HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\\"SearchList"|"" /E!
Unable to set value : HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\\"SearchList"|"" /E!
Unable to set value : HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\"SearchList"|"" /E!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqOGXno\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\bestreak deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{874443fe-aa33-4ebf-a6ac-73208787e62d}\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{874443fe-aa33-4ebf-a6ac-73208787e62d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{874443fe-aa33-4ebf-a6ac-73208787e62d}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{874443fe-aa33-4ebf-a6ac-73208787e62d}\\ not found.
========== COMMANDS ==========
C:\WINDOWS\system32\Міcrosoft.NET moved successfully.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_O5qdsau13dLhx0I scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_e41HO1qnM9mCRSy scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_jB6TtXRASwQvH5z scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_t63Q2h6siX6wAhX scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_tcfbbddhffcFQii scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_ZYb1qIB4Fy54mQR scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.2.2 log created on 10032008_204932

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be moved on reboot.
File C:\WINDOWS\temp\mcafee_O5qdsau13dLhx0I not found!
File C:\WINDOWS\temp\mcmsc_e41HO1qnM9mCRSy not found!
File C:\WINDOWS\temp\mcmsc_jB6TtXRASwQvH5z not found!
File C:\WINDOWS\temp\mcmsc_t63Q2h6siX6wAhX not found!
C:\WINDOWS\temp\mcmsc_tcfbbddhffcFQii moved successfully.
File C:\WINDOWS\temp\mcmsc_ZYb1qIB4Fy54mQR not found!

OTViewIt.txt:

OTViewIt logfile created on: 10/3/2008 9:21:01 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Keith\Desktop\Scanning Tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.48 Mb Total Physical Memory | 268.92 Mb Available Physical Memory | 35.08% Memory free
1.08 Gb Paging File | 0.65 Gb Available in Paging File | 59.59% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 9.08 Gb Free Space | 24.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KTBURNEY
Current User Name: Keith
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/04/13 19:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\cisvc.exe
[2008/06/16 23:34:55 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2001/11/26 20:54:02 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2005/10/19 07:59:12 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe
[2003/08/29 03:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
[2001/10/09 02:59:00 | 00,200,704 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\iTouch\iTouch.exe
[2001/10/09 10:41:00 | 00,035,328 | ---- | M] (Logitech Inc. ) -- C:\Program Files\MouseWare\system\EM_EXEC.EXE
[2002/04/10 17:44:04 | 00,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
[2001/08/01 13:30:26 | 00,094,208 | ---- | M] () -- C:\Program Files\QUICKENW\qagent.exe
[2003/07/28 08:43:44 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe
[2003/05/21 17:37:08 | 00,229,437 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[2005/02/16 23:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
[2004/05/12 15:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/06/16 23:35:03 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2001/02/28 11:42:44 | 00,065,536 | ---- | M] (Marimba Inc.) -- C:\WINDOWS\SYSTEM32\mrtMngr.exe
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2008/06/23 04:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2002/08/29 06:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
[2002/08/29 06:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
[2008/10/03 19:54:50 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Keith\Desktop\Scanning Tools\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/04/13 19:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\cisvc.exe -- (CiSvc [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/06/16 23:34:55 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2001/11/26 20:54:02 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
[2008/05/26 22:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\searchindexer.exe -- (WSearch [On_Demand | Stopped])

