Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with?


  • This topic is locked This topic is locked
18 replies to this topic

#1 magtatertots

magtatertots

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 07 October 2008 - 11:03 PM

hi,

im not sure if my computer is infected with any malware but i constantly receive this error when i open up itunes ---

ipodservice.exe - illegal system dll relocation

the system dll user32.dll was relocated in memory. the application will not run properly. (the application still runs properly though) the relocation occurred because the dll c:\windows\system32\setupapi.dll occupied an address range reserved for windows system dlls. the vendor supplying the dll should be contacted for a new dll.

----

i included a hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:32 AM, on 10/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Scramby\ScrambyServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xfire\xfire.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
c:\Program Files\Scoop2004\mirc.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\TVersity\Media Server\web\admin\TVersity.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{72E314BF-4AFF-41B2-87FB-96182EBF9EC0}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Scramby Service (ScrambySrv) - RapidSolution - C:\Program Files\Scramby\ScrambyServer.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 5374 bytes


thanks for your time. :thumbsup:

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:21 PM

Posted 15 October 2008 - 11:02 PM

:thumbsup: to BleepingComputer.com

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
If you would still like help, please follow the instructions below:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:21 PM

Posted 18 October 2008 - 08:36 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:21 PM

Posted 24 October 2008 - 03:35 PM

User returned; topic reopened. Please post your logs below.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 magtatertots

magtatertots
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 25 October 2008 - 07:33 AM

hi! thanks for getting back to me. :thumbsup:

so here are the logs:

-------

OTViewIt.txt

OTViewIt logfile created on: 10/24/2008 2:07:01 PM - Run
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\me\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.40% Memory free
3.35 Gb Paging File | 2.82 Gb Available in Paging File | 84.03% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 128.88 Gb Free Space | 55.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ME-D540C9640DBB
Current User Name: me
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/08/01 12:21:05 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/08/01 12:21:05 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2007/06/03 01:48:10 | 00,391,168 | ---- | M] (RapidSolution) -- C:\Program Files\Scramby\ScrambyServer.exe
[2008/07/23 00:59:42 | 00,794,624 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
[2004/08/04 09:07:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2007/03/19 00:05:02 | 00,630,784 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
[2008/10/09 08:47:08 | 03,098,448 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire.exe
[2007/10/27 07:51:14 | 03,810,544 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[2006/11/23 23:45:34 | 02,076,672 | ---- | M] (mIRC Co. Ltd.) -- c:\Program Files\Scoop2004\mirc.exe
[2008/10/09 20:10:32 | 01,410,296 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
[2008/09/25 21:51:54 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/10/24 14:06:24 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/06/04 12:18:15 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [Disabled | Stopped])
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/01 12:21:05 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/07/31 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Disabled | Stopped])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])
[2007/04/14 00:20:22 | 00,097,432 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC [Disabled | Stopped])
[2007/03/14 19:05:42 | 00,500,800 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2005/07/24 23:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Disabled | Stopped])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Disabled | Stopped])
[2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])
[2002/12/17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])
[2008/10/12 13:13:25 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])
[2007/01/26 01:31:34 | 00,093,048 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
[2007/06/03 01:48:10 | 00,391,168 | ---- | M] (RapidSolution) -- C:\Program Files\Scramby\ScrambyServer.exe -- (ScrambySrv [Auto | Running])
[2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
[2008/07/23 00:59:42 | 00,794,624 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer [Auto | Running])

========== Driver Services ==========

[2005/12/22 10:22:18 | 00,005,685 | R--- | M] () -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO [System | Running])
[2008/08/01 14:38:20 | 03,266,560 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2002/06/24 12:30:58 | 00,045,568 | R--- | M] (D-Link Corporation ) -- C:\WINDOWS\system32\drivers\DLKRTL.SYS -- (DFE528TX [On_Demand | Stopped])
[2007/10/12 21:10:16 | 00,025,544 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped])
[2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/04/17 16:31:26 | 04,262,912 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/02/07 19:52:58 | 00,006,912 | R--- | M] (JMicron ) -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO [Boot | Running])
[2006/07/01 17:47:08 | 00,041,216 | R--- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID [Boot | Running])
[2004/08/13 18:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2007/01/26 01:31:34 | 00,042,000 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
[2005/01/04 17:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2 [System | Running])
[2004/08/04 09:07:00 | 00,088,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
[2004/08/04 09:07:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb [Auto | Running])
[2004/08/04 09:07:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
[2004/08/04 09:07:00 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR [On_Demand | Running])
[2006/06/30 16:51:21 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand | Running])
[2004/08/04 09:07:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/03/22 04:30:04 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2006/06/16 15:30:16 | 00,176,128 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB [On_Demand | Stopped])
[2007/02/13 18:41:26 | 00,025,896 | ---- | M] (RapidSolution Software AG) -- C:\WINDOWS\system32\drivers\scramby.sys -- (scramby [On_Demand | Running])
[2004/08/04 09:07:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2006/03/31 04:39:54 | 00,013,532 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt [On_Demand | Stopped])
[2008/02/23 22:01:23 | 00,716,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2004/08/04 09:07:00 | 00,223,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6 [System | Running])
[2004/08/04 09:07:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running])
[2008/09/10 16:45:18 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2005/11/02 19:49:38 | 00,031,806 | ---- | M] (Compuware Corporation) -- C:\WINDOWS\system32\drivers\vl813.sys -- (Vl813 [On_Demand | Stopped])
[2004/08/04 09:07:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])
[2005/03/30 08:24:00 | 00,230,400 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-343818398-115176313-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-343818398-115176313-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-343818398-115176313-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-343818398-115176313-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-343818398-115176313-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-343818398-115176313-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (801 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
66.98.148.65 auto.search.msn.com
66.98.148.65 auto.search.msn.es