========== Driver Services ==========

[2001/08/17 14:52:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ABP480N5.SYS -- (abp480n5 [Disabled | Stopped])
[2001/08/17 15:07:32 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ADPU160M.SYS -- (adpu160m [Disabled | Stopped])
[2002/04/01 14:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2005/03/23 21:09:44 | 00,043,672 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
[2008/04/13 13:36:39 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\agpcpq.sys -- (agpCPQ [Disabled | Stopped])
[2001/08/17 14:52:02 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AHA154X.SYS -- (Aha154x [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AIC78U2.SYS -- (aic78u2 [Disabled | Stopped])
[2001/08/17 15:07:38 | 00,056,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AIC78XX.SYS -- (aic78xx [Disabled | Stopped])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde [Disabled | Stopped])
[2008/04/13 13:36:38 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\alim1541.sys -- (alim1541 [Disabled | Stopped])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 14:52:04 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AMSINT.SYS -- (amsint [Disabled | Stopped])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc [Disabled | Stopped])
[2001/08/17 14:52:04 | 00,022,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3350P.SYS -- (asc3350p [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550 [Disabled | Stopped])
[2002/09/19 08:44:02 | 00,041,728 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2003/08/29 03:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Running])
[2001/08/17 14:52:06 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\CD20XRNT.SYS -- (cd20xrnt [Disabled | Stopped])
[2007/02/02 03:00:00 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2007/02/02 03:00:00 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2002/04/10 17:48:04 | 00,236,032 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:06 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\CPQARRAY.SYS -- (Cpqarray [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC960NT.SYS -- (dac960nt [Disabled | Stopped])
[2001/08/17 15:07:44 | 00,020,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DPTI2O.SYS -- (dpti2o [Disabled | Stopped])
[2002/04/10 18:01:12 | 00,024,554 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2001/08/17 13:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC [On_Demand | Stopped])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2001/08/17 15:07:44 | 00,025,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPN.SYS -- (hpn [Disabled | Stopped])
[2008/04/13 13:41:22 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt [System | Running])
[2008/04/13 13:41:22 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\i2omp.sys -- (i2omp [Disabled | Stopped])
[2004/08/04 00:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
[2004/08/04 00:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0 [On_Demand | Stopped])
[2004/08/04 00:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1 [On_Demand | Stopped])
[2004/08/04 00:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2 [On_Demand | Stopped])
[2004/08/04 00:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3 [On_Demand | Stopped])
[2004/08/04 00:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4 [On_Demand | Stopped])
[2004/08/04 00:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0 [On_Demand | Stopped])
[2004/08/04 00:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1 [On_Demand | Stopped])
[2004/08/04 00:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3 [On_Demand | Stopped])
[2004/08/04 00:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4 [On_Demand | Stopped])
[2005/10/19 07:59:12 | 00,807,998 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
[2001/08/17 14:52:08 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\INI910U.SYS -- (ini910u [Disabled | Stopped])
[2008/04/13 13:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\intelppm.sys -- (intelppm [System | Running])
[2001/08/09 19:54:44 | 00,010,256 | ---- | M] (Logitech Inc. ) -- C:\WINDOWS\SYSTEM32\DRIVERS\itchfltr.sys -- (itchfltr [On_Demand | Running])
[2001/11/30 03:42:00 | 00,050,990 | ---- | M] (Logitech) -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042PR2.SYS -- (l8042pr2 [On_Demand | Stopped])
[2001/11/30 03:42:00 | 00,022,206 | ---- | M] (Logitech) -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDFLT2.SYS -- (LHidFlt2 [On_Demand | Running])
[2001/11/30 03:42:00 | 00,039,836 | ---- | M] (Logitech) -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDUSB.SYS -- (LHidUsb [On_Demand | Running])
[2001/11/30 03:42:00 | 00,005,838 | ---- | M] (Logitech) -- C:\WINDOWS\SYSTEM32\DRIVERS\lkbdflt2.sys -- (LKbdFlt2 [On_Demand | Running])
[2001/11/30 03:42:00 | 00,067,694 | ---- | M] (Logitech) -- C:\WINDOWS\SYSTEM32\DRIVERS\lmouflt2.sys -- (LMouFlt2 [On_Demand | Running])
[2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2002/04/10 18:01:00 | 00,029,638 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
[2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x [Disabled | Stopped])
[2001/02/28 11:42:44 | 00,034,712 | ---- | M] (Marimba, Inc.) -- C:\WINDOWS\System32\drivers\MrtRate.sys -- (mrtRate [Auto | Running])
[2003/01/29 16:23:11 | 00,028,164 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
[2004/08/04 00:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2002/07/19 11:22:08 | 00,017,153 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci [System | Running])
[2003/04/08 10:44:32 | 00,014,924 | ---- | M] (Check Point Software Technologies) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMVA.sys -- (OMVA [On_Demand | Stopped])
[2001/08/17 14:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS -- (PCIIde [Boot | Running])
[2001/08/17 15:07:40 | 00,027,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\PERC2.SYS -- (perc2 [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\PERC2HIB.SYS -- (perc2hib [Disabled | Stopped])
[2008/04/13 13:31:30 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\processr.sys -- (Processor [System | Stopped])
[2002/08/29 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink [On_Demand | Running])
[2002/04/10 18:00:44 | 00,117,898 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
[2007/03/29 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL10WNT.SYS -- (Ql10wnt [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1240.SYS -- (ql1240 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280 [Disabled | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
[2002/08/05 10:23:58 | 00,545,208 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow [Disabled | Stopped])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx [Disabled | Stopped])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3 [Disabled | Stopped])
[2001/08/17 14:51:56 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\TOSIDE.SYS -- (TosIde [Disabled | Stopped])
[2002/04/10 17:45:16 | 00,206,336 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra [Disabled | Stopped])
[2008/07/10 09:35:22 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 13:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys -- (usbehci [On_Demand | Running])
[2008/04/13 13:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\viaagp.sys -- (viaagp [Disabled | Stopped])
[2008/04/13 13:40:31 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\viaide.sys -- (ViaIde [Disabled | Stopped])
[2001/09/27 11:58:20 | 00,028,396 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WudfPf.sys -- (WudfPf [On_Demand | Stopped])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WudfRd.sys -- (WudfRd [On_Demand | Stopped])
[2003/10/08 10:12:24 | 00,120,830 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
[2003/10/08 10:12:16 | 00,098,842 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dellnet.com
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://my.yahoo.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = http://localhost;*.local

========== (O1) Hosts File ==========

HOSTS File = (265484 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9198 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
"{5538FB62-F725-4433-A965-91314E8D8E4D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" (Roxio)
"BCMSMMSG"=BCMSMMSG.exe (Broadcom Corporation)
"BMf3f82aab"=Rundll32.exe "C:\WINDOWS\system32\kcigfooa.dll",s File not found
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
"EM_EXEC"=C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE (Logitech Inc. )
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
"QAGENT"=C:\Program Files\QUICKENW\QAGENT.EXE ()
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc. )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= File not found
"BLMessagingIntegration"=C:\Program Files\Common Files\PSD Tools\blengine.exe File not found
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"Haveofr"=C:\WINDOWS\SYSTEM32\??crosoft.NET\t?skmgr.exe File not found
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AIM Search: c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html [2006/09/07 15:59:50 | 00,000,747 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{3369AF0D-62E9-4bda-8103-B4C75499B578}: AIM Toolbar -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
adp.com\payex: https in My Computer
iamaw.org\vs2005stage: http in My Computer
iamaw.org\vs2005stage: https in Local intranet
47 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{1D6711C8-7154-40BB-8380-3DEA45B69CBF}: -- Reg Error: Key does not exist or could not be opened.
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://bin.mcafee.com/molbin/shared/mcinsc...84/mcinsctl.cab -- McAfee.com Operating System Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B9191F79-5613-4C76-AA2A-398534BB8999}: http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab -- Reg Error: Key does not exist or could not be opened.
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://bin.mcafee.com/molbin/shared/mcgdmg...,21/mcgdmgr.cab -- DwnldGroupMgr Class
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4}: http://download.buddylinks.net/ShellInstaller.cab -- Reg Error: Key does not exist or could not be opened.
ActiveGS.cab: http://www.virtualapple.com/activegs.cab -- Reg Error: Key does not exist or could not be opened.
DirectAnimation Java Classes: file://C:\WINDOWS\Java\classes\dajava.cab -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{6649CF52-DA28-49AA-8228-07D50E478E6C} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=tawgdo.dll
>File not found --

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\SYSTEM32\igfxsrvc.dll (Intel Corporation)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\SYSTEM32\WgaLogon.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"bestreak" (HKLM) = {874443fe-aa33-4ebf-a6ac-73208787e62d} -- Reg Error: Key does not exist or could not be opened. File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{453F51E8-FEF5-4C54-B136-944BF434360C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\hgGyxWqq,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2002/09/03 09:59:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[10 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2008/10/03 20:49:32 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/03 19:52:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Desktop\Scanning Tools
[2008/10/02 21:09:02 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/02 19:34:07 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/10/01 20:29:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2008/10/01 19:53:48 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/10/01 19:38:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\Windows Search
[2008/09/30 05:44:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Desktop\possibly bad files from system32
[2008/09/30 05:38:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\Windows Desktop Search
[2008/09/30 05:32:25 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2008/09/30 05:32:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2008/09/30 05:30:12 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2008/09/30 05:30:12 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2008/09/30 05:30:11 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2008/09/29 21:45:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/09/29 21:44:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\SUPERAntiSpyware.com
[2008/09/29 16:23:11 | 00,970,992 | -HS- | C] () -- C:\WINDOWS\System32\tiltanhy.ini
[2008/09/29 05:48:01 | 00,000,712 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/28 22:18:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/09/28 13:53:48 | 00,986,883 | -HS- | C] () -- C:\WINDOWS\System32\kwscvpip.ini
[2008/09/28 13:48:46 | 00,113,119 | ---- | C] () -- C:\WINDOWS\BMf3f82aab.xml
[2008/09/28 13:48:46 | 00,000,021 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/09/28 13:47:27 | 00,001,488 | -HS- | C] () -- C:\WINDOWS\System32\qqWxyGgh.ini2
[2008/09/28 13:47:27 | 00,001,488 | -HS- | C] () -- C:\WINDOWS\System32\qqWxyGgh.ini
[2008/09/15 19:42:15 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/09/15 19:41:04 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/09/15 19:41:00 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/09/15 19:41:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/09/15 19:36:15 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/09/07 21:41:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\My Documents\Catholic Match Profile_files
[2008/09/07 21:41:15 | 00,048,075 | ---- | C] () -- C:\Documents and Settings\Keith\My Documents\Catholic Match Profile.htm
[2008/09/07 13:58:53 | 04,318,570 | -H-- | C] () -- C:\Documents and Settings\Keith\Local Settings\Application Data\IconCache.db
[2008/09/06 16:30:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\Real

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[10 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2008/10/03 20:54:04 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2008/10/03 20:53:59 | 00,022,924 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2008/10/03 20:53:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/03 20:53:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2008/10/03 20:47:55 | 00,113,119 | ---- | M] () -- C:\WINDOWS\BMf3f82aab.xml
[2008/10/03 20:19:40 | 00,000,021 | ---- | M] () -- C:\WINDOWS\pskt.ini
[2008/10/02 19:44:29 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Keith\My Documents\DESKTOP.INI
[2008/10/02 19:39:05 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/01 23:04:45 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Keith\Desktop\Microsoft Word.lnk
[2008/10/01 21:22:46 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/09/30 05:32:34 | 00,544,610 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/30 05:32:34 | 00,462,998 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2008/09/30 05:32:34 | 00,078,566 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2008/09/30 05:20:12 | 00,001,488 | -HS- | M] () -- C:\WINDOWS\System32\qqWxyGgh.ini
[2008/09/30 05:18:56 | 00,001,488 | -HS- | M] () -- C:\WINDOWS\System32\qqWxyGgh.ini2
[2008/09/30 01:46:27 | 00,265,484 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2008/09/29 16:23:19 | 00,970,992 | -HS- | M] () -- C:\WINDOWS\System32\tiltanhy.ini
[2008/09/29 16:22:46 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/29 05:49:26 | 00,000,712 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/09/28 13:53:56 | 00,986,883 | -HS- | M] () -- C:\WINDOWS\System32\kwscvpip.ini
[2008/09/27 11:17:39 | 00,041,984 | ---- | M] () -- C:\Documents and Settings\Keith\My Documents\Finance.xls
[2008/09/22 20:54:59 | 13,888,512 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2008/09/22 20:54:40 | 27,773,952 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2008/09/10 18:41:20 | 04,318,570 | -H-- | M] () -- C:\Documents and Settings\Keith\Local Settings\Application Data\IconCache.db
[2008/09/07 21:41:21 | 00,048,075 | ---- | M] () -- C:\Documents and Settings\Keith\My Documents\Catholic Match Profile.htm
[2008/09/06 16:30:18 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2008/09/06 16:30:17 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
< End of report >

Extra.txt:

OTViewIt Extras logfile created on: 10/3/2008 9:21:01 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Keith\Desktop\Scanning Tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.48 Mb Total Physical Memory | 268.92 Mb Available Physical Memory | 35.08% Memory free
1.08 Gb Paging File | 0.65 Gb Available in Paging File | 59.59% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 9.08 Gb Free Space | 24.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KTBURNEY
Current User Name: Keith
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971
File not found -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa
File not found -- C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger
[2008/05/10 07:15:28 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\Common Files\AOL\1137909198\ee\aolsoftware.exe:*:Enabled:AOL Services
File not found -- C:\Program Files\Common Files\AOL\1137909198\ee\aim6.exe:*:Enabled:AIM
[2006/05/09 19:24:16 | 00,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1138757384\ee\aolsoftware.exe:*:Enabled:AOL Services
[2006/08/28 15:22:24 | 00,050,768 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1138757384\ee\aim6.exe:*:Enabled:AIM
File not found -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:SR_GUI
File not found -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
[2004/11/18 21:43:44 | 01,830,912 | ---- | M] () -- C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking
File not found -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
[2008/08/15 15:23:08 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/06/23 04:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer
File not found -- C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
File not found -- C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
File not found -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
[2008/08/06 10:21:06 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
File not found -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/05/12 15:18:56 | 00,081,920 | ---- | M] (Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} (HKLM) [CZipHandler Object])
ipp: [HKLM - No CLSID value]
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
msdaipp: [HKLM - No CLSID value]
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
File not found Reg Error: Key does not exist or could not be opened. text/html: (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Disc 2
"{036AA4D4-6D32-11D4-9875-00105ACE7734}"=Logitech iTouch Software
"{03EDED24-8375-407D-A721-4643D9768BE1}"=kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}"=ESSSONIC
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}"=Adobe Photoshop Album 2.0 Starter Edition
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}"=Dell Solution Center
"{11F3F858-4131-4FFA-A560-3FE282933B6E}"=kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}"=Dell Picture Studio - Dell Image Expert
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{29D88826-2AB9-11D5-8854-00902761A46D}"=WordPerfect Office 2002
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}"=essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3BA044B0-A5E4-428E-8731-63BD5DD4FDB2}"=CSI
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=Dell Modem-On-Hold
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes
"{42938595-0D83-404D-9F73-F8177FDD531A}"=ESScore
"{432C3720-37BF-4BD7-8E49-F38E090246D0}"=CR2
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}"=Microsoft Windows Journal Viewer
"{43FCA273-9534-40DB-B7C5-D7758875616A}"=Dell Support
"{4537EA4B-F603-4181-89FB-2953FC695AB1}"=netbrdg
"{45893FEB-30FD-4034-8661-3BA4238FE67A}"=Britannica Ready Reference
"{468190DA-FB4C-45BA-8E40-4B165FF1A939}"=BACS
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}"=skin0001
"{5421155F-B033-49DB-9B33-8F80F233D4D5}"=GdiplusUpgrade
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}"=MouseWare 9.41 .3
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}"=fflink
"{609F7AC8-C510-11D4-A788-009027ABA5D0}"=Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{693C08A7-9E76-43FF-B11E-9A58175474C4}"=kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}"=overland
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{8943CE61-53BD-475E-90E1-A580869E98A2}"=staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}"=kgcvday
"{8C6027FD-53DC-446D-BB75-CACD7028A134}"=HP Update
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}"=Help and Support Customization
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}"=kgcinvt
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}"=SFR2
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}"=kgcmove
"{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70900000002}"=Adobe Reader 7.0.9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B376402D-58EA-45EA-BD50-DD924EB67A70}"=HP Memories Disc
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}"=Microsoft .NET Framework (English)
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}"=Paint Shop Pro 7
"{DA9F6EF5-E48A-4E45-BC57-AA16193763B7}"=Detto IntelliMover
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DB5518BE-F40F-407A-B451-012625D4497B}"=hp deskjet 5600
"{E0828692-FD9D-459F-9312-C645C3CA6650}"=HP Photo and Imaging 2.0 - Deskjet Series
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}"=kgcbaby
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}"=Classic PhoneTools
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}"=tooltips
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}"=kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}"=ESSPDock
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"3D Pitch Deluxe 1.6"=3D Pitch Deluxe 1.6
"Activision_StarTrekArmadaUninstallKey"=Star Trek: Armada
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Age of Empires"=Microsoft Age of Empires
"AIM Toolbar"=AIM Toolbar 5.0
"AIM_6"=AIM 6
"AOL Uninstaller"=AOL Uninstaller (Choose which Products to Remove)
"BCM V.92 56K Modem"=BCM V.92 56K Modem
"Call of Duty"=Call of Duty
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"hp print screen utility"=hp print screen utility
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}"=Broadcom Advanced Control Suite
"KB870669"=Microsoft Data Access Components KB870669
"KB909520"=Microsoft Base Smart Card Cryptographic Service Provider Package
"KB940157"=Windows Search 4.0
"LimeWire"=LimeWire 4.18.5
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework Full v1.0.3705 (1033)"=Microsoft .NET Framework (English) v1.0.3705
"Microsoft PhotoDraw 2000"=Microsoft PhotoDraw 2000
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MUSICMATCH Jukebox"=MUSICMATCH Jukebox
"Network Play System (Patching)"=Network Play System (Patching)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Quicken 2002 New User Edition"=Quicken 2002 New User Edition
"Shockwave"=Shockwave
"SimCity 3000"=SimCity 3000
"The Sims"=The Sims
"WIC"=Windows Imaging Component
"WildTangent CDA"=WildTangent Web Driver
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinZip"=WinZip
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"WordPerfect Office 2002"=WordPerfect Office 2002
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Internet Mail"=Yahoo! Internet Mail
"Yahoo! Photos Drag-Drop Uploader 1v7"=Yahoo! Photos Easy Upload Tool

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/30/2008 8:23:49 PM | Computer Name = KTBURNEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/30/2008 8:23:49 PM | Computer Name = KTBURNEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/30/2008 8:23:49 PM | Computer Name = KTBURNEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/30/2008 8:23:49 PM | Computer Name = KTBURNEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/30/2008 8:23:49 PM | Computer Name = KTBURNEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/30/2008 8:23:49 PM | Computer Name = KTBURNEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/30/2008 8:23:49 PM | Computer Name = KTBURNEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/30/2008 8:23:49 PM | Computer Name = KTBURNEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/30/2008 8:23:49 PM | Computer Name = KTBURNEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/30/2008 11:13:22 PM | Computer Name = KTBURNEY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/3/2008 9:17:19 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/3/2008 9:17:31 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/3/2008 9:17:43 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/3/2008 9:18:01 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/3/2008 9:18:10 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/3/2008 9:18:48 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/3/2008 9:18:54 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/3/2008 9:19:00 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/3/2008 9:19:10 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/3/2008 9:19:32 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >

I will say that after I ran the OTMoveIT3.exe, everything seemed a lot better. What do I do with the tawgdo.dll file? Thanks so much for your help! :)

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:17 AM

Posted 03 October 2008 - 08:55 PM

Hello, ktb2008.

You are very welcome :thumbsup:

That got rid of a bunch.... but not all of it :)

Let's try this again:

That file is probably bad. You can probably safely delete it. You may wish to check at VirusTotal:
http://www.virustotal.com/
To be sure

You have a Peer-To-Peer program installed.
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Limewire). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\WINDOWS\system32\kcigfooa.dll
    C:\WINDOWS\system32\hgGyxWqq
    C:\VundoFix Backups
    C:\*.tmp
    C:\WINDOWS\System32\*.tmp
    C:\WINDOWS\*.tmp
    C:\WINDOWS\System32\tiltanhy.ini
    C:\WINDOWS\System32\kwscvpip.ini
    C:\WINDOWS\BMf3f82aab.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\System32\qqWxyGgh.ini2
    C:\WINDOWS\System32\qqWxyGgh.ini
    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable"=-
    "ProxyOverride"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BMf3f82aab"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Haveofr"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "bestreak"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{453F51E8-FEF5-4C54-B136-944BF434360C}"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03EDED24-8375-407D-A721-4643D9768BE1}"=-
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
In your next reply, please include the following:
  • OTMoveIt3's Log
  • A new OTViewIt main.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 ktb2008

ktb2008
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 03 October 2008 - 09:13 PM