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D2F8F919-690B-4EA2-9FA7-A203D1E04F75}" (HKLM) -- C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-343818398-115176313-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-343818398-115176313-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" ()
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-343818398-115176313-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" ()
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)

========== (O4) Startup Folders ==========

[2008/10/09 08:47:08 | 03,098,448 | ---- | M] (Xfire Inc.) -- C:\Documents and Settings\me\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\xfire.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-343818398-115176313-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Yahoo! Search: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

[HKEY_USERS\S-1-5-21-343818398-115176313-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&Yahoo! Search: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [2007/09/25 01:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 01:06:34 | 01,799,168 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 01:06:34 | 01,799,168 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> [2007/09/25 01:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,799,168 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,799,168 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,799,168 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-343818398-115176313-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> [2007/09/25 01:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,799,168 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03

========== (O17) DNS Name Servers ==========

{17E7329E-88B8-4677-86E1-378945A7A7DE} (Servers: | Description: D-Link DFE-528TX PCI Adapter)
{72E314BF-4AFF-41B2-87FB-96182EBF9EC0} (Servers: 208.67.220.220,208.67.222.222 | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)
{762DEC6C-BA2F-41D8-99E1-14FEB0CF48FB} (Servers: | Description: 1394 Net Adapter)
{94D5BDE8-7CBA-47F5-AA62-AD3793DB598F} (Servers: | Description: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter)
{F1B2B599-F61E-49BF-B07C-732474B78EA2} (Servers: | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=wbsys.dll
>[2007/07/11 15:06:58 | 00,042,672 | ---- | M] (Stardock.Net, Inc) -- C:\WINDOWS\system32\wbsys.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
WBSrv: "DllName" = C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
WgaLogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"0aMCPClient"={F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} (HKLM) -- CLSID or file not found.

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,nwprovau,
>[2004/08/04 09:07:00 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\nwprovau.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/12/22 09:10:32 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16d352ca-4da4-11dd-9ed2-0017316e8a15}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16d352ca-4da4-11dd-9ed2-0017316e8a15}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16d352ca-4da4-11dd-9ed2-0017316e8a15}\Shell\AutoRun\command]
""=J:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16d352cb-4da4-11dd-9ed2-0017316e8a15}\Shell\AutoRun\command]
""=bar311.exe %1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16d352cb-4da4-11dd-9ed2-0017316e8a15}\Shell\Explore\command]
""=bar311.exe %1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16d352cb-4da4-11dd-9ed2-0017316e8a15}\Shell\Open\command]
""=bar311.exe %1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38956bc6-f5ff-11db-9b58-0018f35c3cb0}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38956bc6-f5ff-11db-9b58-0018f35c3cb0}\Shell\Auto\command]
""=F:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38956bc6-f5ff-11db-9b58-0018f35c3cb0}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38956bc6-f5ff-11db-9b58-0018f35c3cb0}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2004/08/04 09:07:00 | 26,483,712 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38956bc6-f5ff-11db-9b58-0018f35c3cb0}\Shell\Browser\command]
""=F:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42c22ee6-fbc1-11db-9b65-0018f35c3cb0}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42c22ee6-fbc1-11db-9b65-0018f35c3cb0}\Shell\Auto\command]
""=boot.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42c22ee6-fbc1-11db-9b65-0018f35c3cb0}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42c22ee6-fbc1-11db-9b65-0018f35c3cb0}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2004/08/04 09:07:00 | 26,483,712 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68c7167e-d627-11dc-9d67-0018f35c3cb0}\Shell\Auto\command]
""=RavMonE.exe e