Hi Billy,

The website you referenced me to about tawgdo.dll didn't return any results, so I'm still not sure what to do with it. I don't want to delete something important, yet it did seem to be giving me problems. Anyways, here are the logs you requested:

OTMoveIt3:

========== FILES ==========
File/Folder C:\WINDOWS\system32\kcigfooa.dll not found.
File/Folder C:\WINDOWS\system32\hgGyxWqq not found.
C:\VundoFix Backups moved successfully.
C:\MCAF558.tmp\vso\en-us\com moved successfully.
C:\MCAF558.tmp\vso\en-us moved successfully.
C:\MCAF558.tmp\vso moved successfully.
C:\MCAF558.tmp\shared moved successfully.
C:\MCAF558.tmp moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\mcrh.tmp moved successfully.
C:\WINDOWS\System32\SET64.tmp moved successfully.
C:\WINDOWS\System32\SET65.tmp moved successfully.
C:\WINDOWS\System32\SET66.tmp moved successfully.
C:\WINDOWS\System32\SET67.tmp moved successfully.
C:\WINDOWS\System32\SET68.tmp moved successfully.
C:\WINDOWS\System32\SET69.tmp moved successfully.
C:\WINDOWS\System32\SETD9.tmp moved successfully.
C:\WINDOWS\System32\SETE5.tmp moved successfully.
C:\WINDOWS\002438_.tmp moved successfully.
C:\WINDOWS\005990_.tmp moved successfully.
C:\WINDOWS\System32\tiltanhy.ini moved successfully.
C:\WINDOWS\System32\kwscvpip.ini moved successfully.
C:\WINDOWS\BMf3f82aab.xml moved successfully.
C:\WINDOWS\pskt.ini moved successfully.
C:\WINDOWS\System32\qqWxyGgh.ini2 moved successfully.
C:\WINDOWS\System32\qqWxyGgh.ini moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BMf3f82aab deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Haveofr deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_Dlls"|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\bestreak deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{453F51E8-FEF5-4C54-B136-944BF434360C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{453F51E8-FEF5-4C54-B136-944BF434360C}\ not found.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{03EDED24-8375-407D-A721-4643D9768BE1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03EDED24-8375-407D-A721-4643D9768BE1}\ not found.

OTMoveIt3 by OldTimer - Version 1.0.3.1 log created on 10032008_220814

OTViewIT:

OTViewIt logfile created on: 10/3/2008 10:10:25 PM - Run 2
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Keith\Desktop\Scanning Tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.48 Mb Total Physical Memory | 219.81 Mb Available Physical Memory | 28.68% Memory free
1.08 Gb Paging File | 0.55 Gb Available in Paging File | 50.70% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 9.10 Gb Free Space | 24.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KTBURNEY
Current User Name: Keith
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/04/13 19:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\cisvc.exe
[2008/06/16 23:34:55 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2001/11/26 20:54:02 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2005/10/19 07:59:12 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe
[2003/08/29 03:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
[2001/10/09 02:59:00 | 00,200,704 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\iTouch\iTouch.exe
[2001/10/09 10:41:00 | 00,035,328 | ---- | M] (Logitech Inc. ) -- C:\Program Files\MouseWare\system\EM_EXEC.EXE
[2002/04/10 17:44:04 | 00,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
[2001/08/01 13:30:26 | 00,094,208 | ---- | M] () -- C:\Program Files\QUICKENW\qagent.exe
[2003/07/28 08:43:44 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe
[2003/05/21 17:37:08 | 00,229,437 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[2005/02/16 23:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
[2004/05/12 15:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/06/16 23:35:03 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2001/02/28 11:42:44 | 00,065,536 | ---- | M] (Marimba Inc.) -- C:\WINDOWS\SYSTEM32\mrtMngr.exe
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2008/06/23 04:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2002/08/29 06:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
[2002/08/29 06:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
[2008/10/03 22:01:45 | 00,335,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Keith\Desktop\Scanning Tools\OTMoveIt3.exe
[2008/10/03 19:54:50 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Keith\Desktop\Scanning Tools\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/04/13 19:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\cisvc.exe -- (CiSvc [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/06/16 23:34:55 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2001/11/26 20:54:02 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
[2008/05/26 22:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\searchindexer.exe -- (WSearch [On_Demand | Stopped])