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68c7167e-d627-11dc-9d67-0018f35c3cb0}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68c7167e-d627-11dc-9d67-0018f35c3cb0}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2004/08/04 09:07:00 | 26,483,712 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75ad1cd6-740f-11dd-9f30-0017316e8a15}\Shell\AutoRun\command]
""=bar311.exe %1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75ad1cd6-740f-11dd-9f30-0017316e8a15}\Shell\Explore\command]
""=bar311.exe %1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75ad1cd6-740f-11dd-9f30-0017316e8a15}\Shell\Open\command]
""=bar311.exe %1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c778bf8-a1a3-11dc-9ccb-0018f35c3cb0}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c778bf8-a1a3-11dc-9ccb-0018f35c3cb0}\Shell\Auto\command]
""=F:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c778bf8-a1a3-11dc-9ccb-0018f35c3cb0}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c778bf8-a1a3-11dc-9ccb-0018f35c3cb0}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2004/08/04 09:07:00 | 26,483,712 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c778bf8-a1a3-11dc-9ccb-0018f35c3cb0}\Shell\Browser\command]
""=F:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5074c2e-e8ce-11db-9b44-0018f35c3cb0}\Shell\Auto\command]
""=J:\RavMonE.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5074c2e-e8ce-11db-9b44-0018f35c3cb0}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5074c2e-e8ce-11db-9b44-0018f35c3cb0}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2004/08/04 09:07:00 | 26,483,712 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[12 C:\WINDOWS\System32\*.tmp files]
[2008/10/24 14:06:16 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTViewIt.exe
[2008/10/22 01:40:43 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\me\Desktop\avg_free_stf_en_8_175a1382.exe
[2008/10/22 01:40:42 | 00,827,735 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\me\Desktop\avg_free_stf_en_8_175a1382.exe.part
[2008/10/22 01:39:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg8
[2008/10/21 19:46:14 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/10/21 19:06:53 | 00,000,000 | ---D | C] -- C:\Program Files\Cablenut
[2008/10/21 18:35:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2008/10/20 18:25:32 | 00,098,048 | ---- | C] () -- C:\Documents and Settings\me\Desktop\IEBatching.pdf
[2008/10/14 00:21:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2008/10/12 14:00:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\fretsonfire
[2008/10/09 08:47:12 | 00,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/10/08 12:15:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\Malwarebytes
[2008/10/08 12:15:28 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/08 12:15:28 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/08 12:15:27 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/08 12:15:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/08 11:37:21 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/04 17:36:05 | 00,000,000 | ---D | C] -- C:\Program Files\Steam
[2008/10/03 22:44:57 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\me\My Documents\carlosrcbc08.doc
[2008/09/26 23:06:39 | 00,000,000 | ---D | C] -- C:\Program Files\Alarian
[2008/09/25 21:19:03 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/09/25 21:19:01 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/09/25 21:14:36 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/09/25 21:13:50 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/09/25 20:35:14 | 00,000,000 | ---D | C] -- C:\Program Files\Xfire

========== Files - Modified Within 30 Days ==========

[12 C:\WINDOWS\System32\*.tmp files]
[2008/10/24 14:06:24 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTViewIt.exe
[2008/10/23 15:31:00 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2008/10/23 09:32:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/23 09:32:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/23 09:32:31 | 00,003,568 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2008/10/23 09:32:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/22 10:47:15 | 00,134,656 | ---- | M] () -- C:\Documents and Settings\me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/22 10:47:15 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/22 01:40:59 | 00,827,735 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\me\Desktop\avg_free_stf_en_8_175a1382.exe.part
[2008/10/22 01:40:43 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\me\Desktop\avg_free_stf_en_8_175a1382.exe
[2008/10/21 11:07:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/20 18:25:34 | 00,098,048 | ---- | M] () -- C:\Documents and Settings\me\Desktop\IEBatching.pdf
[2008/10/13 06:07:15 | 05,301,752 | -H-- | M] () -- C:\Documents and Settings\me\Local Settings\Application Data\IconCache.db
[2008/10/12 17:10:21 | 00,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2008/10/12 13:13:25 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/10/09 08:47:12 | 00,042,320 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/10/08 11:29:06 | 00,000,900 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/08 11:29:06 | 00,000,275 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/08 11:29:06 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2008/10/03 22:44:58 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\me\My Documents\carlosrcbc08.doc
[2008/09/25 20:35:16 | 00,000,650 | ---- | M] () -- C:\Documents and Settings\me\Start Menu\Programs\Startup\Xfire.lnk
< End of report >

---

Extras.txt

OTViewIt Extras logfile created on: 10/24/2008 2:07:01 PM - Run
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\me\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.40% Memory free
3.35 Gb Paging File | 2.82 Gb Available in Paging File | 84.03% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 128.88 Gb Free Space | 55.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ME-D540C9640DBB
Current User Name: me
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] --

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 09:07:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 09:07:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- F:\Program Files\Scoop2004\mirc.exe:*:Enabled:mIRC
File not found -- E:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire
[2007/10/27 07:51:14 | 03,810,544 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
File not found -- G:\Program Files\Steam\SteamApps\gameoverrr\counter-strike\hl.exe:*:Enabled:Half-Life Launcher
[2004/08/04 09:07:00 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2004/08/04 09:07:00 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App
File not found -- F:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server
[2005/03/10 03:57:14 | 00,081,920 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2004/08/04 09:07:00 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft ® HTML Application host
File not found -- F:\Downloads\Lancraft_1[1].01b.exe:*:Enabled:Lancraft_1[1].01b
File not found -- C:\Program Files\Warcraft III\Lancraft_1[1].01b.exe:*:Enabled:Lancraft_1[1].01b
File not found -- C:\Program Files\United Football\UnitedFootball.exe:*:Enabled:UnitedFootball
[2008/10/10 03:00:50 | 00,199,608 | ---- | M] (Vuze Inc.) -- C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
[2005/11/22 18:33:30 | 00,081,920 | ---- | M] (Valve) -- C:\Program Files\Condition Zero\hl.exe:*:Enabled:Half-Life Launcher
[2005/11/22 18:33:30 | 00,081,920 | ---- | M] (Valve) -- C:\Program Files\Condition Zero\svchost.exe:*:Enabled:Half-Life Launcher
File not found -- F:\Program Files\Condition Zero\svchost.exe:*:Enabled:Half-Life Launcher
File not found -- F:\Program Files\Condition Zero\hl.exe:*:Enabled:Half-Life Launcher
File not found -- G:\Program Files\Steam\SteamApps\gameoverrr\half-life\hl.exe:*:Enabled:Half-Life Launcher
File not found -- C:\Program Files\Counter-Strike\Counter-Strike 1.6\hlds.exe:*:Enabled:HLDS Launcher
File not found -- G:\Program Files\Steam\SteamApps\gameoverrr\dedicated server\hltv.exe:*:Enabled:HLTV Launcher
[2006/11/23 23:45:34 | 02,076,672 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\Scoop2004\mirc.exe:*:Enabled:mIRC
File not found -- C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server
File not found -- C:\Program Files\Octoshape Streaming Services\me\OctoshapeClient.exe:*:Enabled:OctoshapeClient
File not found -- G:\Program Files\Steam\Steam.exe:*:Enabled:Steam
File not found -- E:\SIERRA\Half-Life\svchost.exe:*:Enabled:Half-Life Launcher
File not found -- C:\Program Files\Diablo II\Diablo II.exe:*:Enabled:Diablo II
File not found -- C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv
File not found -- C:\Program Files\Diablo II\Loader 1.11b.exe:*:Enabled:Diablo II
[2008/09/25 10:25:08 | 01,568,768 | ---- | M] (ExtremEdge Co.) -- C:\Program Files\PLDTPlay\ServerScout\ServerScout.exe:*:Enabled:ServerScout
File not found -- C:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2
[2007/11/18 17:04:29 | 00,110,592 | ---- | M] (Nexon) -- C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
File not found -- C:\Program Files\KartRider\NMService.exe:*:Enabled:Nexon Messenger Core
[2008/03/14 22:44:59 | 00,106,496 | ---- | M] () -- C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe:*:Enabled:GG E-Sports Platform Client
[2007/12/03 21:23:57 | 00,274,432 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
[2005/08/10 00:45:14 | 00,081,920 | ---- | M] (Valve) -- C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher
File not found -- C:\Program Files\TDU\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited
File not found -- C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited
[2005/08/10 00:45:07 | 00,397,312 | ---- | M] (Valve) -- C:\Program Files\Valve\hlds.exe:*:Enabled:HLDS Launcher
[2005/08/10 00:45:07 | 00,221,184 | ---- | M] (Valve) -- C:\Program Files\Valve\hltv.exe:*:Enabled:HLTV Launcher
[2005/11/16 19:45:22 | 00,161,792 | ---- | M] (Adobe Systems Incorporated ) -- C:\Program Files\Adobe\Adobe After Effects 7.0\Support Files\AfterFX.exe:*:Enabled:Adobe After Effects
[2008/10/08 00:22:55 | 03,211,776 | ---- | M] (Garena Interactive PTE LTD) -- C:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe:*:Enabled:Garena
[2007/03/07 18:27:12 | 00,567,384 | ---- | M] (www.sopcast.com) -- C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
[2008/03/10 13:17:30 | 01,888,256 | ---- | M] (www.sopcast.com) -- C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
File not found -- G:\Program Files\Steam\SteamApps\gameoverrr\dedicated server\hlds.exe:*:Enabled:HLDS Launcher
[2005/08/10 00:45:14 | 00,081,920 | ---- | M] (Valve) -- C:\Program Files\Valve CS 1.6 For Movie\hl.exe:*:Enabled:Half-Life Launcher
[2005/08/10 00:45:07 | 00,397,312 | ---- | M] (Valve) -- C:\Program Files\Valve CS 1.6 For Movie\hlds.exe:*:Enabled:HLDS Launcher
File not found -- C:\Program Files\THQ\Titan Quest Immortal Throne\Tqit.exe:*:Enabled:Tqit
File not found -- C:\Program Files\Diablo II\d2loader(110).exe:*:Enabled:Diablo II
[2006/11/23 23:45:34 | 02,076,672 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
[2008/07/23 00:59:42 | 00,794,624 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server
[2008/10/09 08:47:08 | 03,098,448 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2007/03/14 19:05:44 | 14,672,448 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\Program Files\Steam\SteamApps\gameoverrr\counter-strike\hl.exe:*:Enabled:Half-Life Launcher