========== Driver Services ==========

[2001/08/17 14:52:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ABP480N5.SYS -- (abp480n5 [Disabled | Stopped])
[2001/08/17 15:07:32 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ADPU160M.SYS -- (adpu160m [Disabled | Stopped])
[2002/04/01 14:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2005/03/23 21:09:44 | 00,043,672 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
[2008/04/13 13:36:39 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\agpcpq.sys -- (agpCPQ [Disabled | Stopped])
[2001/08/17 14:52:02 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AHA154X.SYS -- (Aha154x [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AIC78U2.SYS -- (aic78u2 [Disabled | Stopped])
[2001/08/17 15:07:38 | 00,056,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AIC78XX.SYS -- (aic78xx [Disabled | Stopped])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde [Disabled | Stopped])
[2008/04/13 13:36:38 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\alim1541.sys -- (alim1541 [Disabled | Stopped])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 14:52:04 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AMSINT.SYS -- (amsint [Disabled | Stopped])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc [Disabled | Stopped])
[2001/08/17 14:52:04 | 00,022,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3350P.SYS -- (asc3350p [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550 [Disabled | Stopped])
[2002/09/19 08:44:02 | 00,041,728 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2003/08/29 03:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Running])
[2001/08/17 14:52:06 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\CD20XRNT.SYS -- (cd20xrnt [Disabled | Stopped])
[2007/02/02 03:00:00 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2007/02/02 03:00:00 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2002/04/10 17:48:04 | 00,236,032 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:06 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\CPQARRAY.SYS -- (Cpqarray [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC960NT.SYS -- (dac960nt [Disabled | Stopped])
[2001/08/17 15:07:44 | 00,020,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DPTI2O.SYS -- (dpti2o [Disabled | Stopped])
[2002/04/10 18:01:12 | 00,024,554 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2001/08/17 13:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC [On_Demand | Stopped])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2001/08/17 15:07:44 | 00,025,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPN.SYS -- (hpn [Disabled | Stopped])
[2008/04/13 13:41:22 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt [System | Running])
[2008/04/13 13:41:22 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\i2omp.sys -- (i2omp [Disabled | Stopped])
[2004/08/04 00:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
[2004/08/04 00:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0 [On_Demand | Stopped])
[2004/08/04 00:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1 [On_Demand | Stopped])
[2004/08/04 00:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2 [On_Demand | Stopped])
[2004/08/04 00:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3 [On_Demand | Stopped])
[2004/08/04 00:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4 [On_Demand | Stopped])
[2004/08/04 00:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0 [On_Demand | Stopped])
[2004/08/04 00:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1 [On_Demand | Stopped])
[2004/08/04 00:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3 [On_Demand | Stopped])
[2004/08/04 00:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4 [On_Demand | Stopped])
[2005/10/19 07:59:12 | 00,807,998 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
[2001/08/17 14:52:08 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\INI910U.SYS -- (ini910u [Disabled | Stopped])
[2008/04/13 13:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\intelppm.sys -- (intelppm [System | Running])
[2001/08/09 19:54:44 | 00,010,256 | ---- | M] (Logitech Inc. ) -- C:\WINDOWS\SYSTEM32\DRIVERS\itchfltr.sys -- (itchfltr [On_Demand | Running])
[2001/11/30 03:42:00 | 00,050,990 | ---- | M] (Logitech) -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042PR2.SYS -- (l8042pr2 [On_Demand | Stopped])
[2001/11/30 03:42:00 | 00,022,206 | ---- | M] (Logitech) -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDFLT2.SYS -- (LHidFlt2 [On_Demand | Running])
[2001/11/30 03:42:00 | 00,039,836 | ---- | M] (Logitech) -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDUSB.SYS -- (LHidUsb [On_Demand | Running])
[2001/11/30 03:42:00 | 00,005,838 | ---- | M] (Logitech) -- C:\WINDOWS\SYSTEM32\DRIVERS\lkbdflt2.sys -- (LKbdFlt2 [On_Demand | Running])
[2001/11/30 03:42:00 | 00,067,694 | ---- | M] (Logitech) -- C:\WINDOWS\SYSTEM32\DRIVERS\lmouflt2.sys -- (LMouFlt2 [On_Demand | Running])
[2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2002/04/10 18:01:00 | 00,029,638 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
[2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x [Disabled | Stopped])
[2001/02/28 11:42:44 | 00,034,712 | ---- | M] (Marimba, Inc.) -- C:\WINDOWS\System32\drivers\MrtRate.sys -- (mrtRate [Auto | Running])
[2003/01/29 16:23:11 | 00,028,164 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
[2004/08/04 00:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2002/07/19 11:22:08 | 00,017,153 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci [System | Running])
[2003/04/08 10:44:32 | 00,014,924 | ---- | M] (Check Point Software Technologies) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMVA.sys -- (OMVA [On_Demand | Stopped])
[2001/08/17 14:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS -- (PCIIde [Boot | Running])
[2001/08/17 15:07:40 | 00,027,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\PERC2.SYS -- (perc2 [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\PERC2HIB.SYS -- (perc2hib [Disabled | Stopped])
[2008/04/13 13:31:30 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\processr.sys -- (Processor [System | Stopped])
[2002/08/29 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink [On_Demand | Running])
[2002/04/10 18:00:44 | 00,117,898 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
[2007/03/29 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL10WNT.SYS -- (Ql10wnt [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1240.SYS -- (ql1240 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280 [Disabled | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
[2002/08/05 10:23:58 | 00,545,208 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow [Disabled | Stopped])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx [Disabled | Stopped])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3 [Disabled | Stopped])
[2001/08/17 14:51:56 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\TOSIDE.SYS -- (TosIde [Disabled | Stopped])
[2002/04/10 17:45:16 | 00,206,336 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra [Disabled | Stopped])
[2008/07/10 09:35:22 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 13:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys -- (usbehci [On_Demand | Running])
[2008/04/13 13:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\viaagp.sys -- (viaagp [Disabled | Stopped])
[2008/04/13 13:40:31 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\viaide.sys -- (ViaIde [Disabled | Stopped])
[2001/09/27 11:58:20 | 00,028,396 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WudfPf.sys -- (WudfPf [On_Demand | Stopped])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WudfRd.sys -- (WudfRd [On_Demand | Stopped])
[2003/10/08 10:12:24 | 00,120,830 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
[2003/10/08 10:12:16 | 00,098,842 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dellnet.com
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://my.yahoo.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (265484 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9198 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
"{5538FB62-F725-4433-A965-91314E8D8E4D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" (Roxio)
"BCMSMMSG"=BCMSMMSG.exe (Broadcom Corporation)
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
"EM_EXEC"=C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE (Logitech Inc. )
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
"QAGENT"=C:\Program Files\QUICKENW\QAGENT.EXE ()
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc. )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= File not found
"BLMessagingIntegration"=C:\Program Files\Common Files\PSD Tools\blengine.exe File not found
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AIM Search: c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html [2006/09/07 15:59:50 | 00,000,747 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{3369AF0D-62E9-4bda-8103-B4C75499B578}: AIM Toolbar -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
adp.com\payex: https in My Computer
iamaw.org\vs2005stage: http in My Computer
iamaw.org\vs2005stage: https in Local intranet
47 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://bin.mcafee.com/molbin/shared/mcinsc...84/mcinsctl.cab -- McAfee.com Operating System Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B9191F79-5613-4C76-AA2A-398534BB8999}: http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab -- Reg Error: Key does not exist or could not be opened.
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://bin.mcafee.com/molbin/shared/mcgdmg...,21/mcgdmgr.cab -- DwnldGroupMgr Class
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4}: http://download.buddylinks.net/ShellInstaller.cab -- Reg Error: Key does not exist or could not be opened.
ActiveGS.cab: http://www.virtualapple.com/activegs.cab -- Reg Error: Key does not exist or could not be opened.
DirectAnimation Java Classes: file://C:\WINDOWS\Java\classes\dajava.cab -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{6649CF52-DA28-49AA-8228-07D50E478E6C} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\SYSTEM32\igfxsrvc.dll (Intel Corporation)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\SYSTEM32\WgaLogon.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2002/09/03 09:59:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/10/03 20:49:32 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/03 19:52:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Desktop\Scanning Tools
[2008/10/02 21:09:02 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/02 19:34:07 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/10/01 20:29:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2008/10/01 19:38:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\Windows Search
[2008/09/30 05:44:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Desktop\possibly bad files from system32
[2008/09/30 05:38:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\Windows Desktop Search
[2008/09/30 05:32:25 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2008/09/30 05:32:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2008/09/30 05:30:12 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2008/09/30 05:30:12 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2008/09/30 05:30:11 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2008/09/29 21:45:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/09/29 21:44:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\SUPERAntiSpyware.com
[2008/09/29 05:48:01 | 00,000,712 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/28 22:18:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/09/15 19:42:15 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/09/15 19:41:04 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/09/15 19:41:00 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/09/15 19:41:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/09/15 19:36:15 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/09/07 21:41:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\My Documents\Catholic Match Profile_files
[2008/09/07 21:41:15 | 00,048,075 | ---- | C] () -- C:\Documents and Settings\Keith\My Documents\Catholic Match Profile.htm
[2008/09/07 13:58:53 | 04,318,570 | -H-- | C] () -- C:\Documents and Settings\Keith\Local Settings\Application Data\IconCache.db
[2008/09/06 16:30:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\Real

========== Files - Modified Within 30 Days ==========

[2008/10/03 20:54:04 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2008/10/03 20:53:59 | 00,022,924 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2008/10/03 20:53:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/03 20:53:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2008/10/02 19:44:29 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Keith\My Documents\DESKTOP.INI
[2008/10/02 19:39:05 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/01 23:04:45 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Keith\Desktop\Microsoft Word.lnk
[2008/10/01 21:22:46 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/09/30 05:32:34 | 00,544,610 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/30 05:32:34 | 00,462,998 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2008/09/30 05:32:34 | 00,078,566 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2008/09/30 01:46:27 | 00,265,484 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2008/09/29 16:22:46 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/29 05:49:26 | 00,000,712 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/09/27 11:17:39 | 00,041,984 | ---- | M] () -- C:\Documents and Settings\Keith\My Documents\Finance.xls
[2008/09/22 20:54:59 | 13,888,512 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2008/09/22 20:54:40 | 27,773,952 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2008/09/10 18:41:20 | 04,318,570 | -H-- | M] () -- C:\Documents and Settings\Keith\Local Settings\Application Data\IconCache.db
[2008/09/07 21:41:21 | 00,048,075 | ---- | M] () -- C:\Documents and Settings\Keith\My Documents\Catholic Match Profile.htm
[2008/09/06 16:30:18 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2008/09/06 16:30:17 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
< End of report >

Extras.txt:

OTViewIt Extras logfile created on: 10/3/2008 10:10:25 PM - Run 2
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Keith\Desktop\Scanning Tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.48 Mb Total Physical Memory | 219.81 Mb Available Physical Memory | 28.68% Memory free
1.08 Gb Paging File | 0.55 Gb Available in Paging File | 50.70% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 9.10 Gb Free Space | 24.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KTBURNEY
Current User Name: Keith
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971
File not found -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa
File not found -- C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger
[2008/05/10 07:15:28 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\Common Files\AOL\1137909198\ee\aolsoftware.exe:*:Enabled:AOL Services
File not found -- C:\Program Files\Common Files\AOL\1137909198\ee\aim6.exe:*:Enabled:AIM
[2006/05/09 19:24:16 | 00,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1138757384\ee\aolsoftware.exe:*:Enabled:AOL Services
[2006/08/28 15:22:24 | 00,050,768 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1138757384\ee\aim6.exe:*:Enabled:AIM
File not found -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:SR_GUI
File not found -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
[2004/11/18 21:43:44 | 01,830,912 | ---- | M] () -- C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking
File not found -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
[2008/08/15 15:23:08 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/06/23 04:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer
File not found -- C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
File not found -- C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
File not found -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
[2008/08/06 10:21:06 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
File not found -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/05/12 15:18:56 | 00,081,920 | ---- | M] (Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} (HKLM) [CZipHandler Object])
ipp: [HKLM - No CLSID value]
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
msdaipp: [HKLM - No CLSID value]
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
File not found Reg Error: Key does not exist or could not be opened. text/html: (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Disc 2
"{036AA4D4-6D32-11D4-9875-00105ACE7734}"=Logitech iTouch Software
"{03EDED24-8375-407D-A721-4643D9768BE1}"=kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}"=ESSSONIC
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}"=Adobe Photoshop Album 2.0 Starter Edition
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}"=Dell Solution Center
"{11F3F858-4131-4FFA-A560-3FE282933B6E}"=kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}"=Dell Picture Studio - Dell Image Expert
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{29D88826-2AB9-11D5-8854-00902761A46D}"=WordPerfect Office 2002
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}"=essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3BA044B0-A5E4-428E-8731-63BD5DD4FDB2}"=CSI
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=Dell Modem-On-Hold
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes
"{42938595-0D83-404D-9F73-F8177FDD531A}"=ESScore
"{432C3720-37BF-4BD7-8E49-F38E090246D0}"=CR2
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}"=Microsoft Windows Journal Viewer
"{43FCA273-9534-40DB-B7C5-D7758875616A}"=Dell Support
"{4537EA4B-F603-4181-89FB-2953FC695AB1}"=netbrdg
"{45893FEB-30FD-4034-8661-3BA4238FE67A}"=Britannica Ready Reference
"{468190DA-FB4C-45BA-8E40-4B165FF1A939}"=BACS
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}"=skin0001
"{5421155F-B033-49DB-9B33-8F80F233D4D5}"=GdiplusUpgrade
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}"=MouseWare 9.41 .3
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}"=fflink
"{609F7AC8-C510-11D4-A788-009027ABA5D0}"=Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{693C08A7-9E76-43FF-B11E-9A58175474C4}"=kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}"=overland
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{8943CE61-53BD-475E-90E1-A580869E98A2}"=staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}"=kgcvday
"{8C6027FD-53DC-446D-BB75-CACD7028A134}"=HP Update
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}"=Help and Support Customization
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}"=kgcinvt
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}"=SFR2
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}"=kgcmove
"{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70900000002}"=Adobe Reader 7.0.9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B376402D-58EA-45EA-BD50-DD924EB67A70}"=HP Memories Disc
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}"=Microsoft .NET Framework (English)
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}"=Paint Shop Pro 7
"{DA9F6EF5-E48A-4E45-BC57-AA16193763B7}"=Detto IntelliMover
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DB5518BE-F40F-407A-B451-012625D4497B}"=hp deskjet 5600
"{E0828692-FD9D-459F-9312-C645C3CA6650}"=HP Photo and Imaging 2.0 - Deskjet Series
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}"=kgcbaby
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}"=Classic PhoneTools
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}"=tooltips
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}"=kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}"=ESSPDock
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"3D Pitch Deluxe 1.6"=3D Pitch Deluxe 1.6
"Activision_StarTrekArmadaUninstallKey"=Star Trek: Armada
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Age of Empires"=Microsoft Age of Empires
"AIM Toolbar"=AIM Toolbar 5.0
"AIM_6"=AIM 6
"AOL Uninstaller"=AOL Uninstaller (Choose which Products to Remove)
"BCM V.92 56K Modem"=BCM V.92 56K Modem
"Call of Duty"=Call of Duty
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"hp print screen utility"=hp print screen utility
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}"=Broadcom Advanced Control Suite
"KB870669"=Microsoft Data Access Components KB870669
"KB909520"=Microsoft Base Smart Card Cryptographic Service Provider Package
"KB940157"=Windows Search 4.0
"LimeWire"=LimeWire 4.18.5
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework Full v1.0.3705 (1033)"=Microsoft .NET Framework (English) v1.0.3705
"Microsoft PhotoDraw 2000"=Microsoft PhotoDraw 2000
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MUSICMATCH Jukebox"=MUSICMATCH Jukebox
"Network Play System (Patching)"=Network Play System (Patching)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Quicken 2002 New User Edition"=Quicken 2002 New User Edition
"Shockwave"=Shockwave
"SimCity 3000"=SimCity 3000
"The Sims"=The Sims
"WIC"=Windows Imaging Component
"WildTangent CDA"=WildTangent Web Driver
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinZip"=WinZip
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"WordPerfect Office 2002"=WordPerfect Office 2002
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Internet Mail"=Yahoo! Internet Mail
"Yahoo! Photos Drag-Drop Uploader 1v7"=Yahoo! Photos Easy Upload Tool