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/04 13:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series"=Canon MP140 series
"{13B792AA-C078-43A4-8A3A-8B12D629940D}"=Counter-Strike 1.6
"{14298AFE-9001-9CFB-595E-38BB3DCB25D3}"=ccc-utility
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1BA6EE26-3358-B634-FD05-D07C964EE944}"=Skins
"{219CB444-F2B6-4A17-8A76-BB7847F3DB26}"=Sony DVD Architect 4.0
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{251C3815-7A55-4607-A82D-C3B98F0FBAB8}"=Sony Vegas 7.0
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}"=ATI Parental Control & Encoder
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}"=JRAID
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}"=ATI HYDRAVISION
"{4F55E486-4EDE-A879-B6CC-0B07DD475540}"=Catalyst Control Center Graphics Light
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6C117F31-28A8-4477-BE91-64AC0A2204AD}"=Microsoft IntelliPoint 6.01
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}"=Sony Media Manager 2.2
"{746E4937-CC0E-C8A2-CEF3-41774D227847}"=Catalyst Control Center Graphics Full Existing
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}"=overland
"{786C5747-1033-0000-B58E-000000000001}"=Adobe Stock Photos 1.0
"{786C5747-1437-443D-B06E-79A00FE45110}"=Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{80A1F948-2D8E-7C25-87AA-6D8294334A5D}"=Catalyst Control Center Core Implementation
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}"=GG E-Sports Platform
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A50284B-6426-2FDF-48BD-0895482344E8}"=CCC Help English
"{8B3F4499-32E6-470D-8586-E6C03420F889}"=ASUS WiFi-AP Solo
"{8D2B09E2-6B04-4960-B780-4B0CE90780EE}"=LightScribe 1.4.39.1
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}"=Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}"=Adobe Help Center 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{983CE4AE-052A-4AD6-92ED-177DFC85DAE5}"=Warcraft III 1.22 Patch
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support
"{AB90749C-7422-4580-8A7A-66CC5E9E5F98}"=iTunes
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}"=Adobe Bridge 1.0
"{B74D4E10-0000-0000-0000-EDED00000102}"=Adobe ExtendScript Toolkit 1.0
"{B93F0E87-FBDB-097E-5DCA-FF99110F26E0}"=Catalyst Control Center Graphics Previews Common
"{C04ED833-89A3-BC13-BAE3-96FDD56933F9}"=Catalyst Control Center Graphics Full New
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}"=AVIVO Codecs
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}"=Marvell Miniport Driver
"{CB20D3BC-6C7C-A9CA-D679-914240CDA0D3}"=ccc-core-static
"{CC419DDC-E0F0-4013-B25A-6FA036516F0D}"=Need for Speed™ ProStreet
"{CDC31D08-9789-2554-2670-C33BC49F0DD3}"=ccc-core-static
"{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}"=On2 VP7 Personal Edition
"{DD362256-A7A2-4524-9457-213DDC2AFC2A}"=Adobe After Effects 7.0
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}"=ScanSoft OmniPage SE 4
"{E09B48B5-E141-427A-AB0C-D3605127224A}"=Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F3ECED46-91CC-4F44-9917-9A20085D5D26}"=Debugging Tools for Windows
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}"=PC Probe II
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}"=Catalyst Control Center - Branding
"{FE2881D8-236B-6B25-2C5A-74CFB00F2756}"=ccc-core-preinstall
"7-Zip"=7-Zip 4.42
"Adobe After Effects 7.0"=Adobe After Effects 7.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"Azureus"=Azureus
"BGC-WUCF1201 series"=BGC-WUCF1201 series
"Cablenut"=Cablenut 4.08
"CANONIJPLM100"=PIXMA Extended Survey Program
"CCleaner"=CCleaner (remove only)
"Counter-Strike Condition Zero"=Counter-Strike Condition Zero
"dBpowerAMP Music Converter"=dBpowerAMP Music Converter
"Drum Machine"=Drum Machine 1.34 BETA
"Easy-LayoutPrint"=Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"ffdshow_is1"=ffdshow [rev 1723] [2007-12-24]
"FLV Player2.0 "=FLV Player
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1"=FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108
"Fraps"=Fraps (remove only)
"Frets on Fire - Alarian mod 2.7"=Frets on Fire - Alarian mod 2.7
"HijackThis"=HijackThis 2.0.2
"HyperIM"=HyperIM 2.14
"KLiteCodecPack_is1"=K-Lite Codec Pack 2.27 Full
"LGPDetails"=LGP Details Property Sheet
"LimeWire"=LimeWire PRO 4.8.1
"Magic ISO Maker v5.4 (build 0251)"=Magic ISO Maker v5.4 (build 0251)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"mIRC"=mIRC
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MP Navigator 3.1"=Canon MP Navigator 3.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey"=Nero OEM
"OpenAL"=OpenAL
"RegistryBooster 2_is1"=Uniblue RegistryBooster 2
"RocketDock_is1"=RocketDock 1.3.1
"Scramby_is1"=Scramby 1.5.24.0
"ServerScout 0.9w"=ServerScout 0.9w
"SopCast"=SopCast 3.0.0
"SystemRequirementsLab"=System Requirements Lab
"Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2
"TVersity Codec Pack"=TVersity Codec Pack 1.2
"TVersity Media Server "=TVersity Media Server 1.0.0.3 RC2
"VistaMizer"=VistaMizer 2.2.1.0
"VLC media player"=VideoLAN VLC media player 0.8.6c
"Vuze"=Vuze
"WIC"=Windows Imaging Component
"WindowBlinds"=WindowBlinds
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"WinPcapInst"=WinPcap 4.0
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire"=Xfire (remove only)
"XviD"=XviD MPEG-4 Codec
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Customizations"=Yahoo! Browser Services
"Yahoo! Extras"=Yahoo! Browser Services
"Yahoo! Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Toolbar"=Yahoo! Toolbar
"YInstHelper"=Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ServerScout"=ServerScout
"Warcraft III"=Warcraft III: All Products

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-343818398-115176313-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ServerScout"=ServerScout
"Warcraft III"=Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/17/2008 2:40:16 PM | Computer Name = ME-D540C9640DBB | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3188, faulting module
msvcr80.dll, version 8.0.50727.762, fault address 0x0004ef67.

Error - 10/17/2008 3:52:31 PM | Computer Name = ME-D540C9640DBB | Source = Application Error | ID = 1000
Description = Faulting application mirc.exe, version 6.21.0.0, faulting module user32.dll,
version 5.1.2600.2180, fault address 0x0000a07a.

Error - 10/18/2008 11:28:38 AM | Computer Name = ME-D540C9640DBB | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3188, faulting module
msvcr80.dll, version 8.0.50727.762, fault address 0x0004ef67.

Error - 10/18/2008 12:08:54 PM | Computer Name = ME-D540C9640DBB | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3188, faulting module
msvcr80.dll, version 8.0.50727.762, fault address 0x0004ef67.

Error - 10/18/2008 1:58:14 PM | Computer Name = ME-D540C9640DBB | Source = Application Error | ID = 1000
Description = Faulting application mirc.exe, version 6.21.0.0, faulting module user32.dll,
version 5.1.2600.2180, fault address 0x0000a07a.

Error - 10/20/2008 1:04:58 PM | Computer Name = ME-D540C9640DBB | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3188, faulting module
msvcr80.dll, version 8.0.50727.762, fault address 0x0004ef67.

Error - 10/20/2008 1:46:22 PM | Computer Name = ME-D540C9640DBB | Source = Application Error | ID = 1000
Description = Faulting application mirc.exe, version 6.21.0.0, faulting module user32.dll,
version 5.1.2600.2180, fault address 0x0000a07a.

Error - 10/21/2008 4:27:12 AM | Computer Name = ME-D540C9640DBB | Source = Application Error | ID = 1000
Description = Faulting application mirc.exe, version 6.21.0.0, faulting module user32.dll,
version 5.1.2600.2180, fault address 0x0000a07a.

Error - 10/21/2008 7:07:44 AM | Computer Name = ME-D540C9640DBB | Source = Application Error | ID = 1000
Description = Faulting application mirc.exe, version 6.21.0.0, faulting module user32.dll,
version 5.1.2600.2180, fault address 0x0000a07a.

Error - 10/22/2008 12:24:31 PM | Computer Name = ME-D540C9640DBB | Source = Application Error | ID = 1000
Description = Faulting application mirc.exe, version 6.21.0.0, faulting module user32.dll,
version 5.1.2600.2180, fault address 0x0000a07a.