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/30/2008 8:23:49 PM | Computer Name = KTBURNEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/30/2008 8:23:49 PM | Computer Name = KTBURNEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/30/2008 8:23:49 PM | Computer Name = KTBURNEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/30/2008 8:23:49 PM | Computer Name = KTBURNEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/30/2008 8:23:49 PM | Computer Name = KTBURNEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/30/2008 8:23:49 PM | Computer Name = KTBURNEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/30/2008 8:23:49 PM | Computer Name = KTBURNEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/30/2008 8:23:49 PM | Computer Name = KTBURNEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/30/2008 8:23:49 PM | Computer Name = KTBURNEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/30/2008 11:13:22 PM | Computer Name = KTBURNEY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/3/2008 9:17:19 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/3/2008 9:17:31 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/3/2008 9:17:43 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/3/2008 9:18:01 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/3/2008 9:18:10 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/3/2008 9:18:48 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/3/2008 9:18:54 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/3/2008 9:19:00 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/3/2008 9:19:10 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/3/2008 9:19:32 PM | Computer Name = KTBURNEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:17 AM

Posted 03 October 2008 - 10:08 PM

Hello, ktb2008.

The website you referenced me to about tawgdo.dll didn't return any results, so I'm still not sure what to do with it. I don't want to delete something important, yet it did seem to be giving me problems.

It looks like it was bad anyway given how it was attempting to load itself. I would delete it.

That looks like it got it. Just want a final check to be sure :thumbsup:

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 ktb2008

ktb2008
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 05 October 2008 - 08:10 AM

Hi Billy,

I followed your instructions, and here are the two logs that you requested:

ESET (NOD32)'s Online Scanner

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3495 (20081004)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=d45e998b710af64aab55b087eb18d9a4
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-10-05 04:57:22
# local_time=2008-10-04 11:57:22 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=288061
# found=2
# scan_time=5894
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000609.dll Win32/Adware.WBug.A application (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\10032008_204932\WINDOWS\system32\kcigfooa.dll Win32/Adware.AdMedia application (unable to clean - deleted) 00000000000000000000000000000000

HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:48 AM, on 10/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://vs2005stage.iamaw.org
O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...84/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = iamaw.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = iamaw.org
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = iamaw.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = iamaw.org
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9188 bytes

Clearly I'm not the expert, since I'm coming to you, but I saw something in the HiJackThis log about "http://download.buddylinks.net/ShellInstaller.cab." That website is completely unfamiliar to me, and it just looks suspicious. Anyways, thanks again for your help!

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:17 AM

Posted 05 October 2008 - 09:33 AM

Hello, ktb2008.
You're right, that one is bad. I left it alone because OTViewIt said the file behind it was gone but we should get rid of it nonetheless.

We have to remove some entries in HiJack This
  • Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
    O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab
    O18 - Filter hijack: text/html - (no CLSID) - (no file)
  • Close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 ktb2008

ktb2008
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 05 October 2008 - 05:18 PM

Hi Billy,

I followed your instructions, and installed the recommended programs that you suggested, excepts for Malware Byte's AntiMalware. For some reason, when I tried installing this one, it set-off my McAfee anti-virus software and said that it was trying to install a Trojan, and wouldn't let the installation complete. Nevertheless, everything appears to be resolved and my system is running smoothly!

Let me just thank you again for your help the past several days; I would have been lost without you. I must admit that I did take a look at your profile, and when I saw that it said you are 17, I did have some hesitations about letting someone that young advise me about my PC. However, coming from someone who has 6 years of IT and computer programming experience, I have to say that your help has been invaluable and impressive! Thanks again so much for your help, and take care of yourself!

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:17 AM

Posted 05 October 2008 - 05:43 PM

Will do :)

Glad I was able to help :) You are very welcome!

*Billy goes back to work on college applications :thumbsup:

Since this issue appears resolved, this topic has been closed.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users