[ System Events ]
Error - 10/23/2008 9:15:37 AM | Computer Name = ME-D540C9640DBB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 10/23/2008 9:16:00 AM | Computer Name = ME-D540C9640DBB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 10/23/2008 9:16:00 AM | Computer Name = ME-D540C9640DBB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 10/23/2008 9:16:00 AM | Computer Name = ME-D540C9640DBB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 10/23/2008 9:16:00 AM | Computer Name = ME-D540C9640DBB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 10/23/2008 9:16:20 AM | Computer Name = ME-D540C9640DBB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 10/23/2008 9:44:34 AM | Computer Name = ME-D540C9640DBB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 10/23/2008 9:55:47 AM | Computer Name = ME-D540C9640DBB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 10/23/2008 9:55:57 AM | Computer Name = ME-D540C9640DBB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 10/23/2008 9:57:59 AM | Computer Name = ME-D540C9640DBB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}


< End of report >

---

Kaspersky Log

KASPERSKY ONLINE SCANNER 7 REPORT
Friday, October 24, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, October 24, 2008 05:46:52
Records in database: 1341581
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
F:\
H:\
I:\
Scan statistics
Files scanned 192394
Threat name 6
Infected objects 15
Suspicious objects 0
Duration of the scan 02:06:28

File name Threat name Threats count
c:\Program Files\Scoop2004\mirc.exe/c:\Program Files\Scoop2004\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\Documents and Settings\me\Application Data\Uniblue\SpyEraser\Quarantine\Adware.WindUpdates.MediaAccess_01_04_2008_16_22_44.asq11478 Infected: not-a-virus:AdWare.Win32.WinAD.af 1
C:\Documents and Settings\me\Application Data\Uniblue\SpyEraser\Quarantine\Adware.WindUpdates.MediaAccess_01_04_2008_16_22_44.asq15724 Infected: not-a-virus:AdWare.Win32.WinAD.af 1
C:\Documents and Settings\me\Application Data\Uniblue\SpyEraser\Quarantine\Adware.WindUpdates.MediaAccess_01_04_2008_16_22_44.asq19169 Infected: not-a-virus:AdWare.Win32.WinAD.af 1
C:\Documents and Settings\me\Application Data\Uniblue\SpyEraser\Quarantine\Downloader.SpyGame_01_04_2008_16_22_44.asq26962 Infected: not-a-virus:Downloader.Win32.SpyGame 1
C:\Documents and Settings\me\Application Data\Uniblue\SpyEraser\Quarantine\Downloader.SpyGame_18_04_2008_13_24_25.asq18467 Infected: not-a-virus:Downloader.Win32.SpyGame 1
C:\Documents and Settings\me\Application Data\Uniblue\SpyEraser\Quarantine\PUP.UnclassifiedProgram.B_01_04_2008_16_22_43.asq18467 Infected: not-a-virus:AdWare.Win32.180Solutions 1
C:\Documents and Settings\me\Application Data\Uniblue\SpyEraser\Quarantine\PUP.UnclassifiedProgram.B_01_04_2008_16_22_43.asq26500 Infected: not-a-virus:AdWare.Win32.180Solutions 1
C:\Documents and Settings\me\Application Data\Uniblue\SpyEraser\Quarantine\PUP.UnclassifiedProgram.B_01_04_2008_16_22_43.asq41 Infected: not-a-virus:AdWare.Win32.180Solutions 1
C:\Documents and Settings\me\Application Data\Uniblue\SpyEraser\Quarantine\PUP.UnclassifiedProgram.B_01_04_2008_16_22_43.asq6334 Infected: not-a-virus:AdWare.Win32.180Solutions 1
C:\Documents and Settings\me\Application Data\Uniblue\SpyEraser\Quarantine\Trojan.BHO.NOVO_01_04_2008_16_22_44.asq29358 Infected: not-a-virus:AdWare.Win32.SmartPops.c 1
C:\Downloads\Installers\Misc\ATMA_Installer.zip Infected: not-a-virus:AdWare.Win32.DealHelper.ah 1
C:\Downloads\Installers\Misc\mirc621.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\Program Files\Scoop2004\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
The selected area was scanned.

--

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:21 PM

Posted 25 October 2008 - 05:40 PM

Hello, magtatertots.
We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "0aMCPClient"=-
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16d352cb-4da4-11dd-9ed2-0017316e8a15}]
    :files
    C:\Downloads\Installers\Misc\ATMA_Installer.zip
    C:\Documents and Settings\me\Application Data\Uniblue\SpyEraser\Quarantine\*
    :commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 10...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows" (OR if you are on a x64 system, "Windows x64")
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs (Or "Uninstall a Program" on Vista) and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe (Or jre-6u10-windows-x64.exe for x64 systems)
  • Follow the on screen instructions to install the latest Java version.
We need to clear out some temporary data.
Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

You Need to Update Windows (And other Microsoft Software)
Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

If you are using Windows XP or earlier
Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

If you are using Windows Vista
  • Click the "Start Menu" (or Windows Orb)
  • Click "All Programs"
  • Click "Windows Update"
  • On the left, choose "Change Settings"
  • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
  • Press OK and accept the UAC prompt.
    Note: You shouldn't need to check this checkbox every single time you update, only the first time.
  • Click "Check for Updates" in the upper left corner.
  • Follow the instructions to install the latest updates.
  • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
In your next reply, please include the following:
  • OTMoveIt3's Log
  • ESET OnlineScan's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 magtatertots

magtatertots
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 26 October 2008 - 04:29 AM

hi! here are the logs

OtMoveIt3

========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\0aMCPClient deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16d352cb-4da4-11dd-9ed2-0017316e8a15}\\ deleted successfully.
========== FILES ==========
File/Folder C:\Downloads\Installers\Misc\ATMA_Installer.zip not found.
File/Folder C:\Documents and Settings\me\Application Data\Uniblue\SpyEraser\Quarantine\* not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\me\LOCALS~1\Temp\etilqs_ok4oXD7wGVO40SppEwOx scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\me\LOCALS~1\Temp\fla18.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\me\LOCALS~1\Temp\Perflib_Perfdata_cb0.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\cqnjzlff.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\cqnjzlff.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\cqnjzlff.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\cqnjzlff.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\cqnjzlff.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10262008_120825

--

Eset Online Scanner

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3555 (20081025)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=efaaa3ec409244408093d915007ee6e4
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-10-26 05:30:10
# local_time=2008-10-26 01:30:10 (+0800, W. Australia Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=623186
# found=1
# scan_time=3775
C:\Mp3\Camp Rock Soundtrack(Retail Version)\Camp Rock Soundtrack(Retail Version)\Camp Rock Soundtrack - 05 Too Cool - Tess.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) A1CD7167BE1EF4DC6DE29852B1520662


--

New HiJackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:09 PM, on 10/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Scramby\ScrambyServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{72E314BF-4AFF-41B2-87FB-96182EBF9EC0}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Scramby Service (ScrambySrv) - RapidSolution - C:\Program Files\Scramby\ScrambyServer.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 5238 bytes

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:21 PM

Posted 26 October 2008 - 09:26 PM

That looks better. How are things running?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 magtatertots

magtatertots
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 27 October 2008 - 04:58 AM

everything's fine thanks :thumbsup:

theres still the illegal dll thing whenever i open up itunes and i cant even reinstall or update it because of the error.

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:21 PM

Posted 28 October 2008 - 03:30 PM

What is the name of the DLL mentioned? Can you post a screenshot of the error dialog?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:21 PM

Posted 01 November 2008 - 05:43 PM

Hello, magtatertots.
Are you still here?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 magtatertots

magtatertots
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 02 November 2008 - 04:13 AM

hi sorry for the late reply here's the screenshot

Posted Image

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:21 PM

Posted 02 November 2008 - 07:55 PM

Hello, magtatertots.
It looks like that file may have been patched in some way. Please upload it using the instructions below:

Please Set Your System to Show Hidden Files
If you are using Windows XP or earlier:
  • Go to Start -> My Computer (Or click the My Computer icon on your desktop)
  • Go to the Tools Menu -> Folder Options.
  • Select the "View" tab.
  • Where you see Posted Image, click the Posted Image radio button.
  • Uncheck "Hide extensions for known file types"
  • Uncheck "Hide protected operating system files"
  • Click Ok.
  • Exit/Close My Computer.
If you are using Windows Vista:
  • Please go to Start -> Computer
  • Click on Posted Image
  • Click on Posted Image
  • Select the "View" tab.
  • Where you see Posted Image, click the Posted Image radio button.
  • Uncheck "Hide extensions for known file types"
  • Uncheck "Hide protected operating system files"
  • Click Ok.
  • Exit/Close My Computer.
We need to upload a file for further inspection
  • Please go to this page.
  • Where it asks for the "Link to where the file was requested" copy and paste in
    http://www.bleepingcomputer.com/forums/t/173331/infected-with/
  • Where it says "Browse to the file you want to submit", browse to
    C:\Windows\System32\user32.dll
  • Press the Posted Image button.
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 magtatertots

magtatertots
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 04 November 2008 - 09:00 PM

done uploading :thumbsup:

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:21 PM

Posted 05 November 2008 - 09:31 PM

Hello, magtatertots.
Alrighty... that one's legit. I'm sorry.. I thought I had put both in the instructions. :thumbsup:

We need to upload a file for further inspection
  • Please go to this page.
  • Where it asks for the "Link to where the file was requested" copy and paste in
  • Where it says "Browse to the file you want to submit", browse to
    C:\Windows\System32\setupapi.dll
  • Press the Posted Image button.
Billy3

Edited by Billy O'Neal, 05 November 2008 - 09:31 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